From konve at LOGOUT.CZ  Wed Sep  1 08:36:19 2004
From: konve at LOGOUT.CZ (Dalimil Gala)
Date: Thu Jan 12 21:26:44 2006
Subject: Qmail ?
Message-ID: <mailman.1344.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Dennis,

try to install the latest OpenProtect package and join our mailing list 
at https://lists.sourceforge.net/lists/listinfo/opencomputing-openprotect
There were queuing problems using qmail with openprotect-5.0.1.6 but the 
new version 5.0.1.7 should be fixed.

Dalimil Gala

Dennis Robert Kelbert wrote:

>I have read at all..and configuring too.. but nothing happens the emails
>going to queue.in/messand dont leave...
>
>but i´m trying to see the opencomputing.sourceforge.net.
>perhapsthis helps...i think...
>
>=P Thanks
>
>  
>
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at BARENDSE.TO  Wed Sep  1 08:43:53 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners
Message-ID: <mailman.1345.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hmm, I already wanted to try this for some time guess I need to take the
plunge in the deep.

I am not confident about patching spamass so will try 3.00-rc2.

Is there anything that needs to be done other than the usual installation
instruction: perl Makefile.PL, make, make test, make install?

On the SpamAss site it says that the SURBL is a 'plugin', in other words
do I need to plug it in? :)

Maybe this should be an item for the FAQ :)




On Mon, 30 Aug 2004, Raymond Dijkxhoorn wrote:

> Hi!
>
>> we are getting flooded with one line spam e-mails.
>>
>> the text in the body is always something offtopic like:
>> http://uhcaoh.MUNGED-bbcefln.info/?NujAPBhLRRoK6Nhwddbfw
>> cid:part1.06020902.07090004@wbgvncslsqmhk@yahoo.com
>> Books Kid Rock Loft Story children are
>> BACK TO learned of
>>
>> but the actual spam is in the gif file attached to it.
>>
>> Is anyone else seeing this, how can I stop it?
>>
>> I am using MailScanner, rules_du_jour (with every available list), DCC and
>> SpamAss 2.63
>
> Its listed in at least a couple of SURBL's, so if you start using that you
> most likely wont see those againb...
>
> bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner-user at NELAND.DK  Wed Sep  1 08:44:58 2004
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:26:44 2006
Subject: attach DENY FIRST
Message-ID: <mailman.1346.1137101204.24926.mailscanner@lists.mailscanner.info>

Dennis Robert Kelbert <suporte@SETINET.COM.BR> wrote:
> Hello everybody...
>
> What i need to do , if I want to block all possible attachments(like
> \.*), and then making rules for accept the attachments that i really
> need..?

Your logic should be reversed.
If you first block all, then you cant afterward allow any

First allow the ones you want, then block all the rest

That is, when a rule is matched, the rest is not looked at.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 08:45:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1347.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
All changed.

Anyone got any comments to the contrary, particularly on the Charset setting?

At 21:35 31/08/2004, you wrote:
>Julian,
>    Whilst on the subject, I would lobby you to change the defaults
>on the following parameters too:
>
>Quarantine Silent Viruses from "yes" to "no".
>
>    Why waste disk space quarantining stuff that is all bogus?
>
>Notices Include Full Headers from "no" to "yes".
>
>    IMHO, a sysadmin can't do much in terms of tracking down information
>    on a message without the full mail headers and the message ID.  So
>    notices without the full mail headers are pretty useless...
>
>Attachment Encoding Charset from "us-ascii" to "ISO-8859-1"
>
>    This one is probably controversial among mailscanner users.
>    Even us Americans have to deal with languages that use accents and
>    that eighth bit, especially in higher education settings.  My charset
>    in both MS and sendmail (DefaultCharSet) have been defined as
>    ISO-8859-1 for a long time with no complaints.  What charsets
>    do other sites use in MS and their MTA, especially non-US sites?
>
>Jeff Earickson
>Colby College
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 08:47:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: attach DENY FIRST
Message-ID: <mailman.1348.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:40 31/08/2004, you wrote:
>Hello everybody...
>
>What i need to do , if I want to block all possible attachments(like \.*),
>and then making rules for accept the attachments that i really need..?

Just make the last allow/deny rule in the filename.rules.conf file
deny    \.      Deny everything         We deny everything

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 08:52:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners
Message-ID: <mailman.1349.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:43 01/09/2004, you wrote:
>Hmm, I already wanted to try this for some time guess I need to take the
>plunge in the deep.
>
>I am not confident about patching spamass so will try 3.00-rc2.
>
>Is there anything that needs to be done other than the usual installation
>instruction: perl Makefile.PL, make, make test, make install?
>
>On the SpamAss site it says that the SURBL is a 'plugin', in other words
>do I need to plug it in? :)

 From doing a quick grep, it's included.

The "make test" phase should show it being tested out.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep  1 08:53:02 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners
Message-ID: <mailman.1350.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi!

> Is there anything that needs to be done other than the usual installation
> instruction: perl Makefile.PL, make, make test, make install?

You need to convert your bayes db's, but all is in the doku...

> On the SpamAss site it says that the SURBL is a 'plugin', in other words
> do I need to plug it in? :)

No. Will work right away in the default install.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Christo at IT4AFRICA.CO.ZA  Wed Sep  1 09:14:41 2004
From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1351.1137101204.24926.mailscanner@lists.mailscanner.info>

> Hi!
>
> > Is there anything that needs to be done other than the usual
> > installation
> > instruction: perl Makefile.PL, make, make test, make install?
>
> You need to convert your bayes db's, but all is in the doku...

Just a note

I have tried SA 3 Install as per Julian Yesterday. After upgrading the bayes
DB I got a error that is cannot read db ver 0

I had to go back to SA 2.64 and restore my Bayes DB to get is running again.

I'm running fc1 latest MS

>
> > On the SpamAss site it says that the SURBL is a 'plugin', in other
> > words do I need to plug it in? :)
>
> No. Will work right away in the default install.
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> MailScanner thanks transtec Computers for their support.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From m.sapsed at BANGOR.AC.UK  Wed Sep  1 09:16:41 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:44 2006
Subject: [OT] HTML emails
Message-ID: <mailman.1352.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon :: Blacknight Solutions wrote:
> Is there anyway that the list could disable HTML emails?

My recollection of discussions with the JISCMail team in relation to
other lists I (co)manage, I seem to recall that they do have an option
to refuse HTML messages outright. It's up to Julian to decide whether
that's a line he wants to take. IIRC, what they can't do is strip out
the HTML version and leave the plain-text one (assuming there is one)
which would be nice...

> They're a real PITA

In general I agree. I gather they're a real nightmare for people who
take the list in digest form...

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Sep  1 09:26:25 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1353.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I just wipe out my bayes databases, have enough honeypots running to
quickly rebuild them at lightning speed :)

I'm now trying to figure out which perl modules are missing for this
feature to work :)

On Wed, 1 Sep 2004, Christo Bezuidenhout wrote:

>> Hi!
>>
>>> Is there anything that needs to be done other than the usual
>>> installation
>>> instruction: perl Makefile.PL, make, make test, make install?
>>
>> You need to convert your bayes db's, but all is in the doku...
>
> Just a note
>
> I have tried SA 3 Install as per Julian Yesterday. After upgrading the bayes
> DB I got a error that is cannot read db ver 0
>
> I had to go back to SA 2.64 and restore my Bayes DB to get is running again.
>
> I'm running fc1 latest MS
>
>>
>>> On the SpamAss site it says that the SURBL is a 'plugin', in other
>>> words do I need to plug it in? :)
>>
>> No. Will work right away in the default install.
>>
>> Bye,
>> Raymond.
>>
>> ------------------------ MailScanner list
>> ------------------------ To unsubscribe, email
>> jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ
>> (http://www.mailscanner.biz/maq/) and the archives
>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> --
>> This message has been scanned for viruses and dangerous
>> content by MailScanner, and is believed to be clean.
>> MailScanner thanks transtec Computers for their support.
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 09:28:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: [OT] HTML emails
Message-ID: <mailman.1354.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:16 01/09/2004, you wrote:
>Michele Neylon :: Blacknight Solutions wrote:
>>Is there anyway that the list could disable HTML emails?
>
>My recollection of discussions with the JISCMail team in relation to
>other lists I (co)manage, I seem to recall that they do have an option
>to refuse HTML messages outright. It's up to Julian to decide whether
>that's a line he wants to take. IIRC, what they can't do is strip out
>the HTML version and leave the plain-text one (assuming there is one)
>which would be nice...

I would rather not refuse HTML outright. One of the advantages of
MailScanner over other competing packages is that it is easier to install
and manage. As a result, there are some very inexperienced people using
MailScanner, who don't understand the problem of HTML in digests and
probably never will. I would not like to exclude those people from being
able to ask for help on the list. Never forget that we all had to start
somewhere. The more people using MailScanner to protect themselves and
others, the better. We should not exclude anyone from taking part in a
discussion or from asking for help from the more experienced among us.

>>They're a real PITA
>
>In general I agree. I gather they're a real nightmare for people who
>take the list in digest form...

I agree with this, but we shouldn't exclude people because they "don't
understand".
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep  1 09:29:14 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1355.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi!

> I'm now trying to figure out which perl modules are missing for this
> feature to work :)

If you install via CPAN it gets them all... you have Net::DNS installed i
guess? (Latest version).

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 09:37:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1356.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:26 01/09/2004, you wrote:
>I just wipe out my bayes databases, have enough honeypots running to
>quickly rebuild them at lightning speed :)
>
>I'm now trying to figure out which perl modules are missing for this
>feature to work :)

Do you have the Berkeley DB library installed? Without it, DB_File doesn't
have a chance.


>On Wed, 1 Sep 2004, Christo Bezuidenhout wrote:
>
>>>Hi!
>>>
>>>>Is there anything that needs to be done other than the usual
>>>>installation
>>>>instruction: perl Makefile.PL, make, make test, make install?
>>>
>>>You need to convert your bayes db's, but all is in the doku...
>>
>>Just a note
>>
>>I have tried SA 3 Install as per Julian Yesterday. After upgrading the bayes
>>DB I got a error that is cannot read db ver 0
>>
>>I had to go back to SA 2.64 and restore my Bayes DB to get is running again.
>>
>>I'm running fc1 latest MS
>>
>>>
>>>>On the SpamAss site it says that the SURBL is a 'plugin', in other
>>>>words do I need to plug it in? :)
>>>
>>>No. Will work right away in the default install.
>>>
>>>Bye,
>>>Raymond.
>>>
>>>------------------------ MailScanner list
>>>------------------------ To unsubscribe, email
>>>jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ
>>>(http://www.mailscanner.biz/maq/) and the archives
>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>--
>>>This message has been scanned for viruses and dangerous
>>>content by MailScanner, and is believed to be clean.
>>>MailScanner thanks transtec Computers for their support.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep  1 09:46:59 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: [OT] HTML emails
Message-ID: <mailman.1357.1137101204.24926.mailscanner@lists.mailscanner.info>

>> My recollection of discussions with the JISCMail team in relation to
>> other lists I (co)manage, I seem to recall that they do have an
>> option to refuse HTML messages outright. It's up to Julian to decide
>> whether that's a line he wants to take. IIRC, what they can't do is
>> strip out the HTML version and leave the plain-text one (assuming
>> there is one) which would be nice...

Stripping out the HTML would be ideal. I wouldn't be in favour of rejecting
messages

Some of the HTML heavy emails that are being sent to the list are painful to
deal with, though I do have a couple of plugins for outlook that make it
that bit easier in office hours, while Evolution does a lovely job of
handling them in the evening.

M


Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  1 10:00:52 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1358.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Probably not, just upgraded to the latest MailScanner (could we put these
modules in the install.sh script?)

I guess I shouldn't get this either:

# perl -MCPAN -e shell
Can't locate CPAN.pm in @INC (@INC contains:
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .).
BEGIN failed--compilation aborted.




On Wed, 1 Sep 2004, Julian Field wrote:

> At 09:26 01/09/2004, you wrote:
>> I just wipe out my bayes databases, have enough honeypots running to
>> quickly rebuild them at lightning speed :)
>>
>> I'm now trying to figure out which perl modules are missing for this
>> feature to work :)
>
> Do you have the Berkeley DB library installed? Without it, DB_File doesn't
> have a chance.
>
>
>> On Wed, 1 Sep 2004, Christo Bezuidenhout wrote:
>>
>>>> Hi!
>>>>
>>>>> Is there anything that needs to be done other than the usual
>>>>> installation
>>>>> instruction: perl Makefile.PL, make, make test, make install?
>>>>
>>>> You need to convert your bayes db's, but all is in the doku...
>>>
>>> Just a note
>>>
>>> I have tried SA 3 Install as per Julian Yesterday. After upgrading the
>>> bayes
>>> DB I got a error that is cannot read db ver 0
>>>
>>> I had to go back to SA 2.64 and restore my Bayes DB to get is running
>>> again.
>>>
>>> I'm running fc1 latest MS
>>>
>>>>
>>>>> On the SpamAss site it says that the SURBL is a 'plugin', in other
>>>>> words do I need to plug it in? :)
>>>>
>>>> No. Will work right away in the default install.
>>>>
>>>> Bye,
>>>> Raymond.
>>>>
>>>> ------------------------ MailScanner list
>>>> ------------------------ To unsubscribe, email
>>>> jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ
>>>> (http://www.mailscanner.biz/maq/) and the archives
>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> --
>>>> This message has been scanned for viruses and dangerous
>>>> content by MailScanner, and is believed to be clean.
>>>> MailScanner thanks transtec Computers for their support.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 10:22:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1359.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:00 01/09/2004, you wrote:
>Probably not, just upgraded to the latest MailScanner (could we put these
>modules in the install.sh script?)
>
>I guess I shouldn't get this either:
>
># perl -MCPAN -e shell
>Can't locate CPAN.pm in @INC (@INC contains:

Eek! Your Perl installation is very badly broken.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Sep  1 10:35:48 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1360.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hmm I'll try doing rpm -Uvh on all perl rpms

Hope that will solve it

On Wed, 1 Sep 2004, Julian Field wrote:

> At 10:00 01/09/2004, you wrote:
>> Probably not, just upgraded to the latest MailScanner (could we put these
>> modules in the install.sh script?)
>>
>> I guess I shouldn't get this either:
>>
>> # perl -MCPAN -e shell
>> Can't locate CPAN.pm in @INC (@INC contains:
>
> Eek! Your Perl installation is very badly broken.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 11:18:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1361.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Are you running SuSE? If so, their automatic repair facility (just boot off
the CD) should be able to fix this for you.

At 10:35 01/09/2004, you wrote:
>Hmm I'll try doing rpm -Uvh on all perl rpms
>
>Hope that will solve it
>
>On Wed, 1 Sep 2004, Julian Field wrote:
>
>>At 10:00 01/09/2004, you wrote:
>>>Probably not, just upgraded to the latest MailScanner (could we put these
>>>modules in the install.sh script?)
>>>
>>>I guess I shouldn't get this either:
>>>
>>># perl -MCPAN -e shell
>>>Can't locate CPAN.pm in @INC (@INC contains:
>>
>>Eek! Your Perl installation is very badly broken.
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From suporte at SETINET.COM.BR  Wed Sep  1 12:42:49 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: attach DENY FIRST
Message-ID: <mailman.1362.1137101204.24926.mailscanner@lists.mailscanner.info>

So, Accept all attachments

allow   \.txt$                  -       -
deny    \.$     Deny Everything                         Deny Everything


So, deny all attachments
allow   \.txt$                  -       -
deny    \.     Deny Everything                         Deny Everything





----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 01, 2004 4:47 AM
Subject: Re: attach DENY FIRST


> At 23:40 31/08/2004, you wrote:
> >Hello everybody...
> >
> >What i need to do , if I want to block all possible attachments(like
\.*),
> >and then making rules for accept the attachments that i really need..?
>
> Just make the last allow/deny rule in the filename.rules.conf file
> deny    \.      Deny everything         We deny everything
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Wed Sep  1 12:52:56 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:44 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1363.1137101204.24926.mailscanner@lists.mailscanner.info>

Martin,
did you recomend me, turn off RBL's use this information in my
spam.assassin.prefs.conf

>score HABEAS_SWE 0.0
>
># don't do all the RBL's just orb and spamhause XBL - above
>score RCVD_IN_NJABL 0.0
>score RCVD_IN_NJABL_DIALUP 0.0
>score RCVD_IN_NJABL_MULTI 0.0
>score RCVD_IN_NJABL_PROXY 0.0
>score RCVD_IN_NJABL_RELAY 0.0
>score RCVD_IN_NJABL_SPAM 0.0
>score RCVD_IN_DYNABLOCK 0.0
>score RCVD_IN_OPM 0.0
>score RCVD_IN_OPM_WINGATE 0.0
>score RCVD_IN_OPM_SOCKS 0.0
>score RCVD_IN_OPM_HTTP 0.0
>score RCVD_IN_OPM_ROUTER 0.0
>score RCVD_IN_SORBS_BLOCK 0.0
>score RCVD_IN_DSBL 0.0
>score RCVD_IN_RFCI 0.0
>score DNS_FROM_RFCI_DSN 0.0
>#score RCVD_IN_SBL 0.0
>score HABEAS_VIOLATOR 0.0
>score RCVD_IN_BSP_TRUSTED 0.0
>score RCVD_IN_BSP_OTHER 0.0
>#######################################################################


and use sa-blacklist's and bigevil.cf?

and use spamcop-uri?


-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
nombre de Martin Hepworth
Enviado el: martes, 31 de agosto de 2004 14:41
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: SpamAssassin timed out and was killed
Importancia: Alta


Ricardo

normally timeouts are a result of the RBL's not getting their
information quickly enought.

I turn most of them off by giving them a zero score in my
spam.assassin.prefs.conf (see a post last week from me on this).

BUT if you are using bigevil.cf and the sa-blacklist's you'll be
increasing the processing requireed by a huge amount as they are massive
files. You'd be better off using the www.sorbl.org alternatives via the
spamcop-uri plug-in.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ricardo Luis Cañavate wrote:
> First sorry for my English and thanks in advanced.
>
> Hi Friends,
> Lately, I try to optimize my MailSacanner setting up some rules for
> spamassassin downloading from
> http://wiki.apache.org/spamassassin/CustomRulesets and copying them into
> /etc/mail/spamassassin/, first the system works well, fine, fantastic!!
> stop all the spam, but .. after 24 hours of good work, more or less,
> mailscanner doesn't process the messages of the inbound queue and the
> logging shows some messages like these:
>
> servnozar MailScanner[15301]: SpamAssassin timed out and was killed,
> consecutive failure 5 of 20
> servnozar MailScanner[15301]: RBL Check ORDB-RBL timed out and was
> killed, consecutive failure 1 of 7
>
> I'm try to set up little value in "Max SpamAssassin Size" to try to load
> the less possible and  more time out for spamassassin in
> MailScanner.conf, but doesn't work.
>
> Thanks for all your support.
>
>
>
>
>
> *Ricardo Luis Cañavate García*
> Dpto. de Informática
> *NOZAR*/ Grupo Inmobiliario/
> Tel: 91 758 96 30 | Fax: 91 559 83 39
> *www.nozar.es* <http://www.nozar.es/>
>
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep  1 12:58:42 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1364.1137101204.24926.mailscanner@lists.mailscanner.info>

> and use sa-blacklist's and bigevil.cf?
If you want to be able to use your mail server DO NOT USE bigevil.cf



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  1 13:08:02 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:44 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1365.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ricardo

use the settings below in the file to turn off all but the SBL list..

Do *not* use blacklists and bigevil.cf, these are huge and increase 
memory use massively.

*Do* use spamcop-uri



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ricardo Luis Cañavate wrote:
> Martin,
> did you recomend me, turn off RBL's use this information in my
> spam.assassin.prefs.conf
> 
> 
>>score HABEAS_SWE 0.0
>>
>># don't do all the RBL's just orb and spamhause XBL - above
>>score RCVD_IN_NJABL 0.0
>>score RCVD_IN_NJABL_DIALUP 0.0
>>score RCVD_IN_NJABL_MULTI 0.0
>>score RCVD_IN_NJABL_PROXY 0.0
>>score RCVD_IN_NJABL_RELAY 0.0
>>score RCVD_IN_NJABL_SPAM 0.0
>>score RCVD_IN_DYNABLOCK 0.0
>>score RCVD_IN_OPM 0.0
>>score RCVD_IN_OPM_WINGATE 0.0
>>score RCVD_IN_OPM_SOCKS 0.0
>>score RCVD_IN_OPM_HTTP 0.0
>>score RCVD_IN_OPM_ROUTER 0.0
>>score RCVD_IN_SORBS_BLOCK 0.0
>>score RCVD_IN_DSBL 0.0
>>score RCVD_IN_RFCI 0.0
>>score DNS_FROM_RFCI_DSN 0.0
>>#score RCVD_IN_SBL 0.0
>>score HABEAS_VIOLATOR 0.0
>>score RCVD_IN_BSP_TRUSTED 0.0
>>score RCVD_IN_BSP_OTHER 0.0
>>#######################################################################
> 
> 
> 
> and use sa-blacklist's and bigevil.cf?
> 
> and use spamcop-uri?
> 
> 
> -----Mensaje original-----
> De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
> nombre de Martin Hepworth
> Enviado el: martes, 31 de agosto de 2004 14:41
> Para: MAILSCANNER@JISCMAIL.AC.UK
> Asunto: Re: SpamAssassin timed out and was killed
> Importancia: Alta
> 
> 
> Ricardo
> 
> normally timeouts are a result of the RBL's not getting their
> information quickly enought.
> 
> I turn most of them off by giving them a zero score in my
> spam.assassin.prefs.conf (see a post last week from me on this).
> 
> BUT if you are using bigevil.cf and the sa-blacklist's you'll be
> increasing the processing requireed by a huge amount as they are massive
> files. You'd be better off using the www.sorbl.org alternatives via the
> spamcop-uri plug-in.
> 
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> 
> Ricardo Luis Cañavate wrote:
> 
>>First sorry for my English and thanks in advanced.
>>
>>Hi Friends,
>>Lately, I try to optimize my MailSacanner setting up some rules for
>>spamassassin downloading from
>>http://wiki.apache.org/spamassassin/CustomRulesets and copying them into
>>/etc/mail/spamassassin/, first the system works well, fine, fantastic!!
>>stop all the spam, but .. after 24 hours of good work, more or less,
>>mailscanner doesn't process the messages of the inbound queue and the
>>logging shows some messages like these:
>>
>>servnozar MailScanner[15301]: SpamAssassin timed out and was killed,
>>consecutive failure 5 of 20
>>servnozar MailScanner[15301]: RBL Check ORDB-RBL timed out and was
>>killed, consecutive failure 1 of 7
>>
>>I'm try to set up little value in "Max SpamAssassin Size" to try to load
>>the less possible and  more time out for spamassassin in
>>MailScanner.conf, but doesn't work.
>>
>>Thanks for all your support.
>>
>>
>>
>>
>>
>>*Ricardo Luis Cañavate García*
>>Dpto. de Informática
>>*NOZAR*/ Grupo Inmobiliario/
>>Tel: 91 758 96 30 | Fax: 91 559 83 39
>>*www.nozar.es* <http://www.nozar.es/>
>>
>>
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> =========================================================================
> Usted recibe este mensaje porque su dirección e-mail se encuentra en 
> nuestra base de datos al haber tenido contactos anteriores con nosotros, 
> por lo que entendemos que contamos con su autorización para enviarle 
> información profesional. No obstante, si no desea seguir recibiéndola 
> basta con hacérnoslo saber.
> Este mensaje se dirige exclusivamente a su destinatario y puede contener 
> información privilegiada o confidencial. Si no es vd. el destinatario 
> indicado, queda notificado de que la utilización, divulgación y/o copia 
> sin autorización está prohibida en virtud de la legislación vigente. 
> Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
> inmediatamente por esta misma vía y proceda a su destrucción.
> 
> 
> You are receiving this message because your e-mail address is listed in 
> our database due to previous communications with us, 
> so we have assumed that we have your permission to send you professional 
> information. However, if you do not wish to continue to receive such 
> information then please let us know.
> This message is intended exclusively for its addressee and may contain 
> information that is CONFIDENTIAL and protected by professional privilege. 
> If you are not the intended recipient you are hereby notified that any 
> dissemination, copy or disclosure of this communication is strictly 
> prohibited by law. If this message has been received in error, please 
> immediately notify us via e-mail and delete it.
> =======================================================================
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Sep  1 13:53:45 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1366.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ing. Vicente Guerrero M. wrote:

> Hi all,
>
> Is there a way to store or qarantine all filename (or filetype) blocked
> messages with MailScanner? I'd like to check these blocked  attachments and
> then deliver to the original recipients if they are real mail.
> I searched trough the faq, maq, archive but nothing was found about this.
> Any help is appreciated.
>
> BTW, I'm using MS 4.29.7-1, SA 2.64 in a Red Hat 7.1 box.

Aren't they by default?  Mine does and I don't remember having changed
anything for it to work.

>
> Thanks.
>
> Vicente Guerrero
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rurqueta at MUNILASERENA.CL  Wed Sep  1 13:58:49 2004
From: rurqueta at MUNILASERENA.CL (Raul Urqueta S)
Date: Thu Jan 12 21:26:44 2006
Subject: in redhat 9
Message-ID: <mailman.1367.1137101204.24926.mailscanner@lists.mailscanner.info>

Si se crea una lista de MailScanner en español, quiere decir que hay que
inscribirse en otro lado?

-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En
nombre de Alex Neuman van der Hans
Enviado el: Martes, 31 de Agosto de 2004 18:41
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: in redhat 9

Si vamos a crear una lista de MailScanner en español, me anoto para 
ayudar en lo que pueda.

If we're going to create a MailScanner list in spanish, I'll join and 
help if possible.

En cualquier caso, definitivamente te sale mejor ponerle a tu server 
ClamAV+BitDefender; lo bueno es que uno es libre (Clam) y el otro es
gratis.

In any case, you're definitely better off installing ClamAV+BitDefender 
on your server; the good thing is that one is free (as in freedom) and 
the other is free (as in zero-cost).

greyhair wrote:

> Raul,
> 
> Did you see this?
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/121.html
> It directly relates to RedHat 9!
> 
> Sorry, hablo solamente inglés.
> Google trys to translate,(http://translate.google.com/translate_t)
> 
>
http://translate.google.com/translate?u=http%3A%2F%2Fwww.sng.ecs.soton.a
c.uk%2Fmailscanner%2Fserve%2Fcache%2F121.html&langpair=en%7Ces&hl=en&ie=
UTF8&oe=UTF8 
> 
> 
> 
> 
> Raul Urqueta S wrote:
> 
>> *somebody** can help me to configure the MailScanner with RedHat 9, 
>> and Uvscan? Step by step (in Spanish better)*
>>
>> *I cant do it work.*
>>
>> *I follow the steps in the page 
>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
>> don^Òt work*
>>
>> * *
>>
>> *Thanks*
>>
>> * *
>>
>> *Raul.-*
>>
>> ------------------------ MailScanner list ------------------------ To

>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep  1 14:36:12 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1368.1137101204.24926.mailscanner@lists.mailscanner.info>

> Aren't they by default?  Mine does and I don't remember
> having changed anything for it to work.

Ditto
I have no recollection of making any changes to the config for this

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From bovati at MONDADORI.COM  Wed Sep  1 14:45:32 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:44 2006
Subject: do sometime mailscanner fails recognizing Mabutu?
Message-ID: <mailman.1369.1137101204.24926.mailscanner@lists.mailscanner.info>

hi all,

sometime we receive emails with an attach (document.zip) that mailscanner
"Found to be clean" while the local antivirus finds a W32/Mabutu.a@MM!zip.

Strange behavior:
1) We forward the vired email and mailscanner still  "Found to be clean".
2) We save the attached file,  we send a new email and attach the previous
saved file (document.zip) then Mailscanner finds a W32/Mabutu.a@MM!zip


Any clue?
Thanks.
Mirko Bovati


on one installation:
mailscanner-4.12-2
AS2.1
sendmail-8.11.6-28.72
uvscan v4.3.20

on another installation:
mailscanner-4.32.5-1
AS2.1
sendmail-8.11.6-28.72
uvscan v4.3.20

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vguerrero at minar.com  Wed Sep  1 14:46:33 2004
From: vguerrero at minar.com (Vicente Guerrero M.)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1370.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi Ugo,

>
> Aren't they by default?  Mine does and I don't remember having changed
> anything for it to work.
>

I've checked the quarantine and I see the messages without attachments; my
system just delete the attachment and send a notice to postmaster. I've
checked the config file but I didn't found any command to store or
quarantine filename/filetype blocked attachments. May be I missed something,
or may be the version I'm usign is too old. I hope you (or anybody else) can
point me in the right direction to work this out. Thanks in advance.

Vicente

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Wed Sep  1 14:55:06 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:44 2006
Subject: OT: ClamAV v. ball-dropping Sophos
Message-ID: <mailman.1371.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Anyone who is using Sophos only should be aware that their update for
Troj/BagleD1-A (bagled-a.ide) came out a full FOUR hours after ClamAV
was detecting infected zips as Trojan.JS.RunMe.

Their second update for Troj/BagleD1-A came out 3.5 hours after ClamAV
was detecting infected zips as Trojan.Dropper.Small-11.

I installed ClamAV about a month ago.  I wish I had done it a year ago.
It's free, and if you aren't using it, you aren't doing much service to
your organization.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brentbolin at HOTMAIL.COM  Wed Sep  1 14:59:56 2004
From: brentbolin at HOTMAIL.COM (Brent Bolin)
Date: Thu Jan 12 21:26:44 2006
Subject: IFrame tag and script in html message
Message-ID: <mailman.1372.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Looking at this quarantined message, what kinds of stuff are spammers trying 
to do/execute ?

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<script language="JavaScript1.2" 
src="http://i.cnn.net/cnn/.element/ssi/js/1.0/main.js" 
type="text/javascript"></script>
<style type="text/css">

_________________________________________________________________
Don^Òt just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 15:03:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1373.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:46 01/09/2004, you wrote:
>Hi Ugo,
>
> >
> > Aren't they by default?  Mine does and I don't remember having changed
> > anything for it to work.
> >
>
>I've checked the quarantine and I see the messages without attachments; my
>system just delete the attachment and send a notice to postmaster. I've
>checked the config file but I didn't found any command to store or
>quarantine filename/filetype blocked attachments. May be I missed something,
>or may be the version I'm usign is too old. I hope you (or anybody else) can
>point me in the right direction to work this out. Thanks in advance.

Check out
Quarantine Whole Message
and
Quarantine Whole Messages As Queue Files
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  1 15:24:16 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:44 2006
Subject: OT: ClamAV v. ball-dropping Sophos
Message-ID: <mailman.1374.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dustin

yup - had conversations with Sophos tech support about timeliness of
updates. They don't (or didn't at the time) compare themselves to ClamAV
for update speed, or monitor them...

BUT I have seen Sophos dump quicker than ClamAV on at least one occasion
this year. Sophos haven't been top of the update league for a while
(Kapersky and others tend to be faster), but I tend to find they go a
good job apart from that (and they are local - 10 miles down the road!).


Moral of the story - more than one scanner is best...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Dustin Baer wrote:
> Anyone who is using Sophos only should be aware that their update for
> Troj/BagleD1-A (bagled-a.ide) came out a full FOUR hours after ClamAV
> was detecting infected zips as Trojan.JS.RunMe.
>
> Their second update for Troj/BagleD1-A came out 3.5 hours after ClamAV
> was detecting infected zips as Trojan.Dropper.Small-11.
>
> I installed ClamAV about a month ago.  I wish I had done it a year ago.
> It's free, and if you aren't using it, you aren't doing much service to
> your organization.
>
> Dustin
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From tonioli at K2SISTEMAS.COM.BR  Wed Sep  1 15:32:14 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:44 2006
Subject: OT: ClamAV v. ball-dropping Sophos
Message-ID: <mailman.1375.1137101204.24926.mailscanner@lists.mailscanner.info>

About this topic, what you guys have to say about BitDefender ?

I'm running bd for more then a month and have not to comply about that, but,
what you guys says about that ?

tks
Felipe Tonioli

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Martin Hepworth
> Sent: Wednesday, September 01, 2004 11:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: OT: ClamAV v. ball-dropping Sophos
>
>
> Dustin
>
> yup - had conversations with Sophos tech support about timeliness of
> updates. They don't (or didn't at the time) compare themselves to ClamAV
> for update speed, or monitor them...
>
> BUT I have seen Sophos dump quicker than ClamAV on at least one occasion
> this year. Sophos haven't been top of the update league for a while
> (Kapersky and others tend to be faster), but I tend to find they go a
> good job apart from that (and they are local - 10 miles down the road!).
>
>
> Moral of the story - more than one scanner is best...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Dustin Baer wrote:
> > Anyone who is using Sophos only should be aware that their update for
> > Troj/BagleD1-A (bagled-a.ide) came out a full FOUR hours after ClamAV
> > was detecting infected zips as Trojan.JS.RunMe.
> >
> > Their second update for Troj/BagleD1-A came out 3.5 hours after ClamAV
> > was detecting infected zips as Trojan.Dropper.Small-11.
> >
> > I installed ClamAV about a month ago.  I wish I had done it a year ago.
> > It's free, and if you aren't using it, you aren't doing much service to
> > your organization.
> >
> > Dustin
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Wed Sep  1 15:36:57 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:44 2006
Subject: OT: ClamAV v. ball-dropping Sophos
Message-ID: <mailman.1376.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Martin Hepworth wrote:

> BUT I have seen Sophos dump quicker than ClamAV on at least one occasion
> this year. Sophos haven't been top of the update league for a while
> (Kapersky and others tend to be faster), but I tend to find they go a
> good job apart from that

Yes, I'll agree they do a great job for the most part.  I've seen them
consistently beat Symantec (what we use internally on desktops, Lotus
Notes and Exchange).  The 3.5 - 4 hour delay from what Clam was
detecting really surprised me though.

> Moral of the story - more than one scanner is best...

Absolutely!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Sep  1 15:40:04 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1377.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Vicente Guerrero M. wrote:

> Hi Ugo,
>
>
>>Aren't they by default?  Mine does and I don't remember having changed
>>anything for it to work.
>>
>
>
> I've checked the quarantine and I see the messages without attachments; my
> system just delete the attachment and send a notice to postmaster. I've
> checked the config file but I didn't found any command to store or
> quarantine filename/filetype blocked attachments. May be I missed something,
> or may be the version I'm usign is too old. I hope you (or anybody else) can
> point me in the right direction to work this out. Thanks in advance.

What do you see in the quarantine?
If you have set to quarantine as queue files, you won't see the
attachment independently.
>
> Vicente
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From vguerrero at minar.com  Wed Sep  1 15:42:51 2004
From: vguerrero at minar.com (Vicente Guerrero M.)
Date: Thu Jan 12 21:26:44 2006
Subject: About blocked messages
Message-ID: <mailman.1378.1137101204.24926.mailscanner@lists.mailscanner.info>

>
> Check out
> Quarantine Whole Message
> and
> Quarantine Whole Messages As Queue Files
> --

Thanks Julian, I'll take a look and work around on this.


Vicente

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lele at PROFIM.FLORIDA.IT  Wed Sep  1 16:20:07 2004
From: lele at PROFIM.FLORIDA.IT (Emanuele Salvador)
Date: Thu Jan 12 21:26:44 2006
Subject: Zip files starting with an hypen
Message-ID: <mailman.1379.1137101204.24926.mailscanner@lists.mailscanner.info>

Some of my customers have the bad habit of sending me files starting
with an "-" and MailScanner marks them as password-protected zip,
transferring them to quarantine, even if they are simply zipped files.
Anyway I'm not able to rename or move or unzip these files. Can anybody
please explain me if I have to use an escape character or something
like that to work with this files?

Thanks,
Emanuele Salvador


Everybody's colored or else you wouldn't be able to see them.

- Don Van Vliet -


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PKCS7-SIGNATURE  3.2KB. ]
    [ Unable to print this part. ]


From mailscanner at BARENDSE.TO  Wed Sep  1 16:31:32 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1380.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
fdisk did the trick :)

The box is running TaoLinux, haven't got a clue what broke the perl on the
box, it's a production box so i never fiddle with it.

Can we include the pre-requisites for SpamAss 3 in the install.sh script?

On Wed, 1 Sep 2004, Julian Field wrote:

> Are you running SuSE? If so, their automatic repair facility (just boot off
> the CD) should be able to fix this for you.
>
> At 10:35 01/09/2004, you wrote:
>> Hmm I'll try doing rpm -Uvh on all perl rpms
>>
>> Hope that will solve it
>>
>> On Wed, 1 Sep 2004, Julian Field wrote:
>>
>>> At 10:00 01/09/2004, you wrote:
>>>> Probably not, just upgraded to the latest MailScanner (could we put these
>>>> modules in the install.sh script?)
>>>>
>>>> I guess I shouldn't get this either:
>>>>
>>>> # perl -MCPAN -e shell
>>>> Can't locate CPAN.pm in @INC (@INC contains:
>>>
>>> Eek! Your Perl installation is very badly broken.
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> MailScanner thanks transtec Computers for their support
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  1 16:44:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:44 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1381.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:31 01/09/2004, you wrote:
>fdisk did the trick :)
>
>The box is running TaoLinux, haven't got a clue what broke the perl on the
>box, it's a production box so i never fiddle with it.
>
>Can we include the pre-requisites for SpamAss 3 in the install.sh script?

If you are prepared to not have RPMs for them, then look at the start of
the "Other stuff" bit of the downloads page on www.mailscanner.info.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Wed Sep  1 16:49:43 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:44 2006
Subject: Zip files starting with an hypen
Message-ID: <mailman.1382.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Emanuele Salvador wrote:

> Can anybody
> please explain me if I have to use an escape character or something
> like that to work with this files?
>
> Thanks,
> Emanuele Salvador

Try using two hyphens before the zip file:

mv -- -whatever.zip whatever.zip

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From MyBSD at COMCAST.NET  Wed Sep  1 16:56:14 2004
From: MyBSD at COMCAST.NET (My BSD)
Date: Thu Jan 12 21:26:44 2006
Subject: "Format error in spool file" error message in Exim log
Message-ID: <mailman.1383.1137101204.24926.mailscanner@lists.mailscanner.info>

Fresh install (used native install.sh utility) of MS v. 4.33.3 on Slackware 10 box with two instances (separate configure files and spool folders) of Exim-4.41-4.

Test messages processed O.K. by MS but stuck in /var/spool/exim/input/ folder.

Exim log entry "Format error in spool file" repeated many times for "frozen" files.

Tried to defrost files with  "exim -qff", no joy.

>From searching the archives, this was a problem at one time (MS was adding corrupted headers) but should have been fixed years ago.
See http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0303&L=mailscanner&P=R16449&I=-1

Any ideas?

Thank you

My

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Wed Sep  1 18:04:19 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:44 2006
Subject: Subject/Body SCAN
Message-ID: <mailman.1384.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Mailscanner can scan a subject?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Like rules&nbsp;to match subjects and/or body 
mail...</FONT></DIV>
<DIV><FONT face=Arial size=2>If the rule match... going to spam...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ugob at CAMO-ROUTE.COM  Wed Sep  1 18:10:17 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:44 2006
Subject: Subject/Body SCAN
Message-ID: <mailman.1385.1137101204.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dennis Robert Kelbert wrote:

> Mailscanner can scan a subject?

Not MailScanner, but SpamAssassin can, so if you use Spamassassin
through MailScanner, you can create local SpamAssassin rules.

See http://wiki.apache.org/spamassassin/WritingRules

>
> Like rules to match subjects and/or body mail...
> If the rule match... going to spam...
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep  1 18:19:49 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:45 2006
Subject: Subject/Body SCAN
Message-ID: <mailman.1386.1137101204.24926.mailscanner@lists.mailscanner.info>

Hi!

> Mailscanner can scan a subject?
>
> Like rules to match subjects and/or body mail...
> If the rule match... going to spam...

Use SpamAssassin or simmilar tools for that...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at K2SISTEMAS.COM.BR  Wed Sep  1 18:23:44 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:45 2006
Subject: Error Running sa-learn --rebuild
Message-ID: <mailman.1387.1137101205.24926.mailscanner@lists.mailscanner.info>

Hi All,

Trying to upgrade spamassassin to v3.0.0 i've tried to rebuild sa-learn
before upgare and got de error below :


[root@magali Mail-SpamAssassin-3.0.0]# /usr/bin/sa-learn --rebuild
Global symbol "$re_strict" requires explicit package name at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/PerMsgStatus.pm line 1224.
Global symbol "$re_loose" requires explicit package name at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/PerMsgStatus.pm line 1224.
Global symbol "$re_strict" requires explicit package name at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/PerMsgStatus.pm line 1229.
Global symbol "$re_loose" requires explicit package name at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/PerMsgStatus.pm line 1229.
BEGIN not safe after errors--compilation aborted at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/PerMsgStatus.pm line 2608.
Compilation failed in require at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin.pm line 62.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin.pm line 62.
Compilation failed in require at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/CmdLearn.pm line 6.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/CmdLearn.pm line 6.
Compilation failed in require at /usr/bin/sa-learn line 46.


Anything about that ?
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pparsons at COLUMBIAFUELS.COM  Wed Sep  1 18:33:33 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:45 2006
Subject: OT: ClamAV v. ball-dropping Sophos
Message-ID: <mailman.1388.1137101205.24926.mailscanner@lists.mailscanner.info>

I have been running Bitdefender for about 3 months with clamav and they
both do a great job...Bitdefender is right up there with there update
times...

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Felipe Tonioli
> Sent: Wednesday, September 01, 2004 7:32 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: OT: ClamAV v. ball-dropping Sophos
> 
> About this topic, what you guys have to say about BitDefender ?
> 
> I'm running bd for more then a month and have not to comply 
> about that, but, what you guys says about that ?
> 
> tks
> Felipe Tonioli
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Martin Hepworth
> > Sent: Wednesday, September 01, 2004 11:24 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: OT: ClamAV v. ball-dropping Sophos
> >
> >
> > Dustin
> >
> > yup - had conversations with Sophos tech support about 
> timeliness of 
> > updates. They don't (or didn't at the time) compare themselves to 
> > ClamAV for update speed, or monitor them...
> >
> > BUT I have seen Sophos dump quicker than ClamAV on at least one 
> > occasion this year. Sophos haven't been top of the update 
> league for a 
> > while (Kapersky and others tend to be faster), but I tend 
> to find they 
> > go a good job apart from that (and they are local - 10 
> miles down the road!).
> >
> >
> > Moral of the story - more than one scanner is best...
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> > Dustin Baer wrote:
> > > Anyone who is using Sophos only should be aware that their update 
> > > for Troj/BagleD1-A (bagled-a.ide) came out a full FOUR 
> hours after 
> > > ClamAV was detecting infected zips as Trojan.JS.RunMe.
> > >
> > > Their second update for Troj/BagleD1-A came out 3.5 hours after 
> > > ClamAV was detecting infected zips as Trojan.Dropper.Small-11.
> > >
> > > I installed ClamAV about a month ago.  I wish I had done 
> it a year ago.
> > > It's free, and if you aren't using it, you aren't doing 
> much service 
> > > to your organization.
> > >
> > > Dustin
> > >
> > > ------------------------ MailScanner list 
> ------------------------ 
> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and 
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > 
> **********************************************************************
> >
> > This email and any files transmitted with it are confidential and 
> > intended solely for the use of the individual or entity to 
> whom they 
> > are addressed. If you have received this email in error 
> please notify 
> > the system manager.
> >
> > This footnote confirms that this email message has been 
> swept for the 
> > presence of computer viruses and is believed to be clean.
> >
> > 
> **********************************************************************
> >
> > ------------------------ MailScanner list 
> ------------------------ To 
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the 
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
> >
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Wed Sep  1 18:36:00 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:45 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1389.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
> Can we include the pre-requisites for SpamAss 3 in the install.sh script?

Why? SA is not a pre-requisite of MS and quite some people, especially
those with older hardware, don't use SA at all.

Can't be that hard to install.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From el.baby at gmail.com  Wed Sep  1 18:56:23 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1390.1137101205.24926.mailscanner@lists.mailscanner.info>

On Wed, 1 Sep 2004 08:45:47 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> All changed.
>
> Anyone got any comments to the contrary, particularly on the Charset setting?

I'm totally for ISO-8859-1 charset... but then, I speak Spanish :-)

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep  1 19:00:06 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1391.1137101205.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-01 at 14:56 -0300, Mariano Absatz wrote:
> On Wed, 1 Sep 2004 08:45:47 +0100, Julian Field
> <mailscanner@ecs.soton.ac.uk> wrote:
> > All changed.
> >
> > Anyone got any comments to the contrary, particularly on the Charset setting?
>
> I'm totally for ISO-8859-1 charset... but then, I speak Spanish :-)

Shouldn't everything be moving to UTF-8?

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From krausem at gmail.com  Wed Sep  1 19:07:35 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:45 2006
Subject: MCP Whitelist
Message-ID: <mailman.1392.1137101205.24926.mailscanner@lists.mailscanner.info>

Is there a way to get the MCP checker to check a whitelist?  Because
my whitelist in /opt/MailScanner/etc/rules/ only seems to be working
for SpamAssassin.  Thanks.


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Wed Sep  1 19:25:50 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:45 2006
Subject: blacklist per users
Message-ID: <mailman.1393.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi..&nbsp; </FONT><FONT face=Arial size=2>I can 
make a blacklist for different users/domains? Like so..</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>-------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2># Spam Blacklist:<BR># Make this point to a 
ruleset, and anything in that ruleset whose value<BR># is "yes" will *always* be 
marked as spam.<BR># This can also be the filename of a ruleset.<BR>Is 
Definitely Spam = %rules-dir%/spam.blacklist.rules</FONT></DIV>
<DIV><FONT face=Arial size=2>--------------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>cat 
\etc/MailScanner/rules/example.blacklist.rules</FONT><FONT face=Arial 
size=2></FONT></DIV>
<DIV><FONT face=Arial 
size=2>To:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;example.com&nbsp; 
/etc/MailScanner/rules/example.blacklist.rules</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;</DIV>
<DIV><BR></DIV></FONT></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From tonioli at K2SISTEMAS.COM.BR  Wed Sep  1 19:50:59 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1394.1137101205.24926.mailscanner@lists.mailscanner.info>

I'm from brazil ... have alot of á ã ç ... so if the new default has problem
with that ....

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Mariano Absatz
> Sent: Wednesday, September 01, 2004 2:56 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: 4.33.3: more defaults to change
>
>
> On Wed, 1 Sep 2004 08:45:47 +0100, Julian Field
> <mailscanner@ecs.soton.ac.uk> wrote:
> > All changed.
> >
> > Anyone got any comments to the contrary, particularly on the
> Charset setting?
>
> I'm totally for ISO-8859-1 charset... but then, I speak Spanish :-)
>
> --
> Mariano Absatz - El Baby
> el (dot) baby (AT) gmail (dot) com
> el (punto) baby (ARROBA:@) gmail (punto) com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at K2SISTEMAS.COM.BR  Wed Sep  1 20:15:28 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1395.1137101205.24926.mailscanner@lists.mailscanner.info>

Change BitDefender to supported in Minimum Code Status =
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  1 20:18:32 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:45 2006
Subject: Force local delivery?
Message-ID: <mailman.1396.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

I am using MailScanner in front of exchange and am using the mailertable
feature to forward all mail to the local ip of the exchange server.

Is there any way to prevent some adresses from being delivered by
mailertable rules?

We have several mail addresses that are not in use anymore but still get
loads of spam. Instead of wasting cpu cycles on that i would rather have
mail for such addresses delivered to my local spam learning account :)

I'm aware of the setups that are used to make sure only mail for valid
mailboxes is delivered but was wondering if there would be an easy way. I
don't want all the administrative hassle of such a setup and don't care
about invalid addresses. I just want the spam :)

In .forward you can put a line line \localaccount maybe such a thing is
possible in MS?

Thanx!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Wed Sep  1 20:25:18 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1397.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Well, I can clearly see the accent over the first "a", the tilde over
the second "a", and that little hangy-down squiggle under the "c" with
my ISO-8859-1 setup.  So ISO-8859-1 must be doing something right.
I took three years of French and can't remember what that mark under the
"c" is called anymore.

Jeff Earickson

On Wed, 1 Sep 2004, Felipe Tonioli wrote:

> Date: Wed, 1 Sep 2004 15:50:59 -0300
> From: Felipe Tonioli <tonioli@K2SISTEMAS.COM.BR>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: 4.33.3: more defaults to change
> 
> I'm from brazil ... have alot of á ã ç ... so if the new default has problem
> with that ....
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Mariano Absatz
>> Sent: Wednesday, September 01, 2004 2:56 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: 4.33.3: more defaults to change
>>
>>
>> On Wed, 1 Sep 2004 08:45:47 +0100, Julian Field
>> <mailscanner@ecs.soton.ac.uk> wrote:
>>> All changed.
>>>
>>> Anyone got any comments to the contrary, particularly on the
>> Charset setting?
>>
>> I'm totally for ISO-8859-1 charset... but then, I speak Spanish :-)
>>
>> --
>> Mariano Absatz - El Baby
>> el (dot) baby (AT) gmail (dot) com
>> el (punto) baby (ARROBA:@) gmail (punto) com
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> ---
>> Incoming mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Wed Sep  1 20:30:26 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:45 2006
Subject: Force local delivery?
Message-ID: <mailman.1398.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
> Hi!
>
> I am using MailScanner in front of exchange and am using the mailertable
> feature to forward all mail to the local ip of the exchange server.
>
> Is there any way to prevent some adresses from being delivered by
> mailertable rules?
>
> We have several mail addresses that are not in use anymore but still get
> loads of spam. Instead of wasting cpu cycles on that i would rather have
> mail for such addresses delivered to my local spam learning account :)
>
> I'm aware of the setups that are used to make sure only mail for valid
> mailboxes is delivered but was wondering if there would be an easy way. I
> don't want all the administrative hassle of such a setup and don't care
> about invalid addresses. I just want the spam :)
>
> In .forward you can put a line line \localaccount maybe such a thing is
> possible in MS?

Search for "ldap" in the MAQ page.

>
> Thanx!!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Sep  1 20:44:52 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1399.1137101205.24926.mailscanner@lists.mailscanner.info>

Jeff A. Earickson wrote:
> Well, I can clearly see the accent over the first "a", the tilde over
> the second "a", and that little hangy-down squiggle under the "c" with
> my ISO-8859-1 setup.  So ISO-8859-1 must be doing something right.
> I took three years of French and can't remember what that mark under
> the "c" is called anymore.
>

I must be missing something.  My MailScanner.conf is set to us-ascii, and I
can also see the same accent characters.  I copyied the post to a text file
and sent it to myself both in the body and as an attachment and both were
visible.  Interestingly, the charset in the mime boundery headers (or
whatever they're called) said:

--Message-Boundary-6059
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: Quoted-printable
Content-description: Mail message body

--Message-Boundary-6059
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: Quoted-printable
Content-description: Text from file 'test.txt'

--Message-Boundary-6059--

so it was picking up the iso-8859-1 charset anyway.  Go figure.  Is this
something the mail client usually sets, or the MTA, or what?  I can
experiment further but I'm not sure where I ought to be looking to make
changes.  As nearly as I can tell here it's all a wash.  The mail flow looks
like this:

Outlook <---> Exchange 5.5 <---> MailScanner/Sendmail <---> Internet

S'later...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vguerrero at minar.com  Wed Sep  1 21:30:08 2004
From: vguerrero at minar.com (Vicente Guerrero M.)
Date: Thu Jan 12 21:26:45 2006
Subject: About blocked messages {Solved}
Message-ID: <mailman.1400.1137101205.24926.mailscanner@lists.mailscanner.info>

Nevermind guys,

I've just changed the value from "no" to "yes" here:

Quarantine Infections = yes

and the MS started to store the attachments (and infections too!. I'll be
careful... I swear).

Thanks anyway for those to helped me to see some light on this one.

Cheers

Vicente

PS: I'm just wondering if the blocked messages could be sent to a mail
addres instead to the quarantine...?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alaslavic at HAVERTYS.COM  Wed Sep  1 22:08:36 2004
From: alaslavic at HAVERTYS.COM (Alex Laslavic)
Date: Thu Jan 12 21:26:45 2006
Subject: blacklist per users
Message-ID: <mailman.1401.1137101205.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK> wrote on 09/01/2004
03:25:50 PM:

> Hi..  I can make a blacklist for different users/domains? Like so..
>
> -------------------------------------
> # Spam Blacklist:
> # Make this point to a ruleset, and anything in that ruleset whose value
> # is "yes" will *always* be marked as spam.
> # This can also be the filename of a ruleset.
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
> --------------------------------------
>
>
> cat \etc/MailScanner/rules/example.blacklist.rules
> To:       example.com  /etc/MailScanner/rules/example.blacklist.rules
>

Not sure if that works or not.  But you can put in your
"%rules-dir/spam.blacklist.rules" file:

To: user@domain.com and From: badaddress@baddomain.com

... which will effectively (affectively?) only block
badaddress@baddomain.com when it is going to user@domain.com.

I would be interested to know if you can use a separate file like that
though....

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Wed Sep  1 22:42:57 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailwatch Problems
Message-ID: <mailman.1402.1137101205.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Alex Pimperton
> Sent: Wednesday, September 01, 2004 4:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: {Spam?} RE: {Spam?} [OT] Re: Mailwatch Problems
>
> Hi
>
> This may be obvious, but I can't see any way of going back to an earlier
> version of DBD::mysql.
>
> The package (libdbd-mysql-perl) in stable has failed dependencies and
> trying
> to install from the link on the mailwatch FAQ page throws up other errors:
>
> Can't exec "mysql_config": No such file or directory at Makefile.PL line
> 169.
> readline() on closed filehandle PIPE at Makefile.PL line 171.
>
> ....which I can't seem to fix.
>
> Similar story with using CPAN.
>
> Does anybody know where I can get a libdbd-mysql-perl 2.1* debian package?
>
> Or if there is another way of fixing the problem?
>
Go to this message on MailWatch email list database:

http://sourceforge.net/forum/message.php?msg_id=2271338

This post by Steve Freegard describes how to install the older DBD-MySQL
Perl library so it is used only by MailWatch.pm.

Worked like a charm for me.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.comRegards




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.vogt at FIRESTARTER.CH  Wed Sep  1 23:08:16 2004
From: p.vogt at FIRESTARTER.CH (Patrick Vogt)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1403.1137101205.24926.mailscanner@lists.mailscanner.info>

Hello!


I own a RAQ550 and decided to install Mailscanner with f-prot and Spamassissin.

I've followed the how-to at http://www.qitc.net/support/mailscanner/
and the installation went fine.

I can start mailscanner, no problems. But when the first mail arrives:

MailScanner[7107]: MailScanner E-Mail Virus Scanner version 4.33.1 starting...
MailScanner[7056]: New Batch: Scanning 1 messages, 1083 bytes
MailScanner[7056]: MCP Checks: Starting
MailScanner[7056]: Spam Checks: Starting
MailScanner[7107]: Using locktype = flock
MailScanner[7107]: New Batch: Scanning 1 messages, 1083 bytes
MailScanner[7107]: MCP Checks: Starting
MailScanner[7107]: Spam Checks: Starting
MailScanner[7083]: New Batch: Scanning 1 messages, 1083 bytes
MailScanner[7083]: MCP Checks: Starting
MailScanner[7083]: Spam Checks: Starting
MailScanner[7081]: New Batch: Scanning 1 messages, 1083 bytes
MailScanner[7081]: MCP Checks: Starting
MailScanner[7081]: Spam Checks: Starting
and so on...

ps aux shows MailScanner <defunct>

If I set 'Virus Scanning = no', all messages are delivered w/o any problems
and no restarting is seen (So, sendmail should be ok)

If I set 'Virus Scanning = yes' and 'Virus Scanners = none' and 'Spam Checks
= no' the problem arrives.

With this setting, the problem must be just Mailscanner (f-prot and
SpamAssasin are disabled, or not?).

If I start with
'debug = yes'
'Virus Scanners = 'f-prot'
'Spam Checks = yes'
and do a check_mailscanner, nothing really helpful is printed:

Starting MailScanner...
In Debugging mode, not forking...
debug: Score set 0 chosen.
debug: running in taint mode? no
SA bayes lock is /root/.spamassassin/bayes.lock
Bayes lock is at /root/.spamassassin/bayes.lock
debug: ignore: test message to precompile patterns and load modules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: bayes: 7940 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
debug: bayes: 7940 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 7940 untie-ing
debug: bayes: 7940 untie-ing db_toks
debug: bayes: 7940 untie-ing db_seen
debug: Score set 1 chosen.
debug: Initialising learner
debug: bayes: 7940 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
debug: bayes: 7940 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 7940 untie-ing
debug: bayes: 7940 untie-ing db_toks
debug: bayes: 7940 untie-ing db_seen
debug: is Net::DNS::Resolver available? yes
debug: trying (3) w3.org...
debug: looking up MX for 'w3.org'
debug: MX for 'w3.org' exists? 1
debug: MX lookup of w3.org succeeded => Dns available (set dns_available to
hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.27
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=1.27
debug: running uri tests; score so far=1.27
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.27
debug: Razor2 is not available
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
debug: Pyzor is not available: pyzor not found
debug: all '*To' addrs:
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=1.27
debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
debug: bayes: 7942 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
debug: bayes: 7942 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 7942 untie-ing
debug: bayes: 7942 untie-ing db_toks
debug: bayes: 7942 untie-ing db_seen
debug: received-header: parsed as [ ip=xxx rdns=xxx helo=xxxx by=xxxx ident= ]
debug: received-header: 'by' xxx has public IP xxx
debug: received-header: relay xxxx trusted? no
debug: is Net::DNS::Resolver available? yes
debug: all '*From' addrs: xxxxx
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=3.527
debug: running uri tests; score so far=3.527
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=3.527
debug: Razor2 is not available
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Pyzor is not available: pyzor not found
debug: all '*To' addrs: xxx
debug: forged-HELO: from=xx helo=xxx by=xxx
debug: DNS MX records found: 2
debug: RBL: success for 8 of 8 queries
debug: running meta tests; score so far=3.527
debug: auto-learn? ham=0.1, spam=12, body-hits=3.527, head-hits=0
debug: auto-learn: currently using scoreset 1.  no need to recompute.
debug: auto-learn? no: inside auto-learn thresholds
debug: is spam? score=3.527 required=5 tests=TRACKER_ID

I've read through MAQs and FAQs and the Archive, but nothing could help
me... I'm I too stupid?

Thanks for your help!
Patrick

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Wed Sep  1 23:17:29 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:45 2006
Subject: attach DENY FIRST
Message-ID: <mailman.1404.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Leif Neland wrote:
> Dennis Robert Kelbert <suporte@SETINET.COM.BR> wrote:
>
>>Hello everybody...
>>
>>What i need to do , if I want to block all possible attachments(like
>>\.*), and then making rules for accept the attachments that i really
>>need..?
>
>
> Your logic should be reversed.
> If you first block all, then you cant afterward allow any
>
> First allow the ones you want, then block all the rest
>
> That is, when a rule is matched, the rest is not looked at.
>
> Leif
Sort of like this logic;
rule 1 -- shoot all lawyers.
--bang  bang

rule 2 don't shoot honest ones -- oops too late I already shot them.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chris at scorpion.nl  Wed Sep  1 23:24:31 2004
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1405.1137101205.24926.mailscanner@lists.mailscanner.info>

> If I set 'Virus Scanning = yes' and 'Virus Scanners = none'
> and 'Spam Checks
> = no' the problem arrives.

How about "Virus Scanning = yes" and "Virus Scanners = f-prot" ?

Some defunct MailScanner(s) is normal (at least, I see the same on 'normal'
running systems). You should see up to "Max Children = 2" running
MailScanner childs.

bye,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Wed Sep  1 23:39:04 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:45 2006
Subject: blacklist per users
Message-ID: <mailman.1406.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex Laslavic wrote:
>># Spam Blacklist:
>># Make this point to a ruleset, and anything in that ruleset whose value
>># is "yes" will *always* be marked as spam.
>># This can also be the filename of a ruleset.
>>Is Definitely Spam = %rules-dir%/spam.blacklist.rules
>>--------------------------------------
>>
>>
>>cat \etc/MailScanner/rules/example.blacklist.rules
>>To:       example.com  /etc/MailScanner/rules/example.blacklist.rules
>>
> I would be interested to know if you can use a separate file like that
> though....

Nested rules don't work as far as I know.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From svigano at BOOTHCREEK.COM  Thu Sep  2 01:07:19 2004
From: svigano at BOOTHCREEK.COM (Steffan Vigano)
Date: Thu Jan 12 21:26:45 2006
Subject: .esp files and script blocking
Message-ID: <mailman.1407.1137101205.24926.mailscanner@lists.mailscanner.info>

FYI - I found a way around this.... Utilizing the "Allow .exe (or other
extension) from a single email address" post in the MS FAQ-O-Matic.  Not
sure this link will last the test of time, but here it is:

   http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/209.html

Thanks for the help.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Thu Sep  2 01:50:57 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:45 2006
Subject: Error Running sa-learn --rebuild
Message-ID: <mailman.1408.1137101205.24926.mailscanner@lists.mailscanner.info>

Felipe Tonioli wrote on         Wed, 1 Sep 2004 14:23:44 -0300:

> Trying to upgrade spamassassin to v3.0.0 i've tried to rebuild sa-learn
> before upgare and got de error below
>

Felipe, you should address this to the sa-user mailing-list. I suppose, 
you need to update one of your Perl modules.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Thu Sep  2 01:50:57 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1409.1137101205.24926.mailscanner@lists.mailscanner.info>

Patrick Vogt wrote on         Wed, 1 Sep 2004 23:08:16 +0100:

> I can start mailscanner, no problems. But when the first mail arrives:

> MailScanner[7081]: MCP Checks: Starting
> MailScanner[7081]: Spam Checks: Starting
> and so on...

which looks like the virusscanner has a problem because it's next.

> If I set 'Virus Scanning = no', all messages are delivered w/o any problems
> and no restarting is seen (So, sendmail should be ok)

which looks like the virusscanner has a problem, again.

> 
> If I set 'Virus Scanning = yes' and 'Virus Scanners = none'

I don't know what is supposed to happen when scanning but no virusscanner is 
set.


> With this setting, the problem must be just Mailscanner (f-prot and
> SpamAssasin are disabled, or not?).

I think it's your f-prot. Either f-prot itself, the wrapper or the way you 
configured it in MailScanner. Sorry, I don't use f-prot, so I can't say more.

> 
> If I start with
> 'debug = yes'

which looks like SA doesn't have a problem, no virusscanner to be seen.



Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Thu Sep  2 02:01:00 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:45 2006
Subject: Whitelist problem
Message-ID: <mailman.1410.1137101205.24926.mailscanner@lists.mailscanner.info>

Hey all,

Sorry if this has been covered before, but I have a question regarding
whitelisting.  Email generated by the server (virus alerts etc) are sent
to my email address, but some of them get marked as spam.  I want to be
able to whitelist everything coming from the server, but if an email is
sent with a spoofed address of 127.0.0.1 it will automatically be
whitelisted.  Is there a way around this?


Regards,

Matt Bullock
Network Administrator
Troika Networks, Inc.
805.367.2728
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Mathias.Koerber at LIGHTSPEED.COM.SG  Thu Sep  2 05:56:49 2004
From: Mathias.Koerber at LIGHTSPEED.COM.SG (Mathias Koerber)
Date: Thu Jan 12 21:26:45 2006
Subject: Message-ID matching
Message-ID: <mailman.1411.1137101205.24926.mailscanner@lists.mailscanner.info>

Hi MailScanner gurus,

I am getting very frustrated by the many bounce-messages we receive
which are in response to some virus elsewhere using our email addresses
in the From: headers.

Is there a way (in MailScanner) to
        a) have MailScanner record the message-id of all outgoing emails
           passing though it
        b) matching certain incoming emails, such as bounces against
           that list and acting differently according to whether the
           original mail was known or not

formail -D does have a facility to record message-IDs, but I believe
calling formail on every outgoing email may be quite heavy, and we are
still lacking a facility to check the database on incoming emails.

Also, some tool will be required to clean out the database regularly,
unless like in formail the database can be of limited size and
old records get lost when the database fills up.

Has anyone implemented such a facility in Mailscanner yet?

Any hints where I should start looking if I wanted to try this
myself (ie, where are the hooks etc)
-- 
Mathias Körber
mathias@lightspeed.com.sg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From itdept at FRACTALWEB.COM  Thu Sep  2 06:37:35 2004
From: itdept at FRACTALWEB.COM (Fractal IT Dept.)
Date: Thu Jan 12 21:26:45 2006
Subject: Whitelist problem
Message-ID: <mailman.1412.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Bullock wrote:

>Hey all,
>
>Sorry if this has been covered before, but I have a question regarding
>whitelisting.  Email generated by the server (virus alerts etc) are sent
>to my email address, but some of them get marked as spam.  I want to be
>able to whitelist everything coming from the server, but if an email is
>sent with a spoofed address of 127.0.0.1 it will automatically be
>whitelisted.  Is there a way around this?
>
>
Hi Matt,

Is it even possible for an external email to be spoofed to 127.0.0.1? I
don't think sendmail would allow that...or am I mistaken?

We do have 127.0.0.1 whitelisted on our server.

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Thu Sep  2 07:56:03 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1413.1137101205.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-09-02 at 01:50, Kai Schaetzl wrote:
> which looks like the virusscanner has a problem because it's next.
>
> > If I set 'Virus Scanning = no', all messages are delivered w/o any problems
> > and no restarting is seen (So, sendmail should be ok)
>
> which looks like the virusscanner has a problem, again.

I doubt its the command line scanner as thats all wrapped up and
shouldn't be able to stop the show.  Maybe its one of the perl modules
causing the problem.  How did you install?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Thu Sep  2 08:03:43 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:45 2006
Subject: Force local delivery?
Message-ID: <mailman.1414.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> Remco Barendse wrote:
>> Hi!
>>
>> I am using MailScanner in front of exchange and am using the mailertable
>> feature to forward all mail to the local ip of the exchange server.
>>
>> Is there any way to prevent some adresses from being delivered by
>> mailertable rules?
>>
>> We have several mail addresses that are not in use anymore but still get
>> loads of spam. Instead of wasting cpu cycles on that i would rather have
>> mail for such addresses delivered to my local spam learning account :)
>>
>> I'm aware of the setups that are used to make sure only mail for valid
>> mailboxes is delivered but was wondering if there would be an easy way. I
>> don't want all the administrative hassle of such a setup and don't care
>> about invalid addresses. I just want the spam :)
>>
>> In .forward you can put a line line \localaccount maybe such a thing is
>> possible in MS?
>
> Search for "ldap" in the MAQ page.


That would do exactly what I don't want, deliver the mail only for valid
addresses and drop/deny/reject the rest. It's exactly this rest that I
want and I want it in my spam box :)

But thanks for the tip.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 08:38:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1415.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:15 01/09/2004, you wrote:
>Change BitDefender to supported in Minimum Code Status =

It already is...
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 08:40:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1416.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:08 01/09/2004, you wrote:
>MailScanner[7107]: MailScanner E-Mail Virus Scanner version 4.33.1 starting...

4.33.1 was a beta version, with a bug that caused this. Once I have
published a stable version don't use any of the preceding betas. I
published the stable release on Tuesday morning.

Betas may contain bugs, that's why they exist :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 08:42:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: MCP Whitelist
Message-ID: <mailman.1417.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:07 01/09/2004, you wrote:
>Is there a way to get the MCP checker to check a whitelist?  Because
>my whitelist in /opt/MailScanner/etc/rules/ only seems to be working
>for SpamAssassin.  Thanks.

Have a look at the "Is Definitely Not Spam" and "Is Definitely Not MCP"
settings, and compare them. You will see how the ruleset is implemented, so
then you can do the same for the MCP setting.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 08:43:16 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: blacklist per users
Message-ID: <mailman.1418.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:25 01/09/2004, you wrote:
>Hi..  I can make a blacklist for different users/domains? Like so..

There is per-user and per-domain white and black listing code in
CustomConfig.pm. Just read the comments in that file and you will quickly
find how to enable it.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 08:45:42 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: Whitelist problem
Message-ID: <mailman.1419.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:01 02/09/2004, you wrote:
>Hey all,
>
>Sorry if this has been covered before, but I have a question regarding
>whitelisting.  Email generated by the server (virus alerts etc) are sent
>to my email address, but some of them get marked as spam.  I want to be
>able to whitelist everything coming from the server, but if an email is
>sent with a spoofed address of 127.0.0.1 it will automatically be
>whitelisted.  Is there a way around this?

Don't whitelist localhost, whitelist the IP 127.0.0.1. Unless they are
spoofing the IP address at the client end of the TCP connection they can't
change this value.

If they are up to spoofing IP addresses on TCP connections (which is hard),
then you have bigger problems than just a few mail messages :-(
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ricardo.canavate at nozar.es  Thu Sep  2 09:39:59 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:45 2006
Subject: SpamAssassin timed out and was killed
Message-ID: <mailman.1420.1137101205.24926.mailscanner@lists.mailscanner.info>

Thanks a lot Martin,

I'll do it and I'll tell you.

-----Mensaje original-----
De: Martin Hepworth [mailto:martinh@solid-state-logic.com]
Enviado el: miércoles, 01 de septiembre de 2004 14:08
Para: ricardo.canavate@nozar.es
CC: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: [MAILSCANNER] SpamAssassin timed out and was killed


Ricardo

use the settings below in the file to turn off all but the SBL list..

Do *not* use blacklists and bigevil.cf, these are huge and increase
memory use massively.

*Do* use spamcop-uri



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ricardo Luis Cañavate wrote:
> Martin,
> did you recomend me, turn off RBL's use this information in my
> spam.assassin.prefs.conf
>
>
>>score HABEAS_SWE 0.0
>>
>># don't do all the RBL's just orb and spamhause XBL - above
>>score RCVD_IN_NJABL 0.0
>>score RCVD_IN_NJABL_DIALUP 0.0
>>score RCVD_IN_NJABL_MULTI 0.0
>>score RCVD_IN_NJABL_PROXY 0.0
>>score RCVD_IN_NJABL_RELAY 0.0
>>score RCVD_IN_NJABL_SPAM 0.0
>>score RCVD_IN_DYNABLOCK 0.0
>>score RCVD_IN_OPM 0.0
>>score RCVD_IN_OPM_WINGATE 0.0
>>score RCVD_IN_OPM_SOCKS 0.0
>>score RCVD_IN_OPM_HTTP 0.0
>>score RCVD_IN_OPM_ROUTER 0.0
>>score RCVD_IN_SORBS_BLOCK 0.0
>>score RCVD_IN_DSBL 0.0
>>score RCVD_IN_RFCI 0.0
>>score DNS_FROM_RFCI_DSN 0.0
>>#score RCVD_IN_SBL 0.0
>>score HABEAS_VIOLATOR 0.0
>>score RCVD_IN_BSP_TRUSTED 0.0
>>score RCVD_IN_BSP_OTHER 0.0
>>#######################################################################
>
>
>
> and use sa-blacklist's and bigevil.cf?
>
> and use spamcop-uri?
>
>
> -----Mensaje original-----
> De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
> nombre de Martin Hepworth
> Enviado el: martes, 31 de agosto de 2004 14:41
> Para: MAILSCANNER@JISCMAIL.AC.UK
> Asunto: Re: SpamAssassin timed out and was killed
> Importancia: Alta
>
>
> Ricardo
>
> normally timeouts are a result of the RBL's not getting their
> information quickly enought.
>
> I turn most of them off by giving them a zero score in my
> spam.assassin.prefs.conf (see a post last week from me on this).
>
> BUT if you are using bigevil.cf and the sa-blacklist's you'll be
> increasing the processing requireed by a huge amount as they are massive
> files. You'd be better off using the www.sorbl.org alternatives via the
> spamcop-uri plug-in.
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Ricardo Luis Cañavate wrote:
>
>>First sorry for my English and thanks in advanced.
>>
>>Hi Friends,
>>Lately, I try to optimize my MailSacanner setting up some rules for
>>spamassassin downloading from
>>http://wiki.apache.org/spamassassin/CustomRulesets and copying them into
>>/etc/mail/spamassassin/, first the system works well, fine, fantastic!!
>>stop all the spam, but .. after 24 hours of good work, more or less,
>>mailscanner doesn't process the messages of the inbound queue and the
>>logging shows some messages like these:
>>
>>servnozar MailScanner[15301]: SpamAssassin timed out and was killed,
>>consecutive failure 5 of 20
>>servnozar MailScanner[15301]: RBL Check ORDB-RBL timed out and was
>>killed, consecutive failure 1 of 7
>>
>>I'm try to set up little value in "Max SpamAssassin Size" to try to load
>>the less possible and  more time out for spamassassin in
>>MailScanner.conf, but doesn't work.
>>
>>Thanks for all your support.
>>
>>
>>
>>
>>
>>*Ricardo Luis Cañavate García*
>>Dpto. de Informática
>>*NOZAR*/ Grupo Inmobiliario/
>>Tel: 91 758 96 30 | Fax: 91 559 83 39
>>*www.nozar.es* <http://www.nozar.es/>
>>
>>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
> =========================================================================
> Usted recibe este mensaje porque su dirección e-mail se encuentra en
> nuestra base de datos al haber tenido contactos anteriores con nosotros,
> por lo que entendemos que contamos con su autorización para enviarle
> información profesional. No obstante, si no desea seguir recibiéndola
> basta con hacérnoslo saber.
> Este mensaje se dirige exclusivamente a su destinatario y puede contener
> información privilegiada o confidencial. Si no es vd. el destinatario
> indicado, queda notificado de que la utilización, divulgación y/o copia
> sin autorización está prohibida en virtud de la legislación vigente.
> Si ha recibido este mensaje por error, le rogamos que nos lo comunique
> inmediatamente por esta misma vía y proceda a su destrucción.
>
>
> You are receiving this message because your e-mail address is listed in
> our database due to previous communications with us,
> so we have assumed that we have your permission to send you professional
> information. However, if you do not wish to continue to receive such
> information then please let us know.
> This message is intended exclusively for its addressee and may contain
> information that is CONFIDENTIAL and protected by professional privilege.
> If you are not the intended recipient you are hereby notified that any
> dissemination, copy or disclosure of this communication is strictly
> prohibited by law. If this message has been received in error, please
> immediately notify us via e-mail and delete it.
> =======================================================================
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jovi_2 at YAHOO.COM  Thu Sep  2 10:03:21 2004
From: jovi_2 at YAHOO.COM (Sathes Nair)
Date: Thu Jan 12 21:26:45 2006
Subject: log
Message-ID: <mailman.1421.1137101205.24926.mailscanner@lists.mailscanner.info>

Hi there i have been running mailscanner-4.29.7 on
solaris 8 sparc with perl 5.8.3 together wiht sendmail
8.12.10.

Lately if have notice this strage log :-

[10076]: Spam Checks: Starting
Sep  2 16:09:14 explorer@rubesg.com
MailScanner[10076]: Virus and Content Scanning:
Starting
Sep  2 16:09:17 explorer@rubesg.com
MailScanner[10076]: Uninfected: Delivered 1 messages
Sep  2 16:09:17 explorer@rubesg.com
MailScanner[10076]: MailScanner child dying of old age
Sep  2 16:09:17 explorer@rubesg.com
MailScanner[11149]: MailScanner E-Mail Virus Scanner
version 4.29.7 starting...
Sep  2 16:09:18 explorer@rubesg.com
MailScanner[11149]: Using Custom Function file
/opt/MailScanner/lib/MailScanner/CustomFunc
tions/MyExample.pm
Sep  2 16:09:21 explorer@rubesg.com
MailScanner[11149]: Using locktype = flock
Sep  2 16:09:27 explorer sendmail[11148]: [ID 801593
mail.crit] i8289B8i011135: SYSERR(root): header syntax
error, line "X-Mak
mal Consulting-MailScanner-Information: Please contact
the ISP for more information"

I have notice that it says "Mailscanner child dying of
old age"
Can anyone pls let tell me what does it means.
Many thanks in advance

..sathes

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep  2 10:04:44 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:45 2006
Subject: Whitelist problem
Message-ID: <mailman.1422.1137101205.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Hey all,
>
> Sorry if this has been covered before, but I have a question
> regarding whitelisting.  Email generated by the server (virus
> alerts etc) are sent to my email address, but some of them
> get marked as spam.  I want to be able to whitelist
> everything coming from the server, but if an email is sent
> with a spoofed address of 127.0.0.1 it will automatically be
> whitelisted.  Is there a way around this?

We whitelist the server hostname for mail sent from root@ and postmaster@
instead of the IP which works quite well



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 10:13:40 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:45 2006
Subject: log
Message-ID: <mailman.1423.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sathes

This is normal.

MailScanner main process starts several child processes (as defined by
"Max Children" in MailScanner.conf) who only live for a defined time
("Restart Every" in sam file).

After this time they 'die of old age' so any memory leaks etc are less
of an issue, and a new child process is started.

Hope this explains it....


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Sathes Nair wrote:
> Hi there i have been running mailscanner-4.29.7 on
> solaris 8 sparc with perl 5.8.3 together wiht sendmail
> 8.12.10.
>
> Lately if have notice this strage log :-
>
> [10076]: Spam Checks: Starting
> Sep  2 16:09:14 explorer@rubesg.com
> MailScanner[10076]: Virus and Content Scanning:
> Starting
> Sep  2 16:09:17 explorer@rubesg.com
> MailScanner[10076]: Uninfected: Delivered 1 messages
> Sep  2 16:09:17 explorer@rubesg.com
> MailScanner[10076]: MailScanner child dying of old age
> Sep  2 16:09:17 explorer@rubesg.com
> MailScanner[11149]: MailScanner E-Mail Virus Scanner
> version 4.29.7 starting...
> Sep  2 16:09:18 explorer@rubesg.com
> MailScanner[11149]: Using Custom Function file
> /opt/MailScanner/lib/MailScanner/CustomFunc
> tions/MyExample.pm
> Sep  2 16:09:21 explorer@rubesg.com
> MailScanner[11149]: Using locktype = flock
> Sep  2 16:09:27 explorer sendmail[11148]: [ID 801593
> mail.crit] i8289B8i011135: SYSERR(root): header syntax
> error, line "X-Mak
> mal Consulting-MailScanner-Information: Please contact
> the ISP for more information"
>
> I have notice that it says "Mailscanner child dying of
> old age"
> Can anyone pls let tell me what does it means.
> Many thanks in advance
>
> ..sathes
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 10:18:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: log
Message-ID: <mailman.1424.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
What is your "Restart Every" setting set to? After that number of seconds,
the child process will be killed off and restarted. This handles any memory
leaks or other resource leaks in the child processes (or in Perl itself).

At 10:03 02/09/2004, you wrote:
>Hi there i have been running mailscanner-4.29.7 on
>solaris 8 sparc with perl 5.8.3 together wiht sendmail
>8.12.10.
>
>Lately if have notice this strage log :-
>
>[10076]: Spam Checks: Starting
>Sep  2 16:09:14 explorer@rubesg.com
>MailScanner[10076]: Virus and Content Scanning:
>Starting
>Sep  2 16:09:17 explorer@rubesg.com
>MailScanner[10076]: Uninfected: Delivered 1 messages
>Sep  2 16:09:17 explorer@rubesg.com
>MailScanner[10076]: MailScanner child dying of old age
>Sep  2 16:09:17 explorer@rubesg.com
>MailScanner[11149]: MailScanner E-Mail Virus Scanner
>version 4.29.7 starting...
>Sep  2 16:09:18 explorer@rubesg.com
>MailScanner[11149]: Using Custom Function file
>/opt/MailScanner/lib/MailScanner/CustomFunc
>tions/MyExample.pm
>Sep  2 16:09:21 explorer@rubesg.com
>MailScanner[11149]: Using locktype = flock
>Sep  2 16:09:27 explorer sendmail[11148]: [ID 801593
>mail.crit] i8289B8i011135: SYSERR(root): header syntax
>error, line "X-Mak
>mal Consulting-MailScanner-Information: Please contact
>the ISP for more information"
>
>I have notice that it says "Mailscanner child dying of
>old age"
>Can anyone pls let tell me what does it means.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 10:27:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: log
Message-ID: <mailman.1425.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>
>>Sep  2 16:09:27 explorer sendmail[11148]: [ID 801593
>>mail.crit] i8289B8i011135: SYSERR(root): header syntax
>>error, line "X-Mak
>>mal Consulting-MailScanner-Information: Please contact
>>the ISP for more information"

Also, you have at least 1 space in your definition of %yoursite%. The
comments in the MailScanner.conf file make it very clear that this value
cannot contain any spaces.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rvitoria at CI.UCP.PT  Thu Sep  2 10:31:19 2004
From: rvitoria at CI.UCP.PT (Rui Vitoria)
Date: Thu Jan 12 21:26:45 2006
Subject: mailscanner defunct
Message-ID: <mailman.1426.1137101205.24926.mailscanner@lists.mailscanner.info>

Hi

Can anyone help me, after i install the last version of mailscanner 4-33.1

i receive this error:

6685 ?        S      0:00 /usr/bin/perl -
I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.co
nf
 6686 ?        Z      0:01 [MailScanner <defunct>]
 6694 ?        Z      0:01 [MailScanner <defunct>]
 6701 ?        Z      0:01 [MailScanner <defunct>]

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Thu Sep  2 11:27:44 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:45 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1427.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Any chance for this?

Regards,
Marcin

> Unfortunately, some spammers puts these two headers into spam:
> X-Mozilla-Status:
> X-Mozilla-Status2:
> Because of this, my mail program (Thunderbird) shows new mail as already
> read
> which is undesirable. Can mailscanner remove those two headers from all
> processed e-mails?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Peter.Bates at LSHTM.AC.UK  Thu Sep  2 11:34:07 2004
From: Peter.Bates at LSHTM.AC.UK (Peter Bates)
Date: Thu Jan 12 21:26:45 2006
Subject: Razor (and possibly Postfix) problems...
Message-ID: <mailman.1428.1137101205.24926.mailscanner@lists.mailscanner.info>

Hello there...

I've had a glimpse at the Faq-o-matic and friends, but still seem a bit
confused on this issue...

I'm running MS (4.32.5) with SA 2.64, DCC and Razor.

However, I've tried upgrading to Razor(agents) 2.61, and I'm still
getting timeouts and considering disabling it altogether...

MS/SA all run as 'postfix' user (as I'm running postfix), and I have:

razor_timeout 5
razor_config /var/spool/postfix/.razor/razor-agent.conf

in my spam.assassin.prefs.conf

I have

razorhome=/var/spool/postfix/.razor

in /var/spool/postfix/.razor/razor-agent.conf

but I'm getting the impression that the 'discovery list' and things
aren't being updated, so I'm just trying to connect to dead hosts and
hence timing out...

Anyone know some good Razor debugging tips, or anyone out there
particularly running Razor with SA as an 'unusual' user?

Thanks...



--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dh at UPTIME.AT  Thu Sep  2 11:52:39 2004
From: dh at UPTIME.AT (David H.)
Date: Thu Jan 12 21:26:45 2006
Subject: [BUG?] Turning off whitelisting with spamassassin 3.0-rc2 from
    mailscanner broken?
Message-ID: <mailman.1429.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hello I am running

Running on
Linux mail 2.4.24-grsec #2 Thu Jan 15 12:42:49 CET 2004 i686 i686 i386
GNU/Linux
This is Red Hat Linux release 8.0 (uptime Edition)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.33.2
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.27    HTML::Entities
3.35    HTML::Parser
2.28    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
3.00    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
3.000000        Mail::SpamAssassin
0.30    Net::LDAP
0.15    SAVI
missing Mail::ClamAV
0.45    Net::DNS

as well as

SpamAssassin version 3.0.0-rc2
with
perl -V
Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration

Whe I set:
use_auto_whitelist      0 in spam.assassin.prefs.conf whitelisting is
turned off. No scoring shows and the typical whitelist files are not
created.

When I set:
SpamAssassin Auto Whitelist = no in MailScanner.conf but DO NOT add the
entry in spam.assassin.prefs.conf whitelisting is turned on. This shows
in score adjustmenst due to AWL as well as the creation of teh typical
whitelist file.

Thanks

- -d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (Darwin)

iD8DBQFBNvt2PMoaMn4kKR4RA9lNAKCg4eeUycU4Vb9CYOZhLmarx7LhgACeKAMY
S0p1b5DJVafrq8j4FDiu/JI=
=rjYX
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From David.While at UCE.AC.UK  Thu Sep  2 12:00:47 2004
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:26:45 2006
Subject: FW: New beta release of Vispan
Message-ID: <mailman.1430.1137101205.24926.mailscanner@lists.mailscanner.info>

I have just released a beta version of Vispan. This version no longer
uses MRTG but instead uses the GD graphics library.
It provides historical stats over 10 minutes, hourly, monthly and
yearly.

It can be downloaded as usual from
http://www.while.homeunix.net/mailstats/

--------------------------------------------
David While BSc CEng MBCS CITP
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211
--------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 12:15:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: [BUG?] Turning off whitelisting with spamassassin 3.0-rc2 from
    mailscanner broken?
Message-ID: <mailman.1431.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:52 02/09/2004, you wrote:
>SpamAssassin version 3.0.0-rc2
>with
>perl -V
>Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration
>
>Whe I set:
>use_auto_whitelist      0 in spam.assassin.prefs.conf whitelisting is
>turned off. No scoring shows and the typical whitelist files are not
>created.
>
>When I set:
>SpamAssassin Auto Whitelist = no in MailScanner.conf but DO NOT add the
>entry in spam.assassin.prefs.conf whitelisting is turned on. This shows
>in score adjustmenst due to AWL as well as the creation of teh typical
>whitelist file.

I really can't find this one at the moment. My code definitely sets the
right option. Are you sure you don't already have a "use_auto_whitelist 1"
in your spam.assassin.prefs.conf or any other SA configuration files
anywhere? That's about the only thing I can think of.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep  2 13:21:23 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:45 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1432.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I just switched from the clam tarball to the clamav rpm from the dag
wieers repository (because the virus filtering web proxy gave me problems
with the tarball version).

I noticed however that MailScanner seems to be working find with clam rpm
version only the update doesn't work :
Sep  2 14:08:29 xxx ClamAV-autoupdate[31244]: ClamAV updater
/usr/local/bin/freshclam cannot be run

Apparently when usingthe rpm version of clam the freshclam script is
located here:
/usr/bin/freshclam

Can we get the clamav update script to look for both locations?

Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 13:48:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1433.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:21 02/09/2004, you wrote:
>I just switched from the clam tarball to the clamav rpm from the dag
>wieers repository (because the virus filtering web proxy gave me problems
>with the tarball version).
>
>I noticed however that MailScanner seems to be working find with clam rpm
>version only the update doesn't work :
>Sep  2 14:08:29 xxx ClamAV-autoupdate[31244]: ClamAV updater
>/usr/local/bin/freshclam cannot be run
>
>Apparently when usingthe rpm version of clam the freshclam script is
>located here:
>/usr/bin/freshclam
>
>Can we get the clamav update script to look for both locations?

The location of your clam installation needs to be set in
virus.scanners.conf. There is little point in making the update script
check both locations if the scanner itself can't be found by MailScanner.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From el.baby at gmail.com  Thu Sep  2 13:49:34 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:45 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1434.1137101205.24926.mailscanner@lists.mailscanner.info>

On Wed, 1 Sep 2004 11:44:52 -0800, Kevin Miller
<kevin_miller@ci.juneau.ak.us> wrote:
> Jeff A. Earickson wrote:
> > Well, I can clearly see the accent over the first "a", the tilde over
> > the second "a", and that little hangy-down squiggle under the "c" with
> > my ISO-8859-1 setup.  So ISO-8859-1 must be doing something right.
> > I took three years of French and can't remember what that mark under
> > the "c" is called anymore.
> >
>
> I must be missing something.  My MailScanner.conf is set to us-ascii, and I
> can also see the same accent characters.  I copyied the post to a text file
> and sent it to myself both in the body and as an attachment and both were
> visible.  Interestingly, the charset in the mime boundery headers (or
> whatever they're called) said:
>
> --Message-Boundary-6059
> Content-type: text/plain; charset=ISO-8859-1
> Content-transfer-encoding: Quoted-printable
> Content-description: Mail message body
>
> --Message-Boundary-6059
> Content-type: text/plain; charset=ISO-8859-1
> Content-transfer-encoding: Quoted-printable
> Content-description: Text from file 'test.txt'
>
> --Message-Boundary-6059--
>
> so it was picking up the iso-8859-1 charset anyway.  Go figure.  Is this
> something the mail client usually sets, or the MTA, or what?  I can
> experiment further but I'm not sure where I ought to be looking to make
> changes.  As nearly as I can tell here it's all a wash.  The mail flow looks
> like this:
>
> Outlook <---> Exchange 5.5 <---> MailScanner/Sendmail <---> Internet
>
The Content-Type: header is a MIME thing. MIME is a MUA 'protocol' (as
well as RFC822 is).

That is, it is usually set and understood by the MUA, in your case, Outlook.

The settings in MailScanner are related to messages generated WITHIN
MailScanner, e.g. a bounce, a message telling you you received a
virus, etc. In those cases MailScanner is acting as a kind of
automatic MUA... supposedly, a 'pure' smtp MTA should not modify the
content or the headers of a message (with minor exceptions, like
adding trace fields).

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brad at BECKENHAUER.COM  Thu Sep  2 13:49:59 2004
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:26:45 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1435.1137101205.24926.mailscanner@lists.mailscanner.info>

I'd like to see MailScanner seach both locations also.

As a fix: you can edit your etc/virus.scanners.conf and
change the clamav line:

original line:
clamav   /opt/MailScanner/lib/clamav-wrapper    /usr/local

New line:
clamav   /opt/MailScanner/lib/clamav-wrapper    /usr

works like a charm.

:-) Brad


>>> Remco Barendse<mailscanner@BARENDSE.TO> 9/2/2004 7:21:23 AM >>>
I just switched from the clam tarball to the clamav rpm from the dag
wieers repository (because the virus filtering web proxy gave me problems
with the tarball version).

I noticed however that MailScanner seems to be working find with clam rpm
version only the update doesn't work :
Sep  2 14:08:29 xxx ClamAV-autoupdate[31244]: ClamAV updater
/usr/local/bin/freshclam cannot be run

Apparently when usingthe rpm version of clam the freshclam script is
located here:
/usr/bin/freshclam

Can we get the clamav update script to look for both locations?

Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brad at BECKENHAUER.COM  Thu Sep  2 13:56:46 2004
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:26:45 2006
Subject: MailScanner install failed on a "tail"
Message-ID: <mailman.1436.1137101205.24926.mailscanner@lists.mailscanner.info>

Hello,
I installed MailScanner-install-4.33.3 on a new machine this morning and
got the below error from the install script.

A quick search/replace in the install.tar-fns.sh script   "  %s/tail -
1/tail -n -1/g  "and re-ran the install.sh.

Version of "tail" I'm running is:  5.2.1


<snip>
Now to install MailScanner itself.

Installing MailScanner into /opt.
If you do not want it there, just move it to where you want it
and then edit MailScanner.conf and check_mailscanner
to set the correct locations.
tail: `-1' option is obsolete; use `-n 1'
Try `tail --help' for more information.
./install.tar-fns.sh: line 74: $SOURCE: ambiguous redirect
tail: `-1' option is obsolete; use `-n 1'
Try `tail --help' for more information.
Have just installed version into /opt/MailScanner-.

</snip>

Thanks, Brad

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Thu Sep  2 13:56:46 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:45 2006
Subject: Razor (and possibly Postfix) problems...
Message-ID: <mailman.1437.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bates wrote:

> Hello there...
>
> I've had a glimpse at the Faq-o-matic and friends, but still seem a bit
> confused on this issue...
>
> I'm running MS (4.32.5) with SA 2.64, DCC and Razor.
>
> However, I've tried upgrading to Razor(agents) 2.61, and I'm still
> getting timeouts and considering disabling it altogether...
>
> MS/SA all run as 'postfix' user (as I'm running postfix), and I have:
>
> razor_timeout 5
> razor_config /var/spool/postfix/.razor/razor-agent.conf
>
> in my spam.assassin.prefs.conf
>
> I have
>
> razorhome=/var/spool/postfix/.razor
>
> in /var/spool/postfix/.razor/razor-agent.conf
>
> but I'm getting the impression that the 'discovery list' and things
> aren't being updated, so I'm just trying to connect to dead hosts and
> hence timing out...

Are you running

#razor-admin -discover

In a cron job?

>
> Anyone know some good Razor debugging tips, or anyone out there
> particularly running Razor with SA as an 'unusual' user?
>
> Thanks...
>
>
>
> --------------------------------------------------------------------------------------------------->
> Peter Bates, Systems Support Officer, Network Support Team.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep  2 13:57:12 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:45 2006
Subject: mailscanner defunct
Message-ID: <mailman.1438.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rui Vitoria wrote:

> Hi
>
> Can anyone help me, after i install the last version of mailscanner 4-33.1
>
> i receive this error:
>
> 6685 ?        S      0:00 /usr/bin/perl -
> I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.co
> nf
>  6686 ?        Z      0:01 [MailScanner <defunct>]
>  6694 ?        Z      0:01 [MailScanner <defunct>]
>  6701 ?        Z      0:01 [MailScanner <defunct>]

What is in your logs?  In debug mode?

>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep  2 13:59:30 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:45 2006
Subject: Whitelist problem
Message-ID: <mailman.1439.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon :: Blacknight Solutions wrote:

> MailScanner mailing list wrote:
>
>>Hey all,
>>
>>Sorry if this has been covered before, but I have a question
>>regarding whitelisting.  Email generated by the server (virus
>>alerts etc) are sent to my email address, but some of them
>>get marked as spam.  I want to be able to whitelist
>>everything coming from the server, but if an email is sent
>>with a spoofed address of 127.0.0.1 it will automatically be
>>whitelisted.  Is there a way around this?
>
>
> We whitelist the server hostname for mail sent from root@ and postmaster@
> instead of the IP which works quite well

And maybe you should add apache user if you're using MailWatch.

>
>
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep  2 14:01:26 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:45 2006
Subject: Force local delivery?
Message-ID: <mailman.1440.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:

>> Remco Barendse wrote:
>>
>>> Hi!
>>>
>>> I am using MailScanner in front of exchange and am using the mailertable
>>> feature to forward all mail to the local ip of the exchange server.
>>>
>>> Is there any way to prevent some adresses from being delivered by
>>> mailertable rules?
>>>
>>> We have several mail addresses that are not in use anymore but still get
>>> loads of spam. Instead of wasting cpu cycles on that i would rather have
>>> mail for such addresses delivered to my local spam learning account :)
>>>
>>> I'm aware of the setups that are used to make sure only mail for valid
>>> mailboxes is delivered but was wondering if there would be an easy
>>> way. I
>>> don't want all the administrative hassle of such a setup and don't care
>>> about invalid addresses. I just want the spam :)
>>>
>>> In .forward you can put a line line \localaccount maybe such a thing is
>>> possible in MS?
>>
>>
>> Search for "ldap" in the MAQ page.
>
>
>
> That would do exactly what I don't want, deliver the mail only for valid
> addresses and drop/deny/reject the rest. It's exactly this rest that I
> want and I want it in my spam box :)

I don't understand why you would want spam, but maybe you could try with
the blacklist...

>
> But thanks for the tip.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From campbell at cnpapers.com  Thu Sep  2 14:13:50 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1441.1137101205.24926.mailscanner@lists.mailscanner.info>

I have recently starting seeing a lot of graphical porn coming through due
to what appears to be SA timeouts. I can only assume something in these
emails are forcing the timeouts. They all seem to have similar headers as
below: This seems to be the only email that is getting the timeouts.


MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: base64
X-CN-MailServer2-MailScanner-Information: Please contact the ISP for more
information
X-CN-MailServer2-MailScanner: Found to be clean
X-CN-MailServer2-MailScanner-SpamCheck: not spam, SpamAssassin (timed out)
X-MailScanner-From: dwyerju@sculptyourtiny.com
Status:

They seem to be incomplete as this is the way this ends.

The logs for this message indicate:

Sep  2 07:47:12 mailserver2 MailScanner[12305]: Content Checks: Detected and
will
disarm HTML message in i82BjnJn027100

I am running MS version 4.31.6-1 and SA 2.63-1

Is anyone else seeing this and does anyone have a clue?

Thanks

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 14:34:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: MailScanner install failed on a "tail"
Message-ID: <mailman.1442.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
However, not all "tail"s support "-n". Only very fussy builds of tail (e.g.
on Gentoo apparently) don't support the "-1" syntax, everyone else does.

At 13:56 02/09/2004, you wrote:
>A quick search/replace in the install.tar-fns.sh script   "  %s/tail -
>1/tail -n -1/g  "and re-ran the install.sh.
>
>Version of "tail" I'm running is:  5.2.1
>tail: `-1' option is obsolete; use `-n 1'

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 14:35:41 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: mailscanner defunct
Message-ID: <mailman.1443.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:31 02/09/2004, you wrote:
>Hi
>
>Can anyone help me, after i install the last version of mailscanner 4-33.1

Don't run beta releases after I have done the stable release. This was a
known problem with 4.33.1 and was fixed very rapidly in 4.33.2.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 14:39:21 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1444.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve

what's you SA config like - lots of RBL's???? what 'extra' rules are you
running for SA?
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


Steve Campbell wrote:

> I have recently starting seeing a lot of graphical porn coming through due
> to what appears to be SA timeouts. I can only assume something in these
> emails are forcing the timeouts. They all seem to have similar headers as
> below: This seems to be the only email that is getting the timeouts.
>
>
> MIME-Version: 1.0
> Content-Type: text/html
> Content-Transfer-Encoding: base64
> X-CN-MailServer2-MailScanner-Information: Please contact the ISP for more
> information
> X-CN-MailServer2-MailScanner: Found to be clean
> X-CN-MailServer2-MailScanner-SpamCheck: not spam, SpamAssassin (timed out)
> X-MailScanner-From: dwyerju@sculptyourtiny.com
> Status:
>
> They seem to be incomplete as this is the way this ends.
>
> The logs for this message indicate:
>
> Sep  2 07:47:12 mailserver2 MailScanner[12305]: Content Checks: Detected and
> will
> disarm HTML message in i82BjnJn027100
>
> I am running MS version 4.31.6-1 and SA 2.63-1
>
> Is anyone else seeing this and does anyone have a clue?
>
> Thanks
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep  2 15:33:37 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:45 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1445.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Thu, 2 Sep 2004, Julian Field wrote:
> At 13:21 02/09/2004, you wrote:
>> I just switched from the clam tarball to the clamav rpm from the dag
>> wieers repository (because the virus filtering web proxy gave me problems
>> with the tarball version).
>>
>> I noticed however that MailScanner seems to be working find with clam rpm
>> version only the update doesn't work :
>> Sep  2 14:08:29 xxx ClamAV-autoupdate[31244]: ClamAV updater
>> /usr/local/bin/freshclam cannot be run
>>
>> Apparently when usingthe rpm version of clam the freshclam script is
>> located here:
>> /usr/bin/freshclam
>>
>> Can we get the clamav update script to look for both locations?
>
> The location of your clam installation needs to be set in
> virus.scanners.conf. There is little point in making the update script
> check both locations if the scanner itself can't be found by MailScanner.

That's what I checked at first but the wrapper script seems to work ok
when I test it (with 'default' settings).

It scans perfectly. I didn't try changing it because it might break
scanning?


Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep  2 15:38:27 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:45 2006
Subject: Force local delivery?
Message-ID: <mailman.1446.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>>> I am using MailScanner in front of exchange and am using the mailertable
>>>> feature to forward all mail to the local ip of the exchange server.
>>>>
>>>> Is there any way to prevent some adresses from being delivered by
>>>> mailertable rules?
>>>>
>>>> We have several mail addresses that are not in use anymore but still get
>>>> loads of spam. Instead of wasting cpu cycles on that i would rather have
>>>> mail for such addresses delivered to my local spam learning account :)
>>>>
>>>> I'm aware of the setups that are used to make sure only mail for valid
>>>> mailboxes is delivered but was wondering if there would be an easy
>>>> way. I
>>>> don't want all the administrative hassle of such a setup and don't care
>>>> about invalid addresses. I just want the spam :)
>>>>
>>>> In .forward you can put a line line \localaccount maybe such a thing is
>>>> possible in MS?
>>>
>>>
>>> Search for "ldap" in the MAQ page.
>>
>>
>>
>> That would do exactly what I don't want, deliver the mail only for valid
>> addresses and drop/deny/reject the rest. It's exactly this rest that I
>> want and I want it in my spam box :)
>
> I don't understand why you would want spam, but maybe you could try with
> the blacklist...

We have several non-existent mail addresses that are gettig swamped with
spam. Now the exchange server is sending loads of rejects for them (which
doesn't bother me).

I was thinking of doing something useful with it and get MailScanner to
deliver it to my local positive spam account to train the Bayesian
database. The adresses were never in use therefore they only get 100%
confirmed spam.

I could use the blacklist feature and forward the mail to a domain that is
set to local delivery on the box but that would create extra mailheaders
in the mail making it less useful for bayesian training i guess.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Peter.Bates at LSHTM.AC.UK  Thu Sep  2 16:06:59 2004
From: Peter.Bates at LSHTM.AC.UK (Peter Bates)
Date: Thu Jan 12 21:26:45 2006
Subject: Razor (and possibly Postfix) problems...
Message-ID: <mailman.1447.1137101205.24926.mailscanner@lists.mailscanner.info>

Hello all..

> ugob@CAMO-ROUTE.COM 02/09/04 13:56:46 >>>

> but I'm getting the impression that the 'discovery list' and things
> aren't being updated, so I'm just trying to connect to dead hosts
and
> hence timing out...

>Are you running

>#razor-admin -discover

>In a cron job?

Shortly after I posted I realized I should be doing this, and the
problem is now fixed... thanks to all for the advice, and I probably
should cron the above!



--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel at PLUSINE.COM  Thu Sep  2 16:08:04 2004
From: marcel at PLUSINE.COM (Marcel Burggraeve)
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1448.1137101205.24926.mailscanner@lists.mailscanner.info>

Some time ago we've had the 'same kind' of problems.
We started with some timeouts but the amount of timeouts kept growing and
growing.
After a while something like 75% of all spam got through due to timeouts.
When we tried to do an expire on the bayes database we kept on getting the
'something fishy' notice.
Finally we decided to delete all bayes_* files and rebuild them with
sa-learn.
After this our timeouts we're all gone.

Best regards,

Marcel Burggraeve
Plusine


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: donderdag 2 september 2004 15:14
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Particular emails forcing SA timeouts
>
>
> I have recently starting seeing a lot of graphical porn coming through due
> to what appears to be SA timeouts. I can only assume something in these
> emails are forcing the timeouts. They all seem to have similar headers as
> below: This seems to be the only email that is getting the timeouts.
>
>
> MIME-Version: 1.0
> Content-Type: text/html
> Content-Transfer-Encoding: base64
> X-CN-MailServer2-MailScanner-Information: Please contact the ISP for more
> information
> X-CN-MailServer2-MailScanner: Found to be clean
> X-CN-MailServer2-MailScanner-SpamCheck: not spam, SpamAssassin (timed out)
> X-MailScanner-From: dwyerju@sculptyourtiny.com
> Status:
>
> They seem to be incomplete as this is the way this ends.
>
> The logs for this message indicate:
>
> Sep  2 07:47:12 mailserver2 MailScanner[12305]: Content Checks:
> Detected and
> will
> disarm HTML message in i82BjnJn027100
>
> I am running MS version 4.31.6-1 and SA 2.63-1
>
> Is anyone else seeing this and does anyone have a clue?
>
> Thanks
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From campbell at cnpapers.com  Thu Sep  2 16:08:36 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1449.1137101205.24926.mailscanner@lists.mailscanner.info>

----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 9:39 AM
Subject: Re: Particular emails forcing SA timeouts


> Steve
>
> what's you SA config like - lots of RBL's???? what 'extra' rules are you
> running for SA?
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic Ltd
> tel: +44 (0)1865 842300
>
>
Mr. Hepworth,

I have a good bit of stuff in my SA config file. My blacklist is fairly
long.

But I'm not seeing timeouts in general. It consistantly happens on these
emails. They are all similar in content and I'm fairly certain they are from
the same place (just using spoofed IPs and domain names).

I fear that someone has figured a way to bypass SA through MS.

Thanks.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From matthew.richard at COCC.COM  Thu Sep  2 16:32:47 2004
From: matthew.richard at COCC.COM (Richard, Matt)
Date: Thu Jan 12 21:26:45 2006
Subject: LHA buffer overflow in various applications
Message-ID: <mailman.1450.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2657.73">
<TITLE>LHA buffer overflow in various applications</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2 FACE="Courier New">I thought that this information may be of use to the list since most of the AV scanners and zip functions could be impacted.</FONT></P>

<P><FONT SIZE=2 FACE="Courier New">1. LHA Multiple Vulnerabilities - Sept 2, 2004</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">Details:</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">LHA is an archiving and compression utility for LHarc format archives.</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">Lukasz Wojtow discovered a stack-based buffer overflow in all versions</FONT>
<BR><FONT SIZE=2 FACE="Courier New">of lha up to and including version 1.14. A carefully created archive</FONT>
<BR><FONT SIZE=2 FACE="Courier New">could allow an attacker to execute arbitrary code when a victim extracts</FONT>
<BR><FONT SIZE=2 FACE="Courier New">or tests the archive. The Common Vulnerabilities and Exposures project</FONT>
<BR><FONT SIZE=2 FACE="Courier New">(cve.mitre.org) has assigned the name CAN-2004-0769 to this issue.</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">Buffer overflows were discovered in the command line processing of all</FONT>
<BR><FONT SIZE=2 FACE="Courier New">versions of lha up to and including version 1.14. If a malicious user</FONT>
<BR><FONT SIZE=2 FACE="Courier New">could trick a victim into passing a specially crafted command line to</FONT>
<BR><FONT SIZE=2 FACE="Courier New">the lha command, it is possible that arbitrary code could be executed.</FONT>
<BR><FONT SIZE=2 FACE="Courier New">The Common Vulnerabilities and Exposures project (cve.mitre.org) has</FONT>
<BR><FONT SIZE=2 FACE="Courier New">assigned the names CAN-2004-0771 and CAN-2004-0694 to these issues.</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">Thomas Biege discovered a shell meta character command execution</FONT>
<BR><FONT SIZE=2 FACE="Courier New">vulnerability in all versions of lha up to and including 1.14. An</FONT>
<BR><FONT SIZE=2 FACE="Courier New">attacker could create a directory with shell meta characters in its name</FONT>
<BR><FONT SIZE=2 FACE="Courier New">which could lead to arbitrary command execution. The Common</FONT>
<BR><FONT SIZE=2 FACE="Courier New">Vulnerabilities and Exposures project (cve.mitre.org) has assigned the</FONT>
<BR><FONT SIZE=2 FACE="Courier New">name CAN-2004-0745 to this issue.</FONT>
</P>
<BR>

</BODY>
<br>--<br>
<p>*** This message originates from COCC, Inc.<br>
<br>
If the reader of this message, regardless of the address or routing, 
is not an intended recipient, you are hereby notified that you have 
received this transmittal in error and any review; use, distribution, 
dissemination or copying is strictly prohibited.  If you have received 
this message in error, please delete this e-mail and all files 
transmitted with it from your system and immediately notify COCC, Inc. 
by sending reply e-mail to the sender of this message. <br>
<br>
Thank you. ***</p>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michael at dilworth.net  Thu Sep  2 16:35:10 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1451.1137101205.24926.mailscanner@lists.mailscanner.info>

        I've seen this too, the domains have screwy dns. Just
        increase the time out value.

        Save the message and run it trough sa with debug and
        you will see what I mean.  In my case it took 50 seconds
        to complete the dns lookups.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Steve Campbell
Sent: Thursday, September 02, 2004 8:09 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Particular emails forcing SA timeouts


----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 9:39 AM
Subject: Re: Particular emails forcing SA timeouts


> Steve
>
> what's you SA config like - lots of RBL's???? what 'extra' rules are you
> running for SA?
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic Ltd
> tel: +44 (0)1865 842300
>
>
Mr. Hepworth,

I have a good bit of stuff in my SA config file. My blacklist is fairly
long.

But I'm not seeing timeouts in general. It consistantly happens on these
emails. They are all similar in content and I'm fairly certain they are from
the same place (just using spoofed IPs and domain names).

I fear that someone has figured a way to bypass SA through MS.

Thanks.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From davidb at UNIQUEPHOTO.COM  Thu Sep  2 16:40:32 2004
From: davidb at UNIQUEPHOTO.COM (David Ballengee)
Date: Thu Jan 12 21:26:45 2006
Subject: good basic setup for mailscanner and spam assassin
Message-ID: <mailman.1452.1137101205.24926.mailscanner@lists.mailscanner.info>

Just stated using mail scanner, and spam assassin.  What is a general good
setup to start filtering spam.

right now here are my setting for

MailScanner.conf

Spam Checks = yes

Spam List = ORDB-RBL Infinite-Monkeys

Spam List Timeout = 10

Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules

Use SpamAssassin = yes

Max SpamAssassin Size = 50000

Required SpamAssassin Score = 7

SpamAssassin Auto Whitelist = no

SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf

SpamAssassin Timeout = 30

Check SpamAssassin If On Spam List = yes

Always Include SpamAssassin Report = no


spam.assassin.prefs.conf

skip_rbl_checks 1

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 16:47:26 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:45 2006
Subject: good basic setup for mailscanner and spam assassin
Message-ID: <mailman.1453.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave

leave the Spam List blank and add any into spam.assassin.prefs.conf,
infinite monkeys has been dead for ages and SA is better for using RBL's
then MS as it adds to the score rather than MS's way of completely
blocking if it finds a match.

I posted my RBL settings last week - look in the archives..

I'd setup bayes too, and install the spamcop-uri plugin from www.surbl.org.

after that's been playing nicely for a few days, have a look at the
extra rules in www.rulesemporium.com for some nice add ins that are very
good at catching stuff the default SA config misses.




--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


David Ballengee wrote:
> Just stated using mail scanner, and spam assassin.  What is a general good
> setup to start filtering spam.
>
> right now here are my setting for
>
> MailScanner.conf
>
> Spam Checks = yes
>
> Spam List = ORDB-RBL Infinite-Monkeys
>
> Spam List Timeout = 10
>
> Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules
>
> Use SpamAssassin = yes
>
> Max SpamAssassin Size = 50000
>
> Required SpamAssassin Score = 7
>
> SpamAssassin Auto Whitelist = no
>
> SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf
>
> SpamAssassin Timeout = 30
>
> Check SpamAssassin If On Spam List = yes
>
> Always Include SpamAssassin Report = no
>
>
> spam.assassin.prefs.conf
>
> skip_rbl_checks 1
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 16:49:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: good basic setup for mailscanner and spam assassin
Message-ID: <mailman.1454.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:40 02/09/2004, you wrote:
>Just stated using mail scanner, and spam assassin.  What is a general good
>setup to start filtering spam.
>
>right now here are my setting for
>
>MailScanner.conf
>
>Spam Checks = yes
>
>Spam List = ORDB-RBL Infinite-Monkeys

Infinite-Monkeys died a long time ago. Remove it or else all your mail will
be marked as spam!

>Use SpamAssassin = yes
>
>Max SpamAssassin Size = 50000

You can get away with 30000 quite easily. Makes SA faster on big messages.

>SpamAssassin Timeout = 30

SA has a bunch of internal 30 second timeouts. So if you set this to 40,
you will still get SA results when some internal test times out.

>Check SpamAssassin If On Spam List = yes

Only worth doing if you use the High-Scoring configuration options.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Thu Sep  2 16:49:19 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:45 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1455.1137101205.24926.mailscanner@lists.mailscanner.info>

I set
Always Include SpamAssassin Report = yes

It seems I now get full spam reports even for senders in the 
spam.whitelist.rules whitelist.
Example:
X-ON-MailScanner-SpamCheck: not spam (whitelisted),
 SpamAssassin (Wertung=-5.861, benoetigt 5, autolearn=not spam,
 ALL_TRUSTED -3.30, AWL -0.04, BAYES_00 -2.60, TW_IX 0.08), not spam,
 SpamAssassin (Wertung=-4.514, 
 benoetigt 5, autolearn=not spam, AWL -1.35, BAYES_00 -2.60,
 SARE_HEAD_XBEEN -0.65, TW_IX 0.08), not spam, SpamAssassin 
(Wertung=-3.436,
 benoetigt 5, autolearn=not spam, AWL -0.27, BAYES_00 -2.60,
 SARE_HEAD_XBEEN -0.65, TW_IX 0.08)

This was a mailing list message which was scanned for spam three times 
although all sender IPs are whitelisted. It seems that MailScanner also 
recognizes at first that it is whitelisted, but not thereafter (the second 
and third one being 127.0.0.1 which is whitelisted as well).

And here's a header from a whitelisted from address (no mailing list):
X-ON-MailScanner-SpamCheck: not spam (whitelisted),
 SpamAssassin (Wertung=-2.599, benoetigt 5, autolearn=not spam,
 BAYES_00 -2.60)
 
It shows the same, although whitelisted. Note, it's not whitelisted in SA, 
it's whitelisted in MS!
 
Is this a side effect of "Always Include SpamAssassin Report = yes" or am 
I doing something wrong? I thought I'd rather ask this before sending all 
the gory details.

If that is a side effect of this setting I think it works the wrong way. 
If something is whitelisted in MS it should not get scanned by SA. 
Fullstop. So, no spam report for it even if set to "always add report".
 



Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 16:51:22 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:45 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1456.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Or reduce the number of RBL's in use...

I just use the spamcop-XBL and sorbs ones. More than that I found I was
getting lots of SA-timeouts even on stupidly large timeout settings.

I guess you could always rsync/whatever the files locally and have local
zone files for the RBL's youself...


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Michael R. Dilworth (E-mail) wrote:
>         I've seen this too, the domains have screwy dns. Just
>         increase the time out value.
>
>         Save the message and run it trough sa with debug and
>         you will see what I mean.  In my case it took 50 seconds
>         to complete the dns lookups.
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Campbell
> Sent: Thursday, September 02, 2004 8:09 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Particular emails forcing SA timeouts
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Thursday, September 02, 2004 9:39 AM
> Subject: Re: Particular emails forcing SA timeouts
>
>
>
>>Steve
>>
>>what's you SA config like - lots of RBL's???? what 'extra' rules are you
>>running for SA?
>>--
>>Martin Hepworth
>>Senior Systems Administrator
>>Solid State Logic Ltd
>>tel: +44 (0)1865 842300
>>
>>
>
> Mr. Hepworth,
>
> I have a good bit of stuff in my SA config file. My blacklist is fairly
> long.
>
> But I'm not seeing timeouts in general. It consistantly happens on these
> emails. They are all similar in content and I'm fairly certain they are from
> the same place (just using spoofed IPs and domain names).
>
> I fear that someone has figured a way to bypass SA through MS.
>
> Thanks.
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 16:57:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:45 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1457.1137101205.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:49 02/09/2004, you wrote:
>I set
>Always Include SpamAssassin Report = yes
>
>It seems I now get full spam reports even for senders in the
>spam.whitelist.rules whitelist.

Correct. That's the definition of "always" :-)

If you don't always want the SA report, then either turn this option off,
or set it to a ruleset so you get it sometimes and not others.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michael at dilworth.net  Thu Sep  2 17:18:11 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:46 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1458.1137101205.24926.mailscanner@lists.mailscanner.info>

        Actually I have only one RBL in my setup SURBL!
        the timeouts are do to the MX lookups for the sender.


-----Original Message-----
From: Martin Hepworth [mailto:martinh@solid-state-logic.com]
Sent: Thursday, September 02, 2004 8:51 AM
To: michael@dilworth.net
Cc: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Particular emails forcing SA timeouts



Or reduce the number of RBL's in use...

I just use the spamcop-XBL and sorbs ones. More than that I found I was
getting lots of SA-timeouts even on stupidly large timeout settings.

I guess you could always rsync/whatever the files locally and have local
zone files for the RBL's youself...


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Michael R. Dilworth (E-mail) wrote:
>         I've seen this too, the domains have screwy dns. Just
>         increase the time out value.
>
>         Save the message and run it trough sa with debug and
>         you will see what I mean.  In my case it took 50 seconds
>         to complete the dns lookups.
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Thu Sep  2 17:25:49 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1459.1137101206.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Thu, 2 Sep 2004 16:57:37 +0100:

> Correct. That's the definition of "always" :-)

Hm, I don't know if this has been discussed here before, but I think it 
works not the way one would it expect to work.

> # Do you want to always include the Spam Report in the SpamCheck
> # header, even if the message wasn't spam?

That implies the purpose of always adding the report: I want a report when 
it was not spam, so that I can see why it wasn't spam or whatever I want to 
see else. This doesn't imply that you want MS to *force* a spam scan 
although normally there wouldn't be a scan. It just means to add the report 
which is available from scanning, anyway. That's the only meaning which 
makes sense to me, do others disagree?

> 
> If you don't always want the SA report, then either turn this option off,
> or set it to a ruleset so you get it sometimes and not others.

I want the spam report when the message got scanned, I don't want to force 
a scan for nothing. Does this mean I had to copy the whitelist.rules to 
another ruleset for "always add report" and change all "yes" to "no" and 
"default no" to "yes"?



Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Thu Sep  2 17:29:10 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:46 2006
Subject: blacklist per users
Message-ID: <mailman.1460.1137101206.24926.mailscanner@lists.mailscanner.info>

Cooll!!
The same thing a can do with attachments and mailsize?



----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 4:43 AM
Subject: Re: blacklist per users


> At 19:25 01/09/2004, you wrote:
> >Hi..  I can make a blacklist for different users/domains? Like so..
>
> There is per-user and per-domain white and black listing code in
> CustomConfig.pm. Just read the comments in that file and you will quickly
> find how to enable it.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kwang at UCALGARY.CA  Thu Sep  2 17:30:08 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:26:46 2006
Subject: Could MailScanner be trained to use  DNS black lists for the
    X-Originating-IP: field check?
Message-ID: <mailman.1461.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

Sending spam through systems like yahoo or hotmail is quite common.
Currently, we check the IP of the machine
that mail is coming from against the DNS based lists.  There are many
cases in which the earlier X-Originating-IP:
and Received: fields should be checked. In the following  case
209.89.159.117  is on the RBL+ list. We need to
consider checking Received:, X-Originating-IP:, etc. against; the DNS lists.

Message header
-------------------------------------------------------------------------------------------------------------------
Received: from n26.grp.scd.yahoo.com (n26.grp.scd.yahoo.com [66.218.66.82])
    by mhub3.ucalgary.ca (8.11.7/8.11.6) with SMTP id i5TAeca11091
    for <gbtickne@ucalgary.ca>; Tue, 29 Jun 2004 04:40:38 -0600
X-eGroups-Return:
sentto-2684753-1712-1088505636-gbtickne=ucalgary.ca@returns.groups.yahoo.com
Received: from [66.218.66.30] by n26.grp.scd.yahoo.com with NNFMP; 29
Jun 2004 10:40:37 -0000
X-Sender: spinalcore@gosympatico.ca
X-Apparently-To: CalgaryAquariums@yahoogroups.com
Received: (qmail 45869 invoked from network); 29 Jun 2004 10:40:35 -0000
Received: from unknown (66.218.66.167)
by m24.grp.scd.yahoo.com with QMQP; 29 Jun 2004 10:40:35 -0000
Received: from unknown (HELO n7.grp.scd.yahoo.com) (66.218.66.91)
by mta6.grp.scd.yahoo.com with SMTP; 29 Jun 2004 10:40:35 -0000
Received: from [66.218.66.118] by n7.grp.scd.yahoo.com with NNFMP; 29
Jun 2004 10:40:26 -0000
To: CalgaryAquariums@yahoogroups.com
Message-ID: <cbrguq+95pq@eGroups.com>
User-Agent: eGroups-EW/0.82
X-Mailer: Yahoo Groups Message Poster
X-eGroups-Remote-IP: 66.218.66.91
From: "Travis Walker" <spinalcore@gosympatico.ca>
X-Originating-IP: 209.89.159.117
X-Yahoo-Profile: spinalcore
MIME-Version: 1.0
Mailing-List: list CalgaryAquariums@yahoogroups.com; contact
CalgaryAquariums-owner@yahoogroups.com
Delivered-To: mailing list CalgaryAquariums@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:CalgaryAquariums-unsubscribe@yahoogroups.com>
Date: Tue, 29 Jun 2004 10:40:26 -0000
Subject: [CalgaryAquariums] Looking for Fancy Guppies!!!!!!!!
Reply-To: CalgaryAquariums@yahoogroups.com
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-------------------------------------------------------------------------------------------------------------------

209.89.159.117 is on RBL+
-------------------------------------------------------------------------------------------------------------------
$ nslookup 117.159.89.209.rbl-plus.mail-abuse.org
Name:     117.159.89.209.rbl-plus.mail-abuse.org
Address:  127.1.0.2
-------------------------------------------------------------------------------------------------------------------


Thanks
Kai

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From campbell at cnpapers.com  Thu Sep  2 17:32:30 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:26:46 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1462.1137101206.24926.mailscanner@lists.mailscanner.info>

To Mr. Hepworth and Mr. Dilworth:

Thanks so much for your analysis. I have increased my RBL and SA timeouts as
a starting point.

I still feel, though, that something is amiss, more than just timeouts and
feel Mr. Dilworth has also come across something worth noting here on the
list.

I get my share of SA timeouts.  After searching back through the mail logs,
I find that everyone of these emails received timeouts. As such, everyone
was delivered untouched. If there is a simple way of hopping DNS to exceed
the general settings most people have in their conf files, spammers have a
really easy way of getting their crap delivered. I'm just not sure how this
evasion of MS/SA is being done.

As I don't usually see this type of emails being delivered, I have become
suspicious of these email types from this particular Class A IP range.

I'll still watch and see what happens, though, and will inform anyone
interested through the list.

Thanks.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 11:51 AM
Subject: Re: Particular emails forcing SA timeouts


> Or reduce the number of RBL's in use...
>
> I just use the spamcop-XBL and sorbs ones. More than that I found I was
> getting lots of SA-timeouts even on stupidly large timeout settings.
>
> I guess you could always rsync/whatever the files locally and have local
> zone files for the RBL's youself...
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Michael R. Dilworth (E-mail) wrote:
> >         I've seen this too, the domains have screwy dns. Just
> >         increase the time out value.
> >
> >         Save the message and run it trough sa with debug and
> >         you will see what I mean.  In my case it took 50 seconds
> >         to complete the dns lookups.
> >
> >

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 17:32:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1463.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:25 02/09/2004, you wrote:
>Julian Field wrote on         Thu, 2 Sep 2004 16:57:37 +0100:
> > Correct. That's the definition of "always" :-)
>
>Hm, I don't know if this has been discussed here before, but I think it
>works not the way one would it expect to work.
>
> > # Do you want to always include the Spam Report in the SpamCheck
> > # header, even if the message wasn't spam?
>
>That implies the purpose of always adding the report: I want a report when
>it was not spam, so that I can see why it wasn't spam or whatever I want to
>see else. This doesn't imply that you want MS to *force* a spam scan
>although normally there wouldn't be a scan. It just means to add the report
>which is available from scanning, anyway. That's the only meaning which
>makes sense to me, do others disagree?

I clearly need to change the comment to explain it more clearly. In my
view, "always" means exactly that, for all messages (unless you tie it to a
ruleset of course).

> > If you don't always want the SA report, then either turn this option off,
> > or set it to a ruleset so you get it sometimes and not others.
>
>I want the spam report when the message got scanned, I don't want to force
>a scan for nothing. Does this mean I had to copy the whitelist.rules to
>another ruleset for "always add report" and change all "yes" to "no" and
>"default no" to "yes"?

Yes.

What do other people think of this? I don't like changing the existing
behaviour of a setting unless I absolutely have to, it upsets people who
already have it working the way they want it to. I obviously don't want to
break existing installations.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Thu Sep  2 17:42:38 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1464.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Kai Schaetzl wrote:

>I set
>Always Include SpamAssassin Report = yes
>
>It seems I now get full spam reports even for senders in the
>spam.whitelist.rules whitelist.
>
>Is this a side effect of "Always Include SpamAssassin Report = yes" or am
>I doing something wrong?
>

If you don't want SpamAssassin to check for certain emails (for example,
your mailing list), then add the address to a rule defined by:

    Spam Checks =

Adding an address to spam.whitelist.rules will still be checked for
spam, just not quarantined if above minimum score, and thus still give
you a report.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 17:46:57 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1465.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mr Campbell (or may I call you Steve!)

yes the timeout periods can help, but my question is *why* are you
getting timeouts.

Which RBL's are you using? have you considered a zone transfer of the
RBL's to ensure 'reachbility'?

As I've said before on previous threads I'm only using surbl.org (for
the URI scanning) and the spamcop-xbl (as a true RBL). I run a local
caching DNS server on the MS host and see very very few timeouts. When I
have lots of RBL's (the SA default if you turn on RBLS) I get lots of
timeouts and as consequence lots of spam leaks through.

Oh and I also have a bandwidth guarantee on my DNS queries that bounce
up to my ISP for resolution, but looking at the traffic that doesn't
seem to make much difference.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Steve Campbell wrote:
> To Mr. Hepworth and Mr. Dilworth:
>
> Thanks so much for your analysis. I have increased my RBL and SA timeouts as
> a starting point.
>
> I still feel, though, that something is amiss, more than just timeouts and
> feel Mr. Dilworth has also come across something worth noting here on the
> list.
>
> I get my share of SA timeouts.  After searching back through the mail logs,
> I find that everyone of these emails received timeouts. As such, everyone
> was delivered untouched. If there is a simple way of hopping DNS to exceed
> the general settings most people have in their conf files, spammers have a
> really easy way of getting their crap delivered. I'm just not sure how this
> evasion of MS/SA is being done.
>
> As I don't usually see this type of emails being delivered, I have become
> suspicious of these email types from this particular Class A IP range.
>
> I'll still watch and see what happens, though, and will inform anyone
> interested through the list.
>
> Thanks.
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Thursday, September 02, 2004 11:51 AM
> Subject: Re: Particular emails forcing SA timeouts
>
>
>
>>Or reduce the number of RBL's in use...
>>
>>I just use the spamcop-XBL and sorbs ones. More than that I found I was
>>getting lots of SA-timeouts even on stupidly large timeout settings.
>>
>>I guess you could always rsync/whatever the files locally and have local
>>zone files for the RBL's youself...
>>
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Michael R. Dilworth (E-mail) wrote:
>>
>>>        I've seen this too, the domains have screwy dns. Just
>>>        increase the time out value.
>>>
>>>        Save the message and run it trough sa with debug and
>>>        you will see what I mean.  In my case it took 50 seconds
>>>        to complete the dns lookups.
>>>
>>>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 17:49:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: blacklist per users
Message-ID: <mailman.1466.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:29 02/09/2004, you wrote:
>Cooll!!
>The same thing a can do with attachments and mailsize?

It is implemented just for the spam whitelists and blacklists. But the code
is fairly simple, so if you want to extend it to other things then it
shouldn't be too hard so long as you know a bit of Perl.

> > At 19:25 01/09/2004, you wrote:
> > >Hi..  I can make a blacklist for different users/domains? Like so..
> >
> > There is per-user and per-domain white and black listing code in
> > CustomConfig.pm. Just read the comments in that file and you will quickly
> > find how to enable it.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brad at BECKENHAUER.COM  Thu Sep  2 17:51:04 2004
From: brad at BECKENHAUER.COM (Brad Beckenhauer)
Date: Thu Jan 12 21:26:46 2006
Subject: MailScanner install failed on a "tail"
Message-ID: <mailman.1467.1137101206.24926.mailscanner@lists.mailscanner.info>

Thanks Julian,

I did some more search this morning on this issue and found that my tail
install issue revolves around the "Posix standard" that is running on the
system.

In my case, I'm running a more "bleeding-edge" distribution that comforms
to the newer POSIX standard `200212`.

In this distro, the default _POSIX2_VERSION environment setting is "not
set" and thus is defaulting to version 200212, which does not allow the
usage of the "tail -1", but specifies a more strict usage of "tail -n -1".
ref: (as defined in /usr/include/unistd.h )

Posix reference:
http://lists.gnu.org/archive/html/bug-coreutils/2004-01/msg00117.html
<snip>
Two values are currently supported for `_POSIX2_VERSION': `199209' stands
for POSIX 1003.2-1992, and `200112' stands for POSIX 1003.1-2001.  For
example, if you are running older software that assumes an older version of
POSIX and uses `sort +1', you can work around the compatibility problems by
setting `_POSIX2_VERSION=199209' in your environment.
</snip>

My solution was to tell Posix to use a less strict interpretation of the
tail command by issueing the following command:

# export _POSIX2_VERSION=199209

This allowed me to install MailScanner without error or modifying the
install script (Yea!).

Another possibility as pointed out in:
http://lists.gnu.org/archive/html/bug-coreutils/2004-01/msg00124.html

<snip>
Thus, he can replace "tail -1" with "sed -n '$p'",...
</snip>

the author finishes with:

</snip>
Admittedly this is a hassle in the short run, so setting
_POSIX2_VERSION=199209 may be his best bet in the short run.
</snip>

Conclusion:
I now have the option of being able to run the MailScanner install script
without having to modify the script(Great!)  Perhaps, also, substitution of
the tail command with the "sed option" is an option for consideration in
the install script to allow those systems using the more strict `200112'
Posix standard to do an install without having to "set the environment".
Another possible option, would be to "temporarily" set the POSIX2 version
in the install script during the install.

Thanks, I got an eduction out of researching this issue.

Brad


>>> Julian Field<mailscanner@ECS.SOTON.AC.UK> 9/2/2004 8:34:10 AM >>>
However, not all "tail"s support "-n". Only very fussy builds of tail (e.g.
on Gentoo apparently) don't support the "-1" syntax, everyone else does.

At 13:56 02/09/2004, you wrote:
>A quick search/replace in the install.tar-fns.sh script   "  %s/tail -
>1/tail -n -1/g  "and re-ran the install.sh.
>
>Version of "tail" I'm running is:  5.2.1
>tail: `-1' option is obsolete; use `-n 1'

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From campbell at cnpapers.com  Thu Sep  2 18:01:02 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:26:46 2006
Subject: Particular emails forcing SA timeouts
Message-ID: <mailman.1468.1137101206.24926.mailscanner@lists.mailscanner.info>

Mr. Hepworth,


----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 12:46 PM
Subject: Re: Particular emails forcing SA timeouts


> Mr Campbell (or may I call you Steve!)

Steve is fine.
>
> yes the timeout periods can help, but my question is *why* are you
> getting timeouts.

"Why" is sort of my original issue. As I don't generally get timeouts, I was
wondering if something wasn't causing this by these particular emails,
especially since everyone of them receives a timeout.
>
> Which RBL's are you using? have you considered a zone transfer of the
> RBL's to ensure 'reachbility'?

I have considered it, but have not implemented or really needed it. I guess
that's kind of selfish, using unnecessary bandwidth all the time.
>
> As I've said before on previous threads I'm only using surbl.org (for
> the URI scanning) and the spamcop-xbl (as a true RBL). I run a local
> caching DNS server on the MS host and see very very few timeouts. When I
> have lots of RBL's (the SA default if you turn on RBLS) I get lots of
> timeouts and as consequence lots of spam leaks through.

I am using the default SA RBLs + surbl.org. I could consider turning some of
these off if this persists. It seems like there are so many that contribute
such a small amount to the score, that a few less wouldn't make that much
impact on the spam/not spam total.
>
> Oh and I also have a bandwidth guarantee on my DNS queries that bounce
> up to my ISP for resolution, but looking at the traffic that doesn't
> seem to make much difference.

A luxury we here can't afford, I'm sure.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>

Again, thank you for the time and efforts.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep  2 18:01:48 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: MailScanner install failed on a "tail"
Message-ID: <mailman.1469.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have added that setting to the scripts that use "tail". This should solve it.

At 17:51 02/09/2004, you wrote:
></snip>
>Admittedly this is a hassle in the short run, so setting
>_POSIX2_VERSION=199209 may be his best bet in the short run.
></snip>
>
>Conclusion:
>I now have the option of being able to run the MailScanner install script
>without having to modify the script(Great!)  Perhaps, also, substitution of
>the tail command with the "sed option" is an option for consideration in
>the install script to allow those systems using the more strict `200112'
>Posix standard to do an install without having to "set the environment".
>Another possible option, would be to "temporarily" set the POSIX2 version
>in the install script during the install.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  2 18:12:47 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: [Fwd: Re: [MAILSCANNER] Particular emails forcing SA timeouts]
Message-ID: <mailman.1470.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve

Steve Campbell wrote:
<snip>
>>As I've said before on previous threads I'm only using surbl.org (for
>>the URI scanning) and the spamcop-xbl (as a true RBL). I run a local
>>caching DNS server on the MS host and see very very few timeouts. When I
>>have lots of RBL's (the SA default if you turn on RBLS) I get lots of
>>timeouts and as consequence lots of spam leaks through.
>
>
> I am using the default SA RBLs + surbl.org. I could consider turning some of
> these off if this persists. It seems like there are so many that contribute
> such a small amount to the score, that a few less wouldn't make that much
> impact on the spam/not spam total.
>

well, that's what I see too when I run *all* the SA default
RBLS......lots of timeouts

May I suggest you give all of them but 1 or 2 a zero score in
spam.assassin.prefs.conf and the problem goes away with little effect on
the effectiveness of the results as you say.

I just run orbs + spamcop_xbl (self installed into the prefs file) and
the surbl.org stuff. all others have a zero score (ie turned off).

(off home now - see ya tomorrow)..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Thu Sep  2 18:16:52 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:46 2006
Subject: Whitelist problem
Message-ID: <mailman.1471.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon :: Blacknight Solutions wrote:
> MailScanner mailing list wrote:
>
>>Hey all,
>>
>>Sorry if this has been covered before, but I have a question
>>regarding whitelisting.  Email generated by the server (virus
>>alerts etc) are sent to my email address, but some of them
>>get marked as spam.  I want to be able to whitelist
>>everything coming from the server, but if an email is sent
>>with a spoofed address of 127.0.0.1 it will automatically be
>>whitelisted.  Is there a way around this?
>
>
> We whitelist the server hostname for mail sent from root@ and postmaster@
> instead of the IP which works quite well
>
Aren't named addresses easily spoofed?
I seem to remember a virus trying to send false rejection messages that
said they were from postmaster@ourdomain.com. Of course the ip was *not*
  127.0.0.1

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Thu Sep  2 18:20:51 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:46 2006
Subject: Force local delivery?
Message-ID: <mailman.1472.1137101206.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-01 at 20:18, Remco Barendse wrote:
> Hi!
>
> I am using MailScanner in front of exchange and am using the mailertable
> feature to forward all mail to the local ip of the exchange server.
>
> Is there any way to prevent some adresses from being delivered by
> mailertable rules?
>
> We have several mail addresses that are not in use anymore but still get
> loads of spam. Instead of wasting cpu cycles on that i would rather have
> mail for such addresses delivered to my local spam learning account :)

Not sure it will do the trick, but have you tried the virtusertable
feature of sendmail for this?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lee at SJU.EDU  Thu Sep  2 18:28:57 2004
From: lee at SJU.EDU (Stephen Lee)
Date: Thu Jan 12 21:26:46 2006
Subject: solaris and logging
Message-ID: <mailman.1473.1137101206.24926.mailscanner@lists.mailscanner.info>

Hi,

I'm one of those running solaris and each time I upgrade OS or
MailScanner there seems to be a problem with logging. I just set up a
new system and the problem cropped up again. I got logging working and
wanted to share my solution with the other solaris admins.

original box
solaris 9
mailscanner 4.25-14
perl 5.6.1

this system started logging after I changed
/opt/Mailscanner/lib/Mailscanner/Log.pm. to make this line execute
Sys::Syslog::setlogsock('stream'); I found that info in the archives.
There is a patch which makes the change for you.

My new box
solaris 9
mailscanner 4.32.5
perl 5.8.3

this system would not log even after the above change. I found something
in perldocs.com which caused me to try this change to the same file.
i changed this
use Sys::Syslog;
to this
use Sys::Syslog qw (:DEFAULT setlogsock);

both systems are now logging.

Good luck with solaris,
Steve
--
Stephen J. Lee                  Saint Joseph's University
Senior Systems Administrator    5600 City Avenue
Networking & Telecommunications Philadelphia, PA 19131-1395
E-mail: lee@sju.edu             Voice: (610) 660-1679
                                Fax: (610) 660-1573

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Thu Sep  2 18:36:41 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1474.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> I clearly need to change the comment to explain it more clearly. In my
> view, "always" means exactly that, for all messages (unless you tie it to a
> ruleset of course).
>

>
> What do other people think of this? I don't like changing the existing
> behaviour of a setting unless I absolutely have to, it upsets people who
> already have it working the way they want it to. I obviously don't want to
> break existing installations.
I had no problem interpreting "always include" as always, everytime, no
matter what, even if not spam, just do it, always!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From KGoods at AIAINSURANCE.COM  Thu Sep  2 18:52:13 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:46 2006
Subject: Force local delivery?
Message-ID: <mailman.1475.1137101206.24926.mailscanner@lists.mailscanner.info>

Kevin Spicer scribbled on Thursday, September 02, 2004 10:21 AM:

> On Wed, 2004-09-01 at 20:18, Remco Barendse wrote:
>> Hi!
>>
>> I am using MailScanner in front of exchange and am using the
>> mailertable feature to forward all mail to the local ip of the
>> exchange server.
>>
>> Is there any way to prevent some adresses from being delivered by
>> mailertable rules?
>>
>> We have several mail addresses that are not in use anymore but still
>> get loads of spam. Instead of wasting cpu cycles on that i would
>> rather have mail for such addresses delivered to my local spam
>> learning account :)
>
> Not sure it will do the trick, but have you tried the virtusertable
> feature of sendmail for this?
>

Good call Kevin, that's exactly how I do it. Although I don't really need
any more spam for learning so I simply refuse the connection with:

EXuser@mydomain.com     error:nouser No Longer an Employee

One could just as easily use:

EXuser@mydomain.com     spambox
EXuser2@mydomain.com    spambox
...etc

This assumes you have a local user named spambox.

Keep in mind this can get tedious quickly if you have a high turnover rate
at your company. :)

Don't forget to makemap hash the virtualusertable and restart sendmail (or
Mailscanner if appropiate).

HTH Good luck!
Ken

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From KGoods at AIAINSURANCE.COM  Thu Sep  2 19:41:29 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:46 2006
Subject: Force local delivery?
Message-ID: <mailman.1476.1137101206.24926.mailscanner@lists.mailscanner.info>

Ken Goods scribbled on Thursday, September 02, 2004 10:52 AM:

> Kevin Spicer scribbled on Thursday, September 02, 2004 10:21 AM:
>
>> On Wed, 2004-09-01 at 20:18, Remco Barendse wrote:
>>> Hi!
>>>
>>> I am using MailScanner in front of exchange and am using the
>>> mailertable feature to forward all mail to the local ip of the
>>> exchange server.
>>>
>>> Is there any way to prevent some adresses from being delivered by
>>> mailertable rules?
>>>
>>> We have several mail addresses that are not in use anymore but still
>>> get loads of spam. Instead of wasting cpu cycles on that i would
>>> rather have mail for such addresses delivered to my local spam
>>> learning account :)
>>
>> Not sure it will do the trick, but have you tried the virtusertable
>> feature of sendmail for this?
>>
>
> Good call Kevin, that's exactly how I do it. Although I don't really
> need any more spam for learning so I simply refuse the connection
> with:
>
> EXuser@mydomain.com     error:nouser No Longer an Employee
>
> One could just as easily use:
>
> EXuser@mydomain.com     spambox
> EXuser2@mydomain.com    spambox
> ...etc
>
> This assumes you have a local user named spambox.
>
> Keep in mind this can get tedious quickly if you have a high turnover
> rate at your company. :)
>
> Don't forget to makemap hash the virtualusertable and restart
> sendmail (or Mailscanner if appropiate).
>
> HTH Good luck!
> Ken
>

Remco,
Just to clarify...
I just went in and looked at my sendmail config again and it seems a while
back I decided that the access.db would be the way to go for me since I
didn't even want to send anything back to the originating server so I mades
entries in access like:

EXuser@mydomain.com     DISCARD
EXuser2@mydomain.com     DISCARD
EXuser3@mydomain.com     DISCARD

This, in effect, drops them on the floor.

But I'm almost certain that you can alias your exusers to a "spambox" using
my second example above in the virtusertable. Let us know how it goes.

Thx
k

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Thu Sep  2 21:42:08 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:46 2006
Subject: solaris and logging
Message-ID: <mailman.1477.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Stephen Lee wrote:
> I'm one of those running solaris and each time I upgrade OS or
> MailScanner there seems to be a problem with logging. I just set up a
> new system and the problem cropped up again. I got logging working and
> wanted to share my solution with the other solaris admins.

I have been running MS on Solaris 9/Sparc for almost two years (well
before 4.25-14) and I haven't had to change a thing.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Thu Sep  2 22:19:50 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:46 2006
Subject: Could MailScanner be trained to use  DNS black lists for the
    X-Originating-IP: field check?
Message-ID: <mailman.1478.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:30 PM 9/2/2004, Kai Wang wrote:
>Sending spam through systems like yahoo or hotmail is quite common.
>Currently, we check the IP of the machine
>that mail is coming from against the DNS based lists.  There are many
>cases in which the earlier X-Originating-IP:
>and Received: fields should be checked. In the following  case
>209.89.159.117  is on the RBL+ list. We need to
>consider checking Received:, X-Originating-IP:, etc. against; the DNS lists.

I'm not sure if you're using SpamAssassin with MailScanner, but if you are,
SA 2.60 and higher already does this in check_rbl_backend of EvalTests.pm.

SA can query the RBL+ list, you just need to set a score for it if you're a
paid user (It's off by default because it's a for-pay service).

try something like this in /etc/mail/spamassassin/local.cf

         score RCVD_IN_MAPS_RBL 2.0
         score RCVD_IN_MAPS_DUL 2.0
         score RCVD_IN_MAPS_RSS 2.0
         score RCVD_IN_MAPS_NML 2.0

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Fri Sep  3 02:48:47 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1479.1137101206.24926.mailscanner@lists.mailscanner.info>

Dustin Baer wrote on         Thu, 2 Sep 2004 10:42:38 -0600:

> Adding an address to spam.whitelist.rules will still be checked for
> spam, just not quarantined if above minimum score, and thus still give
> you a report.
>

This is not how I understood the "Is Definitely Not Spam" option. It 
doesn't make any sense to me to scan a message where I know already before 
doing it that it's not spam. What for should I scan it? There's the SA 
whitelisting which adds -100 if someone really wants to scan all messages. 
Adding another whitelisting in MS doesn't make any sense unless it avoids 
the scanning phase. That's also what the comments in the MailScanner.conf 
file suggest to me and what I know from experience with milters.
I'm puzzled now.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Fri Sep  3 02:48:47 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1480.1137101206.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote on         Thu, 2 Sep 2004 17:32:55 +0100:

> I clearly need to change the comment to explain it more clearly.
>

Or there is a complete misunderstanding of the option on my side, see my 
answer to Justin. Scanning a message which is whitelisted, doesn't make 
sense to me. SA does this, but only because they use a score-based 
whitelist.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alexn at teleserv.ru  Fri Sep  3 06:58:33 2004
From: alexn at teleserv.ru ([Windows-1251] Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷)
Date: Thu Jan 12 21:26:46 2006
Subject: C record not found
Message-ID: <mailman.1481.1137101206.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1251" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Çäðàâñòâóéòå, MAILSCANNER.

 whom tell me whats happening, what meen this error???

 ----log----
Sep  2 16:54:03 mail MailScanner[27151]: Spam Checks: Starting
Sep  2 16:55:05 mail MailScanner[27151]: Message C6D3D27BEC from 213.247.196.18 (alexandr.makarov@vsk.ru) to domain.ru
is spam, SpamAssassin (score=11.251, required 6, FROM_ILLEGAL_CHARS 4.30, HEAD_ILLEGAL_CHARS 4.30, SUBJ_ILLEGAL_CHARS 2.65)
Sep  2 16:55:05 mail MailScanner[27151]: Spam Checks: Found 1 spam messages
Sep  2 16:55:06 mail MailScanner[27151]: Requeue: C6D3D27BEC to 2E0A61FD00
Sep  2 16:55:06 mail MailScanner[27151]: In Start didn't find a C record when I wanted one

 ----end log----

-- 
Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷
Ðóêîâîäèòåëü ñåêòîðà òåõíè÷åñêîãî îáñëóæèâàíè^?
Îòäåë òåõíè÷åñêîé ïîääåðæêè.
Äåïàðòàìåíò ñåòåâûõ òåõíîëîãèé.
--
internet: http://support.teleserv.ru
mailto: alexn@teleserv.ru
UIN: 829126
--

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  223bytes. ]
    [ Unable to print this part. ]


From m.sapsed at BANGOR.AC.UK  Fri Sep  3 08:47:34 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1482.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Marcin Roz.ek wrote:
> Any chance for this?
>
> Regards,
> Marcin
>
>> Unfortunately, some spammers puts these two headers into spam:
>> X-Mozilla-Status:
>> X-Mozilla-Status2:
>> Because of this, my mail program (Thunderbird) shows new mail as already
>> read
>> which is undesirable. Can mailscanner remove those two headers from all
>> processed e-mails?

Unless I'm much mistaken that's a job for your MTA - sendmail, postfix
or whatever...?

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.sapsed at BANGOR.AC.UK  Fri Sep  3 08:52:01 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:46 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1483.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
> That's what I checked at first but the wrapper script seems to work ok
> when I test it (with 'default' settings).

Have you still got the copy under /usr/local/ ? Is the wrapper using
that? When you try the wrapper, do you add the path defined in
virus.scanners.conf as the first argument to the wrapper? If not, then I
think the wrapper uses the path or something like that? I've got bitten
by this before both when fiddling with Sophos locations and moving from
clam tar to clam .deb.

> It scans perfectly. I didn't try changing it because it might break
> scanning?

Change the conf file. Do what Julian says - he's the boss!! ;-)

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 09:40:11 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: C record not found
Message-ID: <mailman.1484.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:58 03/09/2004, you wrote:
>  whom tell me whats happening, what meen this error???
>
>  ----log----
>Sep  2 16:54:03 mail MailScanner[27151]: Spam Checks: Starting
>Sep  2 16:55:05 mail MailScanner[27151]: Message C6D3D27BEC from
>213.247.196.18 (alexandr.makarov@vsk.ru) to domain.ru
>is spam, SpamAssassin (score=11.251, required 6, FROM_ILLEGAL_CHARS 4.30,
>HEAD_ILLEGAL_CHARS 4.30, SUBJ_ILLEGAL_CHARS 2.65)
>Sep  2 16:55:05 mail MailScanner[27151]: Spam Checks: Found 1 spam messages
>Sep  2 16:55:06 mail MailScanner[27151]: Requeue: C6D3D27BEC to 2E0A61FD00
>Sep  2 16:55:06 mail MailScanner[27151]: In Start didn't find a C record
>when I wanted one
>
>  ----end log----

The Postfix queue file has got screwed. What version of Postfix are you
running, and please do a "MailScanner -v" and post the results.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rvitoria at CI.UCP.PT  Fri Sep  3 10:11:29 2004
From: rvitoria at CI.UCP.PT (Rui Vitoria)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1485.1137101206.24926.mailscanner@lists.mailscanner.info>

Hi Mr. Julian

went the new version 4.33.2 stil around ???

Best regard.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 10:17:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1486.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:11 03/09/2004, you wrote:
>went the new version 4.33.2 stil around ???

I don't quite understand your English, but the beta 4.33.2 has been
superceded by the stable release 4.33.3.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From t.d.lee at DURHAM.AC.UK  Fri Sep  3 10:18:44 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:46 2006
Subject: MailScanner: Stable 4.33.3 released
Message-ID: <mailman.1487.1137101206.24926.mailscanner@lists.mailscanner.info>

On Tue, 31 Aug 2004, Julian Field wrote:

> I have just released the new stable release 4.33.3.
> No major changes this month, just some tidying up and a few minor new
> features and adjustments.

Just a quick and minor observation.

When I ran "upgrade_MailScanner_conf" (Redhat), it included the line:
   Added new: MCP Header = X-MailScanner-MCPCheck:

Wouldn't it be preferable for such default values to include "%org-name%"
thus: "X-%org-name%-MailScanner-[...]:"?

(Sorry I didn't spot this earlier: I was away when the betas emerged!)

Hope that helps.  Best wishes.


--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Fri Sep  3 10:44:46 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1488.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Martin Sapsed wrote:
>>> Unfortunately, some spammers puts these two headers into spam:
>>> X-Mozilla-Status:
>>> X-Mozilla-Status2:
>>> Can mailscanner remove those two headers from all
>>> processed e-mails?
> Unless I'm much mistaken that's a job for your MTA - sendmail, postfix
> or whatever...?
I'm using sendmail. I've search on google and i did find nothing that could help
solving my problem.
I see that MIMEDefang is able to remove headers:

action_delete_header($hdr, $index) - Deletes an existing header in the message.
This can be used in filter_begin or filter_end. The $hdr parameter is the header
name without the colon. The $index parameter is optional; it defaults to 1. If
you supply it, then the $index'th occurrence of the header is deleted, if there
is more than one header with the same name.

But does installing MIMEDefang only to remove 2 headers make sense?

All other suggestions are welcome.

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Fri Sep  3 11:10:38 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:46 2006
Subject: Force local delivery?
Message-ID: <mailman.1489.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> Kevin Spicer scribbled on Thursday, September 02, 2004 10:21 AM:
>
>> On Wed, 2004-09-01 at 20:18, Remco Barendse wrote:
>>> Hi!
>>>
>>> I am using MailScanner in front of exchange and am using the
>>> mailertable feature to forward all mail to the local ip of the
>>> exchange server.
>>>
>>> Is there any way to prevent some adresses from being delivered by
>>> mailertable rules?
>>>
>>> We have several mail addresses that are not in use anymore but still
>>> get loads of spam. Instead of wasting cpu cycles on that i would
>>> rather have mail for such addresses delivered to my local spam
>>> learning account :)
>>
>> Not sure it will do the trick, but have you tried the virtusertable
>> feature of sendmail for this?
>>
>
> Good call Kevin, that's exactly how I do it. Although I don't really need
> any more spam for learning so I simply refuse the connection with:
>
> EXuser@mydomain.com     error:nouser No Longer an Employee
>
> One could just as easily use:
>
> EXuser@mydomain.com     spambox
> EXuser2@mydomain.com    spambox
> ...etc
>
> This assumes you have a local user named spambox.

I just tried it, it didn't work. I think that mailertable takes precedence
over virtusertable. The mail gets delivered according to the destination
as defined for that domain to the exchange server.

It probably will work if you are delivering the mail locally (which I am
not) and sending it onwards.


> Keep in mind this can get tedious quickly if you have a high turnover rate
> at your company. :)

As I said I didn't intend to use this for former employees' mail boxes.
Some addresses that never actually existed for this domain are
consistently being spammed. I though I'd use these addresses to train the
bayesian database, they will only get 100% spam as nobody else will send
mail to these addresses :)


> Don't forget to makemap hash the virtualusertable and restart sendmail (or
> Mailscanner if appropiate).

Did that and also double checked if virtusertable feature was included in
my sendmail conf.


> HTH Good luck!
> Ken

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alexn at teleserv.ru  Fri Sep  3 11:16:12 2004
From: alexn at teleserv.ru ([Windows-1251] Íîâîæåíèí Àëåêñàíäð Àíäðååâè÷)
Date: Thu Jan 12 21:26:46 2006
Subject: C record not found
Message-ID: <mailman.1490.1137101206.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1251" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Çäðàâñòâóéòå, Julian.

Âû ïèñàëè 3 ñåíò^?áð^? 2004 ã., 12:40:11:

JF> At 06:58 03/09/2004, you wrote:
>>  whom tell me whats happening, what meen this error???
>>
>>  ----log----
>>Sep  2 16:54:03 mail MailScanner[27151]: Spam Checks: Starting
>>Sep  2 16:55:05 mail MailScanner[27151]: Message C6D3D27BEC from
>>213.247.196.18 (alexandr.makarov@vsk.ru) to domain.ru
>>is spam, SpamAssassin (score=11.251, required 6, FROM_ILLEGAL_CHARS 4.30,
>>HEAD_ILLEGAL_CHARS 4.30, SUBJ_ILLEGAL_CHARS 2.65)
>>Sep  2 16:55:05 mail MailScanner[27151]: Spam Checks: Found 1 spam messages
>>Sep  2 16:55:06 mail MailScanner[27151]: Requeue: C6D3D27BEC to 2E0A61FD00
>>Sep  2 16:55:06 mail MailScanner[27151]: In Start didn't find a C record
>>when I wanted one
>>
>>  ----end log----

JF> The Postfix queue file has got screwed. What version of Postfix are you
JF> running, and please do a "MailScanner -v" and post the results.
JF> --
JF> Julian Field
JF> www.MailScanner.info
JF> MailScanner thanks transtec Computers for their support

postfix version = 2.0.18
MailScanner -v
---cut here---
This is Perl version 5.006001
This is MailScanner version 4.32.5
Module versions are:
1.12    Archive::Zip
1.119   Convert::BinHex
1.03    Fcntl
2.6     File::Basename
2.03    File::Copy
2.00    FileHandle
1.0404  File::Path
0.12    File::Temp
1.27    HTML::Entities
3.35    HTML::Parser
2.28    HTML::TokeParser
1.20    IO
1.08    IO::File
1.121   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.08    Net::CIDR
1.03    POSIX
1.72    Socket
0.01    Sys::Syslog
1.01    Time::localtime
Optional module versions are:
2.64    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV
---cut here---

JF> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

JF> ------------------------ MailScanner list ------------------------
JF> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
JF> 'leave mailscanner' in the body of the email.
JF> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
JF> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



-- 
Ñ óâàæåíèåì,
 Íîâîæåíèí                          mailto:alexn@teleserv.ru

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PGP-SIGNATURE  223bytes. ]
    [ Unable to print this part. ]


From mailscanner at BARENDSE.TO  Fri Sep  3 11:21:41 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:46 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1491.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Fri, 3 Sep 2004, Martin Sapsed wrote:
> Remco Barendse wrote:
>> That's what I checked at first but the wrapper script seems to work ok
>> when I test it (with 'default' settings).
>
> Have you still got the copy under /usr/local/ ? Is the wrapper using
> that? When you try the wrapper, do you add the path defined in
> virus.scanners.conf as the first argument to the wrapper? If not, then I
> think the wrapper uses the path or something like that? I've got bitten
> by this before both when fiddling with Sophos locations and moving from
> clam tar to clam .deb.
>
>> It scans perfectly. I didn't try changing it because it might break
>> scanning?
>
> Change the conf file. Do what Julian says - he's the boss!! ;-)

Lol!

I'm not sure about the directory. To remove the tyhe tarball I did a
locate -i clam and removed every match to that. Guess that should have
eradicated all files from the tarball version :)

When I do locate -i now it shows (doc stuff omitted):
/var/log/clamav
/var/log/clamav/freshclam.log
/var/log/clamav/clamav.log
/var/run/clamav
/var/clamav
/var/clamav/main.cvd
/var/clamav/daily.cvd
/etc/rc.d/init.d/clamd
/etc/rc.d/rc0.d/K39clamd
/etc/rc.d/rc1.d/K39clamd
/etc/rc.d/rc2.d/S61clamd
/etc/rc.d/rc3.d/K39clamd
/etc/rc.d/rc4.d/S61clamd
/etc/rc.d/rc5.d/S61clamd
/etc/rc.d/rc6.d/K39clamd
/etc/cron.daily/freshclam
/etc/logrotate.d/freshclam
/etc/logrotate.d/clamav
/etc/freshclam.conf
/etc/clamav.conf
/usr/share/man/man1/clamscan.1.gz
/usr/share/man/man1/freshclam.1.gz
/usr/share/man/man1/clamdscan.1.gz
/usr/share/man/man5/freshclam.conf.5.gz
/usr/share/man/man5/clamav.conf.5.gz
/usr/share/man/man8/clamd.8.gz
/usr/sbin/clamd
/usr/bin/clamscan
/usr/bin/freshclam
/usr/bin/clamav-config
/usr/bin/clamdscan
/usr/include/clamav.h
/usr/lib/pkgconfig/libclamav.pc
/usr/lib/MailScanner/clamav-autoupdate
/usr/lib/MailScanner/clamav-wrapper
/usr/lib/libclamav.so.1
/usr/lib/libclamav.so.1.0.4
/usr/lib/libclamav.a
/usr/lib/libclamav.so
/usr/local/bin/freshclam  (this is the symlink i created  -> /usr/bin/freshclam)

I wonder why the wrapper script still works but the update doesn't. I
don't understand anything of the wrapper or update script to see where it
is looking.

Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 11:21:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1492.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:44 03/09/2004, you wrote:
>Martin Sapsed wrote:
>>>>Unfortunately, some spammers puts these two headers into spam:
>>>>X-Mozilla-Status:
>>>>X-Mozilla-Status2:
>>>>Can mailscanner remove those two headers from all
>>>>processed e-mails?
>>Unless I'm much mistaken that's a job for your MTA - sendmail, postfix
>>or whatever...?
>I'm using sendmail. I've search on google and i did find nothing that
>could help
>solving my problem.
>I see that MIMEDefang is able to remove headers:
>
>action_delete_header($hdr, $index) - Deletes an existing header in the
>message.
>This can be used in filter_begin or filter_end. The $hdr parameter is the
>header
>name without the colon. The $index parameter is optional; it defaults to 1. If
>you supply it, then the $index'th occurrence of the header is deleted, if
>there
>is more than one header with the same name.
>
>But does installing MIMEDefang only to remove 2 headers make sense?

I have just added a setting

Remove These Headers

so that you can specify a list of headers which you want removed from all
messages. This can of course be a ruleset so you could use it to delete all
x-mozilla-status and x-mozilla-status2 headers from incoming mail.

A good use for it would be to automatically remove receipt requests from
any incoming mail, so you don't reveal information about your staff and who
is currently at work reading their mail.

The comment that goes with it is:

# If any of these headers are included in a a message, they will be deleted.
# This is very useful for removing return-receipt requests and any headers
# which mean special things to your email client application, such as
# X-Mozilla-Status.
# Each header should end in a ":", but MailScanner will add it if you forget.
# Headers should be separated by commas or spaces.
# This can also be the filename of a ruleset.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 11:36:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1493.1137101206.24926.mailscanner@lists.mailscanner.info>

At 11:21 03/09/2004, you wrote:
>At 10:44 03/09/2004, you wrote:
>>Martin Sapsed wrote:
>>>>>Unfortunately, some spammers puts these two headers into spam:
>>>>>X-Mozilla-Status:
>>>>>X-Mozilla-Status2:
>>>>>Can mailscanner remove those two headers from all
>>>>>processed e-mails?
>>>Unless I'm much mistaken that's a job for your MTA - sendmail, postfix
>>>or whatever...?
>>I'm using sendmail. I've search on google and i did find nothing that
>>could help
>>solving my problem.
>>I see that MIMEDefang is able to remove headers:
>>
>>action_delete_header($hdr, $index) - Deletes an existing header in the
>>message.
>>This can be used in filter_begin or filter_end. The $hdr parameter is the
>>header
>>name without the colon. The $index parameter is optional; it defaults to
>>1. If
>>you supply it, then the $index'th occurrence of the header is deleted, if
>>there
>>is more than one header with the same name.
>>
>>But does installing MIMEDefang only to remove 2 headers make sense?
>
>I have just added a setting
>
>Remove These Headers
>
>so that you can specify a list of headers which you want removed from all
>messages. This can of course be a ruleset so you could use it to delete all
>x-mozilla-status and x-mozilla-status2 headers from incoming mail.
>
>A good use for it would be to automatically remove receipt requests from
>any incoming mail, so you don't reveal information about your staff and who
>is currently at work reading their mail.

Apply this patch to your installation:
         cd /usr/lib/MailScanner/MailScanner
         patch < remove.headers.patch
That will update your ConfigDefs.pl and Message.pm files.
Then add this to your MailScanner.conf file:

# If any of these headers are included in a a message, they will be deleted.
# This is very useful for removing return-receipt requests and any headers
# which mean special things to your email client application, such as
# X-Mozilla-Status.
# Each header should end in a ":", but MailScanner will add it if you forget.
# Headers should be separated by commas or spaces.
# This can also be the filename of a ruleset.
Remove These Headers =

This will all be included in the next release, but I thought I would post
the patch for those who don't want to (or can't) wait for it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "remove.headers.patch")  ]
    [ 2.7KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From mailscanner at ecs.soton.ac.uk  Fri Sep  3 11:39:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1494.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:21 03/09/2004, you wrote:
>On Fri, 3 Sep 2004, Martin Sapsed wrote:
>>Remco Barendse wrote:
>>>That's what I checked at first but the wrapper script seems to work ok
>>>when I test it (with 'default' settings).
>>
>>Have you still got the copy under /usr/local/ ? Is the wrapper using
>>that? When you try the wrapper, do you add the path defined in
>>virus.scanners.conf as the first argument to the wrapper? If not, then I
>>think the wrapper uses the path or something like that? I've got bitten
>>by this before both when fiddling with Sophos locations and moving from
>>clam tar to clam .deb.
>>
>>>It scans perfectly. I didn't try changing it because it might break
>>>scanning?
>>
>>Change the conf file. Do what Julian says - he's the boss!! ;-)
>
>Lol!
>
>I'm not sure about the directory. To remove the tyhe tarball I did a
>locate -i clam and removed every match to that. Guess that should have
>eradicated all files from the tarball version :)
>
>When I do locate -i now it shows (doc stuff omitted):
>/var/log/clamav
>/var/log/clamav/freshclam.log
>/var/log/clamav/clamav.log
>/var/run/clamav
>/var/clamav
>/var/clamav/main.cvd
>/var/clamav/daily.cvd
>/etc/rc.d/init.d/clamd
>/etc/rc.d/rc0.d/K39clamd
>/etc/rc.d/rc1.d/K39clamd
>/etc/rc.d/rc2.d/S61clamd
>/etc/rc.d/rc3.d/K39clamd
>/etc/rc.d/rc4.d/S61clamd
>/etc/rc.d/rc5.d/S61clamd
>/etc/rc.d/rc6.d/K39clamd
>/etc/cron.daily/freshclam
>/etc/logrotate.d/freshclam
>/etc/logrotate.d/clamav
>/etc/freshclam.conf
>/etc/clamav.conf
>/usr/share/man/man1/clamscan.1.gz
>/usr/share/man/man1/freshclam.1.gz
>/usr/share/man/man1/clamdscan.1.gz
>/usr/share/man/man5/freshclam.conf.5.gz
>/usr/share/man/man5/clamav.conf.5.gz
>/usr/share/man/man8/clamd.8.gz
>/usr/sbin/clamd
>/usr/bin/clamscan
>/usr/bin/freshclam
>/usr/bin/clamav-config
>/usr/bin/clamdscan
>/usr/include/clamav.h
>/usr/lib/pkgconfig/libclamav.pc
>/usr/lib/MailScanner/clamav-autoupdate
>/usr/lib/MailScanner/clamav-wrapper
>/usr/lib/libclamav.so.1
>/usr/lib/libclamav.so.1.0.4
>/usr/lib/libclamav.a
>/usr/lib/libclamav.so
>/usr/local/bin/freshclam  (this is the symlink i created  ->
>/usr/bin/freshclam)
>
>I wonder why the wrapper script still works but the update doesn't.

Are you trying to run the update on its own, and not just letting the
update_virus_scanners cron job do it for you? If so, you need to put
/usr/lib/MailScanner/clamav-autoupdate /usr

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.sapsed at BANGOR.AC.UK  Fri Sep  3 11:44:04 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:46 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1495.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
> I wonder why the wrapper script still works but the update doesn't. I
> don't understand anything of the wrapper or update script to see where it
> is looking.

I'm guessing that perhaps when you try the wrapper by hand, your PATH is
different to when cron runs the update script?

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Fri Sep  3 11:51:32 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:46 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1496.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Fri, 3 Sep 2004, Julian Field wrote:

> At 11:21 03/09/2004, you wrote:
>> On Fri, 3 Sep 2004, Martin Sapsed wrote:
>>> Remco Barendse wrote:
>>>> That's what I checked at first but the wrapper script seems to work ok
>>>> when I test it (with 'default' settings).
>>>
>>> Have you still got the copy under /usr/local/ ? Is the wrapper using
>>> that? When you try the wrapper, do you add the path defined in
>>> virus.scanners.conf as the first argument to the wrapper? If not, then I
>>> think the wrapper uses the path or something like that? I've got bitten
>>> by this before both when fiddling with Sophos locations and moving from
>>> clam tar to clam .deb.
>>>
>>>> It scans perfectly. I didn't try changing it because it might break
>>>> scanning?
>>>
>>> Change the conf file. Do what Julian says - he's the boss!! ;-)
>>
>> Lol!
>>
>> I'm not sure about the directory. To remove the tyhe tarball I did a
>> locate -i clam and removed every match to that. Guess that should have
>> eradicated all files from the tarball version :)
>>
>> When I do locate -i now it shows (doc stuff omitted):
>> /var/log/clamav
>> /var/log/clamav/freshclam.log
>> /var/log/clamav/clamav.log
>> /var/run/clamav
>> /var/clamav
>> /var/clamav/main.cvd
>> /var/clamav/daily.cvd
>> /etc/rc.d/init.d/clamd
>> /etc/rc.d/rc0.d/K39clamd
>> /etc/rc.d/rc1.d/K39clamd
>> /etc/rc.d/rc2.d/S61clamd
>> /etc/rc.d/rc3.d/K39clamd
>> /etc/rc.d/rc4.d/S61clamd
>> /etc/rc.d/rc5.d/S61clamd
>> /etc/rc.d/rc6.d/K39clamd
>> /etc/cron.daily/freshclam
>> /etc/logrotate.d/freshclam
>> /etc/logrotate.d/clamav
>> /etc/freshclam.conf
>> /etc/clamav.conf
>> /usr/share/man/man1/clamscan.1.gz
>> /usr/share/man/man1/freshclam.1.gz
>> /usr/share/man/man1/clamdscan.1.gz
>> /usr/share/man/man5/freshclam.conf.5.gz
>> /usr/share/man/man5/clamav.conf.5.gz
>> /usr/share/man/man8/clamd.8.gz
>> /usr/sbin/clamd
>> /usr/bin/clamscan
>> /usr/bin/freshclam
>> /usr/bin/clamav-config
>> /usr/bin/clamdscan
>> /usr/include/clamav.h
>> /usr/lib/pkgconfig/libclamav.pc
>> /usr/lib/MailScanner/clamav-autoupdate
>> /usr/lib/MailScanner/clamav-wrapper
>> /usr/lib/libclamav.so.1
>> /usr/lib/libclamav.so.1.0.4
>> /usr/lib/libclamav.a
>> /usr/lib/libclamav.so
>> /usr/local/bin/freshclam  (this is the symlink i created  ->
>> /usr/bin/freshclam)
>>
>> I wonder why the wrapper script still works but the update doesn't.
>
> Are you trying to run the update on its own, and not just letting the
> update_virus_scanners cron job do it for you? If so, you need to put
> /usr/lib/MailScanner/clamav-autoupdate /usr


No, I goofed up and forgot to remove freshclam from cron. Normally I let
MailScanner do the updating. But I guess that freshclam being still in
cron is not the reason why scanning will work from MS but updating fails?

My guess is that with the clamav rpm the clam binaries are found by
mailscanner but the update script is in a different place than the
tarball?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From MyBSD at comcast.net  Fri Sep  3 13:04:59 2004
From: MyBSD at comcast.net (My BSD)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1497.1137101206.24926.mailscanner@lists.mailscanner.info>

Used Julian's excellent script to install MS v. 4.33.3 with SA v. 3.0.0-RC2.

Everything works except that the Bayes databases are not updated and the
"autolearn=" field never appears in the
"X-%org-name%-MailScanner-SpamCheck:" header (unless the "use_bayes"
parameter is set to "0".

However, if a message is processed manually (spamassassin -p
/opt/MailScanner/etc/spam.assassin.prefs.conf < [message] >
[processed.message]) the databases are updated and the field appears (if
it should).

The relevant Bayes configuration entries are:
use_bayes                            1
bayes_path                           /var/spool/spamassassin/bayes
bayes_file_mode                      0600
auto_whitelist_path                  /var/spool/spamassassin/auto-whitelist
auto_whitelist_file_mode             0600
bayes_auto_learn                     1
bayes_auto_learn_threshold_nonspam   0.1
bayes_auto_learn_threshold_spam      10

Somehow, I believe that it has something to do with the SA.pm module and
SA 3.

--
My

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep  3 13:09:12 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1498.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

check the ownship of the files. Are the Bayes files owned by the same
user MS is running as??


--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


My BSD wrote:

> Used Julian's excellent script to install MS v. 4.33.3 with SA v. 3.0.0-RC2.
>
> Everything works except that the Bayes databases are not updated and the
> "autolearn=" field never appears in the
> "X-%org-name%-MailScanner-SpamCheck:" header (unless the "use_bayes"
> parameter is set to "0".
>
> However, if a message is processed manually (spamassassin -p
> /opt/MailScanner/etc/spam.assassin.prefs.conf < [message] >
> [processed.message]) the databases are updated and the field appears (if
> it should).
>
> The relevant Bayes configuration entries are:
> use_bayes                            1
> bayes_path                           /var/spool/spamassassin/bayes
> bayes_file_mode                      0600
> auto_whitelist_path                  /var/spool/spamassassin/auto-whitelist
> auto_whitelist_file_mode             0600
> bayes_auto_learn                     1
> bayes_auto_learn_threshold_nonspam   0.1
> bayes_auto_learn_threshold_spam      10
>
> Somehow, I believe that it has something to do with the SA.pm module and
> SA 3.
>



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From el.baby at gmail.com  Fri Sep  3 13:16:20 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1499.1137101206.24926.mailscanner@lists.mailscanner.info>

On Fri, 3 Sep 2004 11:36:33 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> >I have just added a setting
> >
> >Remove These Headers
> >
> >so that you can specify a list of headers which you want removed from all
> >messages. This can of course be a ruleset so you could use it to delete all
> >x-mozilla-status and x-mozilla-status2 headers from incoming mail.
> >
> >A good use for it would be to automatically remove receipt requests from
> >any incoming mail, so you don't reveal information about your staff and who
> >is currently at work reading their mail.
>
> Apply this patch to your installation:
>          cd /usr/lib/MailScanner/MailScanner
>          patch < remove.headers.patch
> That will update your ConfigDefs.pl and Message.pm files.
> Then add this to your MailScanner.conf file:
>
> # If any of these headers are included in a a message, they will be deleted.
> # This is very useful for removing return-receipt requests and any headers
> # which mean special things to your email client application, such as
> # X-Mozilla-Status.
> # Each header should end in a ":", but MailScanner will add it if you forget.
> # Headers should be separated by commas or spaces.
> # This can also be the filename of a ruleset.
> Remove These Headers =
>
> This will all be included in the next release, but I thought I would post
> the patch for those who don't want to (or can't) wait for it.
Hey!!!

Is that GREAT TECH SUPPORT or what?

>From request to implementation in a couple of days!!

Nice feature Julian... I do this from within ZMailer, but I didn't
have rulesets...



--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Fri Sep  3 13:33:54 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1500.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mariano Absatz wrote:
> Hey!!!
>
> Is that GREAT TECH SUPPORT or what?
>
>>From request to implementation in a couple of days!!

Yeah... Julian is doing a great job!

Thank you, Julian! I'm going to patch my MS installation right now :)

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From MyBSD at comcast.net  Fri Sep  3 14:00:09 2004
From: MyBSD at comcast.net (My BSD)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1501.1137101206.24926.mailscanner@lists.mailscanner.info>

On 9/3/2004 at 1:09 PM Martin Hepworth wrote:

>Hi
>
>check the ownship of the files. Are the Bayes files owned by the same
>user MS is running as??
>
>
>--
>Martin Hepworth
>Senior Systems Administrator
>Solid State Logic Ltd
>tel: +44 (0)1865 842300
>
>
>My BSD wrote:
>
>> Used Julian's excellent script to install MS v. 4.33.3 with SA v.
>3.0.0-RC2.
>>
>> Everything works except that the Bayes databases are not updated and the
>> "autolearn=" field never appears in the
>> "X-%org-name%-MailScanner-SpamCheck:" header (unless the "use_bayes"
>> parameter is set to "0".
>>
>> However, if a message is processed manually (spamassassin -p
>> /opt/MailScanner/etc/spam.assassin.prefs.conf < [message] >
>> [processed.message]) the databases are updated and the field appears (if
>> it should).
>>
>> The relevant Bayes configuration entries are:
>> use_bayes                            1
>> bayes_path                           /var/spool/spamassassin/bayes
>> bayes_file_mode                      0600
>> auto_whitelist_path
>/var/spool/spamassassin/auto-whitelist
>> auto_whitelist_file_mode             0600
>> bayes_auto_learn                     1
>> bayes_auto_learn_threshold_nonspam   0.1
>> bayes_auto_learn_threshold_spam      10
>>
>> Somehow, I believe that it has something to do with the SA.pm module and
>> SA 3.
>>
>
>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>--
>This message has been scanned for viruses and
>other dangerous content by MailScanner and is
>believed to be clean.

*********** REPLY SEPARATOR  ***********

That was it, thank you Martin.

Now I get the following value for the autolearn field (which doesn't make
sense because my nonspam learn treshold is 0.1):

"not spam, SpamAssassin (score=-2.642,  required 5.1, autolearn=not spam,
ALL_TRUSTED -2.82,      NO_REAL_NAME 0.18)"

Any ideas?

--
My

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Fri Sep  3 14:03:24 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1502.1137101206.24926.mailscanner@lists.mailscanner.info>

Hi!

> That was it, thank you Martin.
>
> Now I get the following value for the autolearn field (which doesn't make
> sense because my nonspam learn treshold is 0.1):
>
> "not spam, SpamAssassin (score=-2.642,  required 5.1, autolearn=not spam,
> ALL_TRUSTED -2.82,      NO_REAL_NAME 0.18)"

Isnt 0.1 more then -2.642 ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ryan at MARINOCRANE.COM  Fri Sep  3 14:18:22 2004
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:26:46 2006
Subject: FW: New beta release of Vispan
Message-ID: <mailman.1503.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David,
The new version looks great on your website.
Having trouble running it here though.  When I try to run
/usr/local/bin/Vispan it tells me that Vispan.conf is not found, yet
there it is in /etc.
Any ideas?

Thanks
Ryan

David While wrote:

>I have just released a beta version of Vispan. This version no longer
>uses MRTG but instead uses the GD graphics library.
>It provides historical stats over 10 minutes, hourly, monthly and
>yearly.
>
>It can be downloaded as usual from
>http://www.while.homeunix.net/mailstats/
>
>--------------------------------------------
>David While BSc CEng MBCS CITP
>Technical Development Manager
>Faculty of Computing, Information & English
>University of Central England
>Tel: 0121 331 6211
>--------------------------------------------
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep  3 14:23:16 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1504.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
My BSD wrote:

<snip>
>
> That was it, thank you Martin.
>
> Now I get the following value for the autolearn field (which doesn't make
> sense because my nonspam learn treshold is 0.1):
>
> "not spam, SpamAssassin (score=-2.642,  required 5.1, autolearn=not spam,
> ALL_TRUSTED -2.82,      NO_REAL_NAME 0.18)"
>
> Any ideas?
>
> --
> My

My

that's a score of -2.642 which is below 0.1 so it's autolearned as ham..

--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rvitoria at CI.UCP.PT  Fri Sep  3 14:33:35 2004
From: rvitoria at CI.UCP.PT (Rui Vitoria)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1505.1137101206.24926.mailscanner@lists.mailscanner.info>

Mr Julian

I`m sorry my poor ingles, i installed the stable version 4.33.3.1 and i`ve
the same problem with this error (mailscanner defunct).



My system configuration

RedHat 7.2
Mailscanner 4-33.3.1
Spamassassin 6.23

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Fri Sep  3 14:41:50 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:46 2006
Subject: whitelisting not working with "always report"?
Message-ID: <mailman.1506.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Kai Schaetzl wrote:

>Dustin Baer wrote:
>
>
>>Adding an address to spam.whitelist.rules will still be checked for
>>spam, just not quarantined if above minimum score, and thus still give
>>you a report.
>>
>This is not how I understood the "Is Definitely Not Spam" option. It
>doesn't make any sense to me to scan a message where I know already before
>doing it that it's not spam. What for should I scan it?
>
Perhaps to see what is being hit upon by SpamAssassin, not be marked as
{Spam?}, and be delivered, all by using one rule entry, rather than three.

Our marketing department sends HTML email to customers.  When they
(marketing) test their emails, they send them through our server, which
will give a SpamAssassin score.  Since I have them in
spam.whitelist.rules, but not in SpamChecks.rules, then they can see
what their score is and what is triggering the score, even if it above
the normal quarantine threshold.

>There's the SA
>whitelisting which adds -100 if someone really wants to scan all messages.
>
Okay.  I don't use it, since I set everything in MailScanner.  No sense
in trying to figure out where I have things set, if I can do it all in
one place.

>Adding another whitelisting in MS doesn't make any sense unless it avoids
>the scanning phase.
>
Depends on what you want.

>That's also what the comments in the MailScanner.conf
>file suggest to me and what I know from experience with milters.
>
There are two different points:

1.  spam.whitelist.rules = "*never* be marked as spam," whether checks
are done, or not
2.  Spam Checks = check for spam, or don't check for spam

It is a bit confusing, and I had the same situation as you a long time
ago, but once I figured what option does what, I was satisfied with what
is happening and even like the fact that I can see a high spam score,
but still have an address whitelisted.

Dustin
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 14:45:07 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1507.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:33 03/09/2004, you wrote:
>Mr Julian
>
>I`m sorry my poor ingles, i installed the stable version 4.33.3.1 and i`ve
>the same problem with this error (mailscanner defunct).

Have you checked your maillog for any reported errors from MailScanner?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From t.d.lee at DURHAM.AC.UK  Fri Sep  3 15:07:26 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:46 2006
Subject: silent fail: suggestion for fix
Message-ID: <mailman.1508.1137101206.24926.mailscanner@lists.mailscanner.info>

I've just spent a little time head-scratching a "silent fail" type of
problem with MailScanner.

When "MailScanner.conf" includes "clamavmodule" in its "Virus Scanners",
but the perl installation doesn't actually have "clamavmodule", MS
silently fails.  There is no indication of failure on the command line,
and the syslog file simply contains multiple lines "MailScanner E-Mail
Virus Scanner version 4.33.3 starting...".  The only other hints are that
there is only one MailScanner process (instead of building up towards the
usual 5+) and that nothing gets removed from the incoming queue.

Ultimately, I put MS into Debug mode.  That revealed the problem:
   Can't locate Mail/ClamAV.pm in @INC (...) at ... SweepViruses.pm line 413.

It would be nice if this could be revealed in normal mode for the average
user, not requiring head-scratching and Debug mode.

In "sub InitialiseClam { }", could the "require Mail::ClamAV;" be adjusted
to print out (syslog?) any failure that occurs?

Incidentally, a little lower "sub InitialiseSAVI { }" has an apparently
similarly unguarded "require SAVI;".

Hope that helps.

Julian: if you produce a patch (or suggest an idea to me), I'd be happy to
test it.

--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rvitoria at CI.UCP.PT  Fri Sep  3 15:12:20 2004
From: rvitoria at CI.UCP.PT (Rui Vitoria)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1509.1137101206.24926.mailscanner@lists.mailscanner.info>

the only possible error  i found in my maillog.


Sep  1 19:06:40 fagote MailScanner[15764]: MailScanner E-Mail Virus
Scanner version 4.33.3 starting...

Sep  1 19:06:50 fagote MailScanner[15778]: MailScanner E-Mail Virus
Scanner version 4.33.3 starting...

I don't no why the mailscanner restarted every 10 second

Thank you

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From bovati at MONDADORI.COM  Fri Sep  3 15:14:26 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:46 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1510.1137101206.24926.mailscanner@lists.mailscanner.info>

hi all,

sorry for reposting the same question, it seems that nobody ever had
this problem.

I received an infected email by W32/Mabutu.a@MM!zip (the local antivirus found
it).
If I forward this email, MailScanner say it is clean.
Is it the normal behavior of a forwarded infected email? I think no but I
can't see where is the problem.

I have the pair of df and qf sendmail's that I could send to who is interested
to the question.

thanks,
Mirko

On Wednesday 01 September 2004 15:45, you wrote:
> hi all,
>
> sometime we receive emails with an attach (document.zip) that mailscanner
> "Found to be clean" while the local antivirus finds a W32/Mabutu.a@MM!zip.
>
> Strange behavior:
> 1) We forward the vired email and mailscanner still  "Found to be clean".
> 2) We save the attached file,  we send a new email and attach the previous
> saved file (document.zip) then Mailscanner finds a W32/Mabutu.a@MM!zip
>
>
> Any clue?
> Thanks.
> Mirko Bovati
>
>
> on one installation:
> mailscanner-4.12-2
> AS2.1
> sendmail-8.11.6-28.72
> uvscan v4.3.20
>
> on another installation:
> mailscanner-4.32.5-1
> AS2.1
> sendmail-8.11.6-28.72
> uvscan v4.3.20
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From MyBSD at comcast.net  Fri Sep  3 15:26:45 2004
From: MyBSD at comcast.net (My BSD)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes databases not updated and autolearn field missing from
    SpamCheck header
Message-ID: <mailman.1511.1137101206.24926.mailscanner@lists.mailscanner.info>

On 9/3/2004 at 3:03 PM Raymond Dijkxhoorn wrote:

>Hi!
>
>> That was it, thank you Martin.
>>
>> Now I get the following value for the autolearn field (which doesn't make
>> sense because my nonspam learn treshold is 0.1):
>>
>> "not spam, SpamAssassin (score=-2.642,  required 5.1, autolearn=not spam,
>> ALL_TRUSTED -2.82,      NO_REAL_NAME 0.18)"
>
>Isnt 0.1 more then -2.642 ?
>
>Bye,
>Raymond.
>

*********** REPLY SEPARATOR  ***********

I guess I missed the minus sign.

New glasses are in order!

Thank you Raymond (and Martin).

--
My

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep  3 15:28:11 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1512.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mirko

do these scanners recognise the virus is called from the command line on
the MS computer??


--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300

Mirko Bovati wrote:

> hi all,
>
> sorry for reposting the same question, it seems that nobody ever had
> this problem.
>
> I received an infected email by W32/Mabutu.a@MM!zip (the local antivirus found
> it).
> If I forward this email, MailScanner say it is clean.
> Is it the normal behavior of a forwarded infected email? I think no but I
> can't see where is the problem.
>
> I have the pair of df and qf sendmail's that I could send to who is interested
> to the question.
>
> thanks,
> Mirko
>
> On Wednesday 01 September 2004 15:45, you wrote:
>
>>hi all,
>>
>>sometime we receive emails with an attach (document.zip) that mailscanner
>>"Found to be clean" while the local antivirus finds a W32/Mabutu.a@MM!zip.
>>
>>Strange behavior:
>>1) We forward the vired email and mailscanner still  "Found to be clean".
>>2) We save the attached file,  we send a new email and attach the previous
>>saved file (document.zip) then Mailscanner finds a W32/Mabutu.a@MM!zip
>>
>>
>>Any clue?
>>Thanks.
>>Mirko Bovati
>>
>>
>>on one installation:
>>mailscanner-4.12-2
>>AS2.1
>>sendmail-8.11.6-28.72
>>uvscan v4.3.20
>>
>>on another installation:
>>mailscanner-4.32.5-1
>>AS2.1
>>sendmail-8.11.6-28.72
>>uvscan v4.3.20
>>



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Fri Sep  3 16:09:31 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:46 2006
Subject: X-Mozilla-Status
Message-ID: <mailman.1513.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> At 11:21 03/09/2004, you wrote:
>
>> At 10:44 03/09/2004, you wrote:
>>
>>> Martin Sapsed wrote:
>>>
>>>>>> Unfortunately, some spammers puts these two headers into spam:
>>>>>> X-Mozilla-Status:
>>>>>> X-Mozilla-Status2:
>>>>>> Can mailscanner remove those two headers from all
>>>>>> processed e-mails?
>>>>
>>>> Unless I'm much mistaken that's a job for your MTA - sendmail, postfix
>>>> or whatever...?
>>>
>>> I'm using sendmail. I've search on google and i did find nothing that
>>> could help
>>> solving my problem.
>>> I see that MIMEDefang is able to remove headers:
>>>
>>> action_delete_header($hdr, $index) - Deletes an existing header in the
>>> message.
>>> This can be used in filter_begin or filter_end. The $hdr parameter is
>>> the
>>> header
>>> name without the colon. The $index parameter is optional; it defaults to
>>> 1. If
>>> you supply it, then the $index'th occurrence of the header is
>>> deleted, if
>>> there
>>> is more than one header with the same name.
>>>
>>> But does installing MIMEDefang only to remove 2 headers make sense?
>>
>>
>> I have just added a setting
>>
>> Remove These Headers
>>
>> so that you can specify a list of headers which you want removed from all
>> messages. This can of course be a ruleset so you could use it to
>> delete all
>> x-mozilla-status and x-mozilla-status2 headers from incoming mail.
>>
>> A good use for it would be to automatically remove receipt requests from
>> any incoming mail, so you don't reveal information about your staff
>> and who
>> is currently at work reading their mail.
>
>
> Apply this patch to your installation:
>         cd /usr/lib/MailScanner/MailScanner
>         patch < remove.headers.patch
> That will update your ConfigDefs.pl and Message.pm files.
> Then add this to your MailScanner.conf file:
>
> # If any of these headers are included in a a message, they will be
> deleted.
> # This is very useful for removing return-receipt requests and any headers
> # which mean special things to your email client application, such as
> # X-Mozilla-Status.
> # Each header should end in a ":", but MailScanner will add it if you
> forget.
> # Headers should be separated by commas or spaces.
> # This can also be the filename of a ruleset.
> Remove These Headers =
>
> This will all be included in the next release, but I thought I would post
> the patch for those who don't want to (or can't) wait for it.
Like they say in all the movies:
"You da man!!!"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 16:23:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: silent fail: suggestion for fix
Message-ID: <mailman.1514.1137101206.24926.mailscanner@lists.mailscanner.info>

Well found. Your suggestion is a very good one.

Please find attached a patch that will hopefully solve the problem for both
ClamAV and SAVI.

At 15:07 03/09/2004, you wrote:
>When "MailScanner.conf" includes "clamavmodule" in its "Virus Scanners",
>but the perl installation doesn't actually have "clamavmodule", MS
>silently fails.  There is no indication of failure on the command line,
>and the syslog file simply contains multiple lines "MailScanner E-Mail
>Virus Scanner version 4.33.3 starting...".  The only other hints are that
>there is only one MailScanner process (instead of building up towards the
>usual 5+) and that nothing gets removed from the incoming queue.
>
>It would be nice if this could be revealed in normal mode for the average
>user, not requiring head-scratching and Debug mode.
>
>Incidentally, a little lower "sub InitialiseSAVI { }" has an apparently
>similarly unguarded "require SAVI;".

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: ]
    [ "SweepViruses.require.patch")  1KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From bovati at MONDADORI.COM  Fri Sep  3 16:23:56 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:46 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1515.1137101206.24926.mailscanner@lists.mailscanner.info>

On Friday 03 September 2004 16:28, you wrote:
> Mirko
>
> do these scanners recognise the virus is called from the command line on
> the MS computer??
hi Martin,

The local antivirus who finds the virus is VisusScan 7.0 on a MS computer.
VirusScan doesn't clean the email. I forward the infected email (and
MailScanner say it is clean) and the recipient again find it is infected.

But, on another way, if I after receiving the infected email, I save the
attach (i.e. the virus) and I send a new email with the saved attach
attached, the MailScanner find the virus.

I don't know if I answered your question.

mirko
>
>
> --
> Martin Hepworth
> Senior Systems Administrator
> Solid State Logic Ltd
> tel: +44 (0)1865 842300
>
> Mirko Bovati wrote:
> > hi all,
> >
> > sorry for reposting the same question, it seems that nobody ever had
> > this problem.
> >
> > I received an infected email by W32/Mabutu.a@MM!zip (the local antivirus
> > found it).
> > If I forward this email, MailScanner say it is clean.
> > Is it the normal behavior of a forwarded infected email? I think no but I
> > can't see where is the problem.
> >
> > I have the pair of df and qf sendmail's that I could send to who is
> > interested to the question.
> >
> > thanks,
> > Mirko

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep  3 16:24:47 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes error
Message-ID: <mailman.1516.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Carinus Carelse wrote:

> When I try to run the lint test I get this error?
>
> Carinus
>
>
> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
> 0.05232
> debug: bayes: no dbs present, cannot scan:
> /var/spool/MailScanner/spamassassin_toks 1.32378
> debug: Score set 1 chosen. 0.0005
> debug: Initialising learner 0.00027
> debug: bayes: no dbs present, cannot scan: /var/spool/MailScanner/spamassassin

Is there a bayes DB in /var/spool/MailScanner/spamassassin ???

--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep  3 16:29:46 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:46 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1517.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mirko Bovati wrote:

> On Friday 03 September 2004 16:28, you wrote:
>
>>Mirko
>>
>>do these scanners recognise the virus is called from the command line on
>>the MS computer??
>
> hi Martin,
>
> The local antivirus who finds the virus is VisusScan 7.0 on a MS computer.
> VirusScan doesn't clean the email. I forward the infected email (and
> MailScanner say it is clean) and the recipient again find it is infected.
>
> But, on another way, if I after receiving the infected email, I save the
> attach (i.e. the virus) and I send a new email with the saved attach
> attached, the MailScanner find the virus.
>
> I don't know if I answered your question.
>
> mirko
>
>>
>
Mirko

OK are you keeping archive copies of the mails? If so what happens if
you run the virus scanner on the infected message it misses - ie run the
virus outside of MS control, from the command line, on the infected message.

That way you'll know if there's something wrong with MS or the virus
scanner..

--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From carinus.carelse at MRC.AC.ZA  Fri Sep  3 16:33:45 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:46 2006
Subject: Bayes error
Message-ID: <mailman.1518.1137101206.24926.mailscanner@lists.mailscanner.info>

When I try to run the lint test I get this error?

Carinus


debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
0.05232
debug: bayes: no dbs present, cannot scan:
/var/spool/MailScanner/spamassassin_toks 1.32378
debug: Score set 1 chosen. 0.0005
debug: Initialising learner 0.00027
debug: bayes: no dbs present, cannot scan: /var/spool/MailScanner/spamassassin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From carinus.carelse at MRC.AC.ZA  Fri Sep  3 16:37:22 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:46 2006
Subject: bayes Error repost
Message-ID: <mailman.1519.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Sori it did not come out fully.
<p>Carinus
<p>debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs
file 0.05232
<br>debug: bayes: no dbs present, cannot scan: /var/spool/MailScanner/spamassassin_toks
1.32378
<br>debug: Score set 1 chosen. 0.0005
<br>debug: Initialising learner 0.00027
<br><b>debug: bayes: no dbs present, cannot scan: /var/spool/MailScanner/spamassassin_toks</b>
<br>&nbsp;</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From max at KIPNESS.COM  Fri Sep  3 16:39:08 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1520.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=102385414-03092004>I'm not sure what 
caused it. The only thing I think of is that I hit ctrl-c when I got tired of 
waiting for a long rebuilding of the alias file with newaliases command. Now 
everytime I rebuild it takes at least 1 minute. I never noticed this 
before.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=102385414-03092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=102385414-03092004>I have over 
340&nbsp;messages in mqueue.in so I guess this means that MailScanner is not 
processing? I see no errors in the maillog.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=102385414-03092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=102385414-03092004>Can someone give me 
some pointers on how to troubleshoot what the problem might be as mail is being 
held up for several domains right now!</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=102385414-03092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=102385414-03092004>Thanks,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=102385414-03092004>Max</SPAN></FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mike at CAMAROSS.NET  Fri Sep  3 16:56:19 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1521.1137101206.24926.mailscanner@lists.mailscanner.info>

________________________________

From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Max Kipness
Sent: Friday, September 03, 2004 10:39 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Mail stuck in mqueue.in, help!


I'm not sure what caused it. The only thing I think of is that I hit ctrl-c
when I got tired of waiting for a long rebuilding of the alias file with
newaliases command. Now everytime I rebuild it takes at least 1 minute. I
never noticed this before.

I have over 340 messages in mqueue.in so I guess this means that MailScanner
is not processing? I see no errors in the maillog.

Can someone give me some pointers on how to troubleshoot what the problem
might be as mail is being held up for several domains right now!

Thanks,
Max


Your alias file is that big?  I think I'd try stopping MailScanner, deleting
your aliases.db and rebuild it and then start MailScanner.  I'd be
interested to see some log entries...particularly those that show up
immediately upon starting MailScanner.  Do you see any lines that mention
your aliases file?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Fri Sep  3 16:58:12 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1522.1137101206.24926.mailscanner@lists.mailscanner.info>

----- Original Message -----
From: Max Kipness <max@kipness.com>
Date: Fri, 3 Sep 2004 10:39:08 -0500
Subject: Mail stuck in mqueue.in, help!
To: mailscanner@jiscmail.ac.uk


Can someone give me some pointers on how to troubleshoot what the
problem might be as mail is being held up for several domains right
now!

You might start by looking in your maillog? Shutdown MailScanner and
your mta, run tail on it and see what happens when you start it up.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep  3 17:01:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1523.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:39 03/09/2004, you wrote:
>I'm not sure what caused it. The only thing I think of is that I hit
>ctrl-c when I got tired of waiting for a long rebuilding of the alias file
>with newaliases command. Now everytime I rebuild it takes at least 1
>minute. I never noticed this before.
>
>I have over 340 messages in mqueue.in so I guess this means that
>MailScanner is not processing? I see no errors in the maillog.
>
>Can someone give me some pointers on how to troubleshoot what the problem
>might be as mail is being held up for several domains right now!

Please read the troubleshooting section of the MAQ.
The location of the MAQ is below.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From t.d.lee at DURHAM.AC.UK  Fri Sep  3 17:27:44 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:46 2006
Subject: silent fail: suggestion for fix
Message-ID: <mailman.1524.1137101206.24926.mailscanner@lists.mailscanner.info>

On Fri, 3 Sep 2004, Julian Field wrote:

> Well found. Your suggestion is a very good one.
>
> Please find attached a patch that will hopefully solve the problem for both
> ClamAV and SAVI.

Seems good (Solaris 8, perl 5.005_03) and syslogs the appropriate message.

Many thanks.

--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at PELLEYS.COM  Fri Sep  3 17:42:43 2004
From: mike at PELLEYS.COM (Mike Pelley)
Date: Thu Jan 12 21:26:46 2006
Subject: MailScanner not scanning...
Message-ID: <mailman.1525.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi All.

I'm in the process of tearing my hair out.  The installation is on a
fresh Fedora Core 2 system running Postfix 2.8.18-4 with MailScanner
4.33.3-1.  MailScanner was installed via the RPM.  I've gone through the
configuration over and over and I can't figure out what is missing.  The
mail DOES go through, but it seems that there is no scanning at all
ocurring.  I've configured it to use McAfee as the antivirus agent, but
the EICAR files go through without being tagged as infected.  McAfee via
the command line does find the viruses.

I have this running on an older Red Hat 8 server with Postfix and I get
the messages in the /var/log/maillog file such as:

Sep  3 14:07:20 sparta MailScanner[8648]: New Batch: Scanning 1
messages, 5194 bytes
Sep  3 14:07:20 sparta MailScanner[8648]: Virus and Content Scanning:
Starting
Sep  3 14:07:21 sparta MailScanner[8648]: Uninfected: Delivered 1 messages


However, I don't see anything like this on the new box.

Anyone have any ideas what is happening?

Thanks,
Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Fri Sep  3 17:45:49 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:46 2006
Subject: mailscanner defunct
Message-ID: <mailman.1526.1137101206.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rui Vitoria wrote:

>the only possible error  i found in my maillog.
>
>
>Sep  1 19:06:40 fagote MailScanner[15764]: MailScanner E-Mail Virus
>Scanner version 4.33.3 starting...
>
>Sep  1 19:06:50 fagote MailScanner[15778]: MailScanner E-Mail Virus
>Scanner version 4.33.3 starting...
>
>I don't no why the mailscanner restarted every 10 second
>
Rui,

It isn't restarting.  It is starting however many you have set in "Max
Children ="

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From max at KIPNESS.COM  Fri Sep  3 17:49:35 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1527.1137101206.24926.mailscanner@lists.mailscanner.info>

>Can someone give me some pointers on how to troubleshoot what
>the problem might be as mail is being held up for several
>domains right now!
>
>You might start by looking in your maillog? Shutdown
>MailScanner and your mta, run tail on it and see what happens
>when you start it up.

I deleted and rebuilt the aliases file. It still take a while with
newaliases.

time newaliases
/etc/aliases: 74 aliases, longest 77 bytes, 1280 bytes total

real    0m45.089s
user    0m0.047s
sys     0m0.006s

Ok if I shutdown MailScanner, then start back up I do get a message about
/etc/aliases beeing rebuilt by root, and then I get this in the maillog:

Sep  3 11:34:28 manhattan MailScanner[1815]: New Batch: Found 523 messages
waiting
Sep  3 11:34:28 manhattan MailScanner[1815]: New Batch: Scanning 30
messages, 306400 bytes

This message never comes up again, like it's not trying again...strange.

Nothing else unusual that I see in the logs.

I'm looking at the MAQ now.

Any other suggestions?

Thanks,
Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From max at KIPNESS.COM  Fri Sep  3 17:58:49 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:46 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1528.1137101206.24926.mailscanner@lists.mailscanner.info>

>
>>Can someone give me some pointers on how to troubleshoot what the
>>problem might be as mail is being held up for several domains right
>>now!
>>
>>You might start by looking in your maillog? Shutdown MailScanner and
>>your mta, run tail on it and see what happens when you start it up.
>
>I deleted and rebuilt the aliases file. It still take a while
>with newaliases.
>
>time newaliases
>/etc/aliases: 74 aliases, longest 77 bytes, 1280 bytes total
>
>real    0m45.089s
>user    0m0.047s
>sys     0m0.006s
>
>Ok if I shutdown MailScanner, then start back up I do get a
>message about /etc/aliases beeing rebuilt by root, and then I
>get this in the maillog:
>
>Sep  3 11:34:28 manhattan MailScanner[1815]: New Batch: Found
>523 messages waiting Sep  3 11:34:28 manhattan
>MailScanner[1815]: New Batch: Scanning 30 messages, 306400 bytes
>
>This message never comes up again, like it's not trying
>again...strange.
>
>Nothing else unusual that I see in the logs.
>
>I'm looking at the MAQ now.
>
>Any other suggestions?

Another interesting tidbit is that everytime I restart the MailScanner
service, a few emails are scanned and delivered.

Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ml at NETGROUPES.CA  Fri Sep  3 18:11:13 2004
From: ml at NETGROUPES.CA (Mailing List)
Date: Thu Jan 12 21:26:46 2006
Subject: PostFix Transport (2 destination or more for a domain)
Message-ID: <mailman.1529.1137101206.24926.mailscanner@lists.mailscanner.info>

When using PostFix (With MailScanner) is it possible in the
TransportFile to tel that for mycompany.com there is 2 SMTP server that
could be contacted ?

We must redirect eMails to an ISP who has several mx, but some time some
of those mx (maiServer) won't answer because they use some kind of Load
Balancing solution.

Then some mail could be delayed if spooled at our hand, and if PostFix
allow something like

Domain.com      ip address (or mail.isp.com) ; second ipaddress (or
mail2.isp.com)

Thanks

The Goal is that we don't want eMail to be spooled here is the mail
server we're relaying eMails too, is in maintenance...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From leen at WIREHUB.NL  Fri Sep  3 18:20:25 2004
From: leen at WIREHUB.NL (Leen Besselink)
Date: Thu Jan 12 21:26:46 2006
Subject: PostFix Transport (2 destination or more for a domain)
Message-ID: <mailman.1530.1137101206.24926.mailscanner@lists.mailscanner.info>

> Then some mail could be delayed if spooled at our hand, and if PostFix
> allow something like
>
> Domain.com      ip address (or mail.isp.com) ; second ipaddress (or
> mail2.isp.com)

the character your looking for is the comma ( ',' ), for example in the
transport map:

domain.com      smtp:mx1.domain.com,smtp:mx2.domain.com

(just in case I'm wrong, I suggest you test it)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 18:21:13 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1531.1137101206.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> Chris Gordon wrote:
> >In my normal uses of SpamAssasin, I call it via procmail to filter the
> >mail.  This works great when the MTA running SA is the one doing local
> >delivery.  The problem I have is I want to be able to filter with SA on
> >a server running as a mail gateway.
> >The scenario is that I am building a server to sit receive mail from the
> >public internet (the host where the various MX records point).  This
> >server will then forward all mail on to another server that end users
> >will use to read their mail -- no local delivery.
> >The question is, how can I have the gateway server run the mail through
> >SA before forwarding it on?
> >I'm planning to use sendmail on the gateway server.  The "internal" box
> >is running that other OS with some proprietary webmail system.  I have
> >plans to replace it, too, but that is down the road yet.
> >Thanks,
> >Chris
> What you probably need is AMaViS (A Mail Virus Scanner) which is a mail
> scanner that uses other third-party software to scan your mail for spam
> and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> antivirus. All my daemons run in chroot jails.
>
> The following links should be useful.
>
> http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> performance daemon)
> http://www.oddquad.org/linux/anti-spam.html
> http://www.amavis.org/howto/
>
> If you decide to also run ClamAV in chroot, this howto I wrote might
> also be useful.
>
> https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOWTO
>
> Let me know if you run into any snags (most of my experience is with
> Postfix though).
>
> Good luck!

Amavisd is a good solution to your problem. We used it here with
mcaffee's uvscan for a year before we switched to MailScanner:

http://mailscanner.info

We've been using mailscanner for over a year now and have been
extremely pleased with it.

The main difference is that amavisd runs as a daemon and talks to your
MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
can only process messages one at a time. In contrast MailScanner is
typically intalled to run inbetween 2 instances of the MTA. For
instance, in our setup we have one postfix instance called postfix.in
that is configured to accept incoming mail and simply place it in the
defferred queue. MailScanner picks up the mail from there in batches.
When it is finished doing its jobs it moves the mail to the incoming
queue of a second postfix instance which then handles the job of either
passing off to the local delivery agent or sending it on to some other
mail host on the internet.

The batch processing is key. Since it is processing in batches it calls
your viruscanners and SpamAssassin only once for each batch. So, each
invocation of these external programs handles numerous messages, where
in an amavisd set up each message requires a new instance of
spamassassin and a new instance of viruscanner-foo. (of course amavis
can work with daemonized versions of these, but that, too has overhead)
In my experience and that of those loyal to MailScanner this approach
has significant performance benefits.

Additional performance is gained because rather than using spamassassin
as an external spamd and spamc pair as in a typical procmail called
spamassassin config, MailScanner uses spamasassin as a perl library. All
the spamassassin code runs within the MailScanner process. This
approach is also used for several virusscanners, notably sophos and
the opensource clamav.

Since MailScanner is picking up email through the file system, if it
finds that it doesn't need to do anything to a particular message it
doesn't even need to make a copy of it! It simply makes a hard link in
the incoming queue of the outgoing MTA and removes the original link.
Weitse Venema, the author of postfix, takes exception to this approach
and therefore does not support mailscanner's use with postfix.
Nonetheless, MailScanner and Postfix work very well together. People in
the other MTA projects, sendmail, exim, etc, have no problem with
MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
author, to resolve issues.

On top of all that, MailScanner is an extremely flexible flexible tool
for implementing an organization's email policy. The mailing list is
very active with a great many helpful people, a number of whom do little
else beside manage very large email systems (i.e. many millions of
messages per day handled by sizeable server farms dedicated to the
task). There are also numerous admins on the list using MailScanner as a
frontend scanner that passes mail off to whatever corporate beast
handles the delivery and users' pop/imap access (i.e. exchange,
lotusnotes, whatever). Julian is active on the list as well. Often he
responds to bug reports or feature requests with new code within several
days, and occasionally within hours.

If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
Swaney would be willing to go out to Chantilly. Steve runs Fortress
Systems, a DC company that sells support for MailScanner and employs
Julian as CTO:

http://www.fsl.com/

Steve presented MailScanner at DCLUG last summer. We made the switch
here at RFA soon after that. Contact info is here:

http://www.fsl.com/company/contact.html

If you would like to know anything else about MailScanner, I'm more than
willing to answer any questions here on the list. You could also check
the mailscanner list archives. I set out to say more, but have forgotten
some more points I meant to make. In short, I can't say enough good
things about this project.

-Eric Rz.

1. I get particular pleasure out of reclaiming this particular 2-letter
acronymn. :-D

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 18:29:07 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1532.1137101207.24926.mailscanner@lists.mailscanner.info>

I cc'ed the mailscanner list on this because I wanted Julian to see the
praise and Steve to see the opportunity to present. NovaLUG has been
looking for meeting topics recently.

I also wanted the list to check my facts for me and point out any errors
or omissions. Thanks all, and Julian in particular. :)

-Eric Rz.

On Fri, Sep 03, 2004 at 01:21:13PM -0400, Eric Dantan Rzewnicki wrote:
> On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> > Chris Gordon wrote:
> > >In my normal uses of SpamAssasin, I call it via procmail to filter the
> > >mail.  This works great when the MTA running SA is the one doing local
> > >delivery.  The problem I have is I want to be able to filter with SA on
> > >a server running as a mail gateway.
> > >The scenario is that I am building a server to sit receive mail from the
> > >public internet (the host where the various MX records point).  This
> > >server will then forward all mail on to another server that end users
> > >will use to read their mail -- no local delivery.
> > >The question is, how can I have the gateway server run the mail through
> > >SA before forwarding it on?
> > >I'm planning to use sendmail on the gateway server.  The "internal" box
> > >is running that other OS with some proprietary webmail system.  I have
> > >plans to replace it, too, but that is down the road yet.
> > >Thanks,
> > >Chris
> > What you probably need is AMaViS (A Mail Virus Scanner) which is a mail
> > scanner that uses other third-party software to scan your mail for spam
> > and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> > SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> > antivirus. All my daemons run in chroot jails.
> >
> > The following links should be useful.
> >
> > http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> > performance daemon)
> > http://www.oddquad.org/linux/anti-spam.html
> > http://www.amavis.org/howto/
> >
> > If you decide to also run ClamAV in chroot, this howto I wrote might
> > also be useful.
> >
> > https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOWTO
> >
> > Let me know if you run into any snags (most of my experience is with
> > Postfix though).
> >
> > Good luck!
>
> Amavisd is a good solution to your problem. We used it here with
> mcaffee's uvscan for a year before we switched to MailScanner:
>
> http://mailscanner.info
>
> We've been using mailscanner for over a year now and have been
> extremely pleased with it.
>
> The main difference is that amavisd runs as a daemon and talks to your
> MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
> can only process messages one at a time. In contrast MailScanner is
> typically intalled to run inbetween 2 instances of the MTA. For
> instance, in our setup we have one postfix instance called postfix.in
> that is configured to accept incoming mail and simply place it in the
> defferred queue. MailScanner picks up the mail from there in batches.
> When it is finished doing its jobs it moves the mail to the incoming
> queue of a second postfix instance which then handles the job of either
> passing off to the local delivery agent or sending it on to some other
> mail host on the internet.
>
> The batch processing is key. Since it is processing in batches it calls
> your viruscanners and SpamAssassin only once for each batch. So, each
> invocation of these external programs handles numerous messages, where
> in an amavisd set up each message requires a new instance of
> spamassassin and a new instance of viruscanner-foo. (of course amavis
> can work with daemonized versions of these, but that, too has overhead)
> In my experience and that of those loyal to MailScanner this approach
> has significant performance benefits.
>
> Additional performance is gained because rather than using spamassassin
> as an external spamd and spamc pair as in a typical procmail called
> spamassassin config, MailScanner uses spamasassin as a perl library. All
> the spamassassin code runs within the MailScanner process. This
> approach is also used for several virusscanners, notably sophos and
> the opensource clamav.
>
> Since MailScanner is picking up email through the file system, if it
> finds that it doesn't need to do anything to a particular message it
> doesn't even need to make a copy of it! It simply makes a hard link in
> the incoming queue of the outgoing MTA and removes the original link.
> Weitse Venema, the author of postfix, takes exception to this approach
> and therefore does not support mailscanner's use with postfix.
> Nonetheless, MailScanner and Postfix work very well together. People in
> the other MTA projects, sendmail, exim, etc, have no problem with
> MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
> author, to resolve issues.
>
> On top of all that, MailScanner is an extremely flexible flexible tool
> for implementing an organization's email policy. The mailing list is
> very active with a great many helpful people, a number of whom do little
> else beside manage very large email systems (i.e. many millions of
> messages per day handled by sizeable server farms dedicated to the
> task). There are also numerous admins on the list using MailScanner as a
> frontend scanner that passes mail off to whatever corporate beast
> handles the delivery and users' pop/imap access (i.e. exchange,
> lotusnotes, whatever). Julian is active on the list as well. Often he
> responds to bug reports or feature requests with new code within several
> days, and occasionally within hours.
>
> If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
> Swaney would be willing to go out to Chantilly. Steve runs Fortress
> Systems, a DC company that sells support for MailScanner and employs
> Julian as CTO:
>
> http://www.fsl.com/
>
> Steve presented MailScanner at DCLUG last summer. We made the switch
> here at RFA soon after that. Contact info is here:
>
> http://www.fsl.com/company/contact.html
>
> If you would like to know anything else about MailScanner, I'm more than
> willing to answer any questions here on the list. You could also check
> the mailscanner list archives. I set out to say more, but have forgotten
> some more points I meant to make. In short, I can't say enough good
> things about this project.
>
> -Eric Rz.
>
> 1. I get particular pleasure out of reclaiming this particular 2-letter
> acronymn. :-D
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Sep  3 18:32:45 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:47 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1533.1137101207.24926.mailscanner@lists.mailscanner.info>

Max Kipness wrote:
>> Can someone give me some pointers on how to troubleshoot what the
>> problem might be as mail is being held up for several domains right
>> now!
>>
>> You might start by looking in your maillog? Shutdown MailScanner and
>> your mta, run tail on it and see what happens when you start it up.
>
> I deleted and rebuilt the aliases file. It still take a while with
> newaliases.
>
> time newaliases
> /etc/aliases: 74 aliases, longest 77 bytes, 1280 bytes total
>
> real    0m45.089s
> user    0m0.047s
> sys     0m0.006s
>
> Ok if I shutdown MailScanner, then start back up I do get a message
> about /etc/aliases beeing rebuilt by root, and then I get this in the
> maillog:
>
> Sep  3 11:34:28 manhattan MailScanner[1815]: New Batch: Found 523
> messages waiting Sep  3 11:34:28 manhattan MailScanner[1815]: New
> Batch: Scanning 30 messages, 306400 bytes
>
> This message never comes up again, like it's not trying
> again...strange.
>
> Nothing else unusual that I see in the logs.
>
> I'm looking at the MAQ now.
>
> Any other suggestions?
>

74 aliases is NOTHING.  That should hash to db in the blink of an eye.
What's the load on your system?  What are the system specs?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dmecham at JAZZERCISE.COM  Fri Sep  3 18:35:09 2004
From: dmecham at JAZZERCISE.COM (JazzDarwin)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner fails to forward to postfix incoming
Message-ID: <mailman.1534.1137101207.24926.mailscanner@lists.mailscanner.info>

Hi all,

BIG Thanks to Julian for his great help.

I have followed the setups as outlined at
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml

I have this crazy thing running but now as I
monitor the /var/log/maillog I see MailScanner
pick up messages from /var/spool/postfix/hold
and it seems to process them - but it never passes
them on to the postfix/incoming...

It goes thru the cycle over and over all the time
accumulating more messages in the que and re-scanning
the same messages over and over but never passing them
to postfix/incoming.

I have obviously missed something -

Best Regards,

Darwin




------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/X-VCARD (Name: "dmecham.vcf")  16 lines. ]
    [ Unable to print this part. ]


From lindsay at pa.net  Fri Sep  3 18:35:41 2004
From: lindsay at pa.net (Lindsay Snider)
Date: Thu Jan 12 21:26:47 2006
Subject: PostFix Transport (2 destination or more for a domain)
Message-ID: <mailman.1535.1137101207.24926.mailscanner@lists.mailscanner.info>

On Friday 03 September 2004 01:11 pm, Mailing List wrote:
> When using PostFix (With MailScanner) is it possible in the
> TransportFile to tel that for mycompany.com there is 2 SMTP server that
> could be contacted ?

I'd suggest this is more of a question for the postfix list at
postfix-users@postfix.org.

>
> We must redirect eMails to an ISP who has several mx, but some time some
> of those mx (maiServer) won't answer because they use some kind of Load
> Balancing solution.

postfix will try more than one mx server.  If the ISP has an mx record for
each of its servers which is to receive email, the mail should get delivered
w/o delay even if one or more of the servers are down.

One note w/ postfix's virtual transports:

the following sends to the ip resolved w/i '[ ]':
domain.tld               smtp:[mailserver.domain.tld]

the following sends to the mx records of domain.tld:
domain.tld               smtp:domain.tld

Notice that putting a domain.tld in braces signified postfix to not use the mx
records.

>
> Then some mail could be delayed if spooled at our hand, and if PostFix
> allow something like
>
> Domain.com      ip address (or mail.isp.com) ; second ipaddress (or
> mail2.isp.com)
>
> Thanks
>
> The Goal is that we don't want eMail to be spooled here is the mail
> server we're relaying eMails too, is in maintenance...
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Fri Sep  3 18:40:15 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner not scanning...
Message-ID: <mailman.1536.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, 3 Sep 2004 14:12:43 -0230, Mike Pelley <mike@pelleys.com> wrote:
>
> Anyone have any ideas what is happening?
>
What happens in the maillog when mail does go through? Are you sure
that the Postfix instance that's listening on port 25 is the one that
is started by MailScanner, not the Postfix that's installed from the
RPM?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at PELLEYS.COM  Fri Sep  3 19:02:16 2004
From: mike at PELLEYS.COM (No Name)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner not scanning...
Message-ID: <mailman.1537.1137101207.24926.mailscanner@lists.mailscanner.info>

> On Fri, 3 Sep 2004 14:12:43 -0230, Mike Pelley <mike@pelleys.com> wrote:
>>
>> Anyone have any ideas what is happening?
>>
> What happens in the maillog when mail does go through? Are you sure
> that the Postfix instance that's listening on port 25 is the one that
> is started by MailScanner, not the Postfix that's installed from the
> RPM?

Here's the part of /var/log/maillog where I've restarted MailScanner:

Sep  3 15:25:28 zeus MailScanner[9744]: MailScanner child caught a SIGHUP
Sep  3 15:25:28 zeus postfix/postfix-script: stopping the Postfix mail system
Sep  3 15:25:28 zeus postfix/master[9718]: terminating on signal 15
Sep  3 15:25:39 zeus postfix/postfix-script: starting the Postfix mail system
Sep  3 15:25:39 zeus postfix/master[10184]: daemon started -- version 2.0.18
Sep  3 15:25:42 zeus MailScanner[10204]: MailScanner E-Mail Virus Scanner
version 4.33.3 starting...
Sep  3 15:25:42 zeus MailScanner[10204]: Using locktype = flock


And here are the lines where I sent a message to Hotmail:


Sep  3 15:28:21 zeus postfix/smtpd[10213]: connect from
helios.pelleys.com[192.168.0.8]
Sep  3 15:28:21 zeus postfix/smtpd[10213]: B5350700EB:
client=helios.pelleys.com[192.168.0.8]
Sep  3 15:28:21 zeus postfix/cleanup[10215]: B5350700EB:
message-id=<4138B094.1090108@pelleys.com>
Sep  3 15:28:21 zeus postfix/nqmgr[10190]: B5350700EB:
from=<mike@pelleys.com>, size=901, nrcpt=1 (queue active)
Sep  3 15:28:21 zeus postfix/smtpd[10213]: disconnect from
helios.pelleys.com[192.168.0.8]
Sep  3 15:28:53 zeus postfix/smtp[10217]: connect to
mx1.hotmail.com[64.4.50.50]: Connection timed out (port 25)
Sep  3 15:28:54 zeus postfix/smtp[10217]: B5350700EB:
to=<m_pelley@hotmail.com>, relay=mx4.hotmail.com[65.54.253.230], delay=33,
status=sent (250  <4138B094.1090108@pelleys.com> Queued mail for delivery)

It doesn't look like the messages are going through MailScanner at all.
I've shutdown postfix via chkconfig and when I run "service MailScanner
start" MailScanner starts the inbound and outbound postfix sessions and
then itself, e.g.:
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:                                      [  OK  ]


Maybe something is missing in Postfix's master.cf or main.cf?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 19:07:24 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: mailscanner configuration oversight
Message-ID: <mailman.1538.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 11:48:13AM -0600, darwin wrote:
> I found your explanation excellent - I hope
> you don't mind me contacting you off list.
>
> I have followed the setups as outlined at
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
>
> I have this crazy thing running now (Thanks to Julian)
> but  as I monitor the /var/log/maillog I see MailScanner
> pick up messages from /var/spool/postfix/hold
> and it seems to process them - but it never passes
> them on to the postfix/incoming...
>
> It goes thru the cycle over and over all the time
> accumulating more messages in the que and re-scanning
> the same messages over and over but never passing them
> to postfix/incoming.
>
> I have obviously missed something -

I don't necessarily mind the offlist message, but you'll have access to
far more minds if you keep stuff on list. :) I recommend you keep a list,
preferably the mailscanner list, in the cc. That way, if I'm not
available you will most likely get a much quicker response. And anyway,
my employer pays me to run its servers, not yours. ;) (tongue-in-cheek,
just joking, wink-wink, nudge-nudge, don't get offended, etc, etc. :) )
btw, I sent my message to three lists ... which one did you get it from?

My first guess would be the permissions on your postfix directories.
Make sure they are owned by and accessible to postfix and that
MailScanner is configured to run as postfix.

Since you mention the hold queue, you must be using postfix 2.x and a
single instance of postfix. I haven't yet done a set up like that.
postfix in debian woody (stable release) is an older version that did
not have the hold queue and we don't run testing on production boxes. I
do have a debian testing box at home and intend to set up a single
postfix mailscanner installation there, but it is a work in progress.

One thing to try is turning on debugging for MailScanner. This is an
option in your MailScanner.conf file. Once set the next invocation of
mailscanner will not spawn any children and will run for only one batch
while it spits out a ton of debug info to the console. Your problem
should be fairly evident from that.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at PELLEYS.COM  Fri Sep  3 19:17:11 2004
From: mike at PELLEYS.COM (No Name)
Date: Thu Jan 12 21:26:47 2006
Subject: [SOLVED] Re: MailScanner not scanning...
Message-ID: <mailman.1539.1137101207.24926.mailscanner@lists.mailscanner.info>

>> On Fri, 3 Sep 2004 14:12:43 -0230, Mike Pelley <mike@pelleys.com> wrote:
>>>
>>> Anyone have any ideas what is happening?
>>>
>> What happens in the maillog when mail does go through? Are you sure
>> that the Postfix instance that's listening on port 25 is the one that
>> is started by MailScanner, not the Postfix that's installed from the
>> RPM?
>
> Here's the part of /var/log/maillog where I've restarted MailScanner:
>
> Sep  3 15:25:28 zeus MailScanner[9744]: MailScanner child caught a SIGHUP
> Sep  3 15:25:28 zeus postfix/postfix-script: stopping the Postfix mail
> system
> Sep  3 15:25:28 zeus postfix/master[9718]: terminating on signal 15
> Sep  3 15:25:39 zeus postfix/postfix-script: starting the Postfix mail
> system
> Sep  3 15:25:39 zeus postfix/master[10184]: daemon started -- version
> 2.0.18
> Sep  3 15:25:42 zeus MailScanner[10204]: MailScanner E-Mail Virus Scanner
> version 4.33.3 starting...
> Sep  3 15:25:42 zeus MailScanner[10204]: Using locktype = flock
>
>
> And here are the lines where I sent a message to Hotmail:
>
>
> Sep  3 15:28:21 zeus postfix/smtpd[10213]: connect from
> helios.pelleys.com[192.168.0.8]
> Sep  3 15:28:21 zeus postfix/smtpd[10213]: B5350700EB:
> client=helios.pelleys.com[192.168.0.8]
> Sep  3 15:28:21 zeus postfix/cleanup[10215]: B5350700EB:
> message-id=<4138B094.1090108@pelleys.com>
> Sep  3 15:28:21 zeus postfix/nqmgr[10190]: B5350700EB:
> from=<mike@pelleys.com>, size=901, nrcpt=1 (queue active)
> Sep  3 15:28:21 zeus postfix/smtpd[10213]: disconnect from
> helios.pelleys.com[192.168.0.8]
> Sep  3 15:28:53 zeus postfix/smtp[10217]: connect to
> mx1.hotmail.com[64.4.50.50]: Connection timed out (port 25)
> Sep  3 15:28:54 zeus postfix/smtp[10217]: B5350700EB:
> to=<m_pelley@hotmail.com>, relay=mx4.hotmail.com[65.54.253.230], delay=33,
> status=sent (250  <4138B094.1090108@pelleys.com> Queued mail for delivery)
>
> It doesn't look like the messages are going through MailScanner at all.
> I've shutdown postfix via chkconfig and when I run "service MailScanner
> start" MailScanner starts the inbound and outbound postfix sessions and
> then itself, e.g.:
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:                                      [  OK  ]
>
>
> Maybe something is missing in Postfix's master.cf or main.cf?
>
> Mike

Found the problem!!!  Stupidity on my part. The line
header_checks = regexp:/etc/postfix/header_checks
was commented out in main.cf!  Arrrgggg!

Thanks to all who replied and made suggestions!

Cheers,
Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 19:30:22 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: mailscanner configuration oversight
Message-ID: <mailman.1540.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 12:19:48PM -0600, darwin wrote:
> Thanks Eric,
>
> Tell your employer I will be faxing a large stack of
> $50 dollar bills.... ;-D
> You're worth twice what they pay you!!
>
> The list I saw the post was  MAILSCANNER@JISCMAIL.AC.UK
>
> Those are all good suggestions - my first thought was
> permissions too.
>
> Here is the MailScanner -v output...
>
> Running on
> Linux xmail 2.4.22-1.2188.nptl #1 Wed Apr 21 20:36:05 EDT 2004 i686 i686
> i386 GNU/Linux
> This is Fedora Core release 1 (Yarrow)
> This is Perl version 5.008003 (5.8.3)
<snip>

That all looks fine ... but what about the debug output?

-Eric Rz.

PS It really would be in your own best interest to keep this on the
list.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 19:30:39 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: [dmecham@nitrodata.com: Re: mailscanner configuration oversight]
Message-ID: <mailman.1541.1137101207.24926.mailscanner@lists.mailscanner.info>

----- Forwarded message from darwin <dmecham@nitrodata.com> -----

Date: Fri, 03 Sep 2004 12:19:48 -0600
From: darwin <dmecham@nitrodata.com>
Subject: Re: mailscanner configuration oversight
To: Eric Dantan Rzewnicki <rzewnickie@RFA.ORG>

Thanks Eric,

Tell your employer I will be faxing a large stack of
$50 dollar bills.... ;-D
You're worth twice what they pay you!!

The list I saw the post was  MAILSCANNER@JISCMAIL.AC.UK

Those are all good suggestions - my first thought was
permissions too.

Here is the MailScanner -v output...

Running on
Linux xmail 2.4.22-1.2188.nptl #1 Wed Apr 21 20:36:05 EDT 2004 i686 i686
i386 GNU/Linux
This is Fedora Core release 1 (Yarrow)
This is Perl version 5.008003 (5.8.3)
This is MailScanner version 4.33.3
Postfix version 2.0.16
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119     Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.21    IO
1.10    IO::File
1.122    IO::Pipe
2.21    MIME::Base64
5.403     MIME::Decoder
5.403     MIME::Decoder::UU
5.403     MIME::Head
5.406     MIME::Parser
5.411     MIME::Tools
0.09    Net::CIDR
1.07    POSIX
1.76    Socket
0.04    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing    Net::LDAP
missing    SAVI
missing    Mail::ClamAV
0.31    Net::DNS

Thanks and Best Regards,

Darwin



Eric Dantan Rzewnicki wrote:

>On Fri, Sep 03, 2004 at 11:48:13AM -0600, darwin wrote:
>
>
>And anyway,
>my employer pays me to run its servers, not yours. ;) (tongue-in-cheek,
>just joking, wink-wink, nudge-nudge, don't get offended, etc, etc. :) )
>btw, I sent my message to three lists ... which one did you get it from?
>
>My first guess would be the permissions on your postfix directories.
>Make sure they are owned by and accessible to postfix and that
>MailScanner is configured to run as postfix.
>
>Since you mention the hold queue, you must be using postfix 2.x and a
>single instance of postfix. I haven't yet done a set up like that.
>postfix in debian woody (stable release) is an older version that did
>not have the hold queue and we don't run testing on production boxes. I
>do have a debian testing box at home and intend to set up a single
>postfix mailscanner installation there, but it is a work in progress.
>
>One thing to try is turning on debugging for MailScanner. This is an
>option in your MailScanner.conf file. Once set the next invocation of
>mailscanner will not spawn any children and will run for only one batch
>while it spits out a ton of debug info to the console. Your problem
>should be fairly evident from that.
>
>-Eric Rz.
>
>
>
>
>




----- End forwarded message -----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.vogt at FIRESTARTER.CH  Fri Sep  3 19:43:57 2004
From: p.vogt at FIRESTARTER.CH (Patrick Vogt)
Date: Thu Jan 12 21:26:47 2006
Subject: Mailscanner restarting all the time...
Message-ID: <mailman.1542.1137101207.24926.mailscanner@lists.mailscanner.info>

On Thu, 2 Sep 2004 08:40:37 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:


>>4.33.1 was a beta version, with a bug that caused this.
Now I'm on 4.33.3 and I'm happy with it... thanks a lot!
Patrick

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep  3 19:52:18 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1543.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 02:28:20PM -0400, Arshavir Grigorian wrote:
> Eric Dantan Rzewnicki wrote:
> >On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> >>Chris Gordon wrote:
> AMaViS also caches Mail::SpamAssassin Perl module, as well as uses the

That's good to know. When we were using it I don't think it did that.

> daemonized ClamAV (clamd) and, hence I think the overhead of scanning
> the mail sequentially is minimal.

on this I think we will have to agree to differ.

> On another note, and this may just be me, I do not feel confortable the
> the mail scanner directly accessing the MTA queues. AMaViS plays nicely
> with Postfix because Postfix, owing to its modular design, allows for as
> many SMTP processes as necessary. The way I have it set up is that I
> have 2 SMTP processes, one of which deliveres the incoming mail to a
> port that AMaViS is listening on (10024), and another one listening on
> port 10025 for scanned/cleaned mail from AMaViS.

The discussion of whether amavis or mailscanner is better will probably
remain an issue of personal preference. I think both are good projects,
MailScanner is a better fit for me. One argument offered on the
MailScanner side is that MailScanner doesn't need to worry about
properly implementing SMTP and therefore frees itself from all related
security worries. MailScanner only needs to be concerned internally with
security from a file system perspective (aside from the functional
goals of filtering mail to eliminate viruses and other threats). Amavis
folks will likely turn the same argument around and show that it proves
amavis is better. Right now I feel MailScanner is better, you think
Amavis is better, and that is perfectly OK.

> Moreover, just like Apache, AMaViS allows for a configurable number of
> child processes to be forked off at start time which makes it very scalable.

The number of MailScanner children forked is also configurable. It is in
use on people's home system's with a single user running on old throw
away hardware on the one end and huge clustered server farms handling
millions of accounts on the other. Amavis can most likely make similar
claims.

> I don't know much about MailScanner, but it seems like AMaViS' approach
> to interacting with the MTA is cleaner.

More elegant, perhaps, from a design perspective which certainly has its
merits. But in practical coding terms, MailScanner is basically just an
elaborate and flexible text parser.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dmecham at JAZZERCISE.COM  Fri Sep  3 19:54:44 2004
From: dmecham at JAZZERCISE.COM (JazzDarwin)
Date: Thu Jan 12 21:26:47 2006
Subject: [ALSO SOLVED] Mail Configuration Oversight
Message-ID: <mailman.1544.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
%org-name%   MUST NOT contain any spaces

Mail Scanner process will not process mail properly
and loop thru the postfix/hold over and over and over...
ad infinitum!

Darwin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mbullock at TROIKANETWORKS.COM  Fri Sep  3 20:06:00 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:47 2006
Subject: Whitelist problem
Message-ID: <mailman.1545.1137101207.24926.mailscanner@lists.mailscanner.info>

>From the logs it almost looks like the from address is 127.0.0.1 and the
server is checking its hosts file first for the lookup and finding its
own name.

Aug 30 13:01:24 slammer2 MailScanner[14013]: Message i7UK1NfY014676 from
127.0.0.1 (root@mailserver.company1.com) is whitelisted
Aug 30 13:01:24 slammer2 MailScanner[13517]: Virus and Content Scanning:
Starting
Aug 30 13:01:25 slammer2 MailScanner[14013]: Virus and Content Scanning:
Starting
Aug 30 13:01:27 slammer2 MailScanner[13517]: Uninfected: Delivered 1
messages
Aug 30 13:01:28 slammer2 sendmail[14695]: i7UK1KTv014668:
to=<someone@company2.com>, delay=00:00:08, xdelay=00:00:00, mailer=smtp,
pri=230996, relay=[10.1.1.10] [10.1.1.10], dsn=2.0.0, stat=Sent (
<BAY22-F20i4UvxlEkbB0005fe9f@hotmail.com> Queued mail for delivery)

Mb
 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Scott Silva
Sent: Thursday, September 02, 2004 10:17 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Whitelist problem

Michele Neylon :: Blacknight Solutions wrote:
> MailScanner mailing list wrote:
>
>>Hey all,
>>
>>Sorry if this has been covered before, but I have a question
>>regarding whitelisting.  Email generated by the server (virus
>>alerts etc) are sent to my email address, but some of them
>>get marked as spam.  I want to be able to whitelist
>>everything coming from the server, but if an email is sent
>>with a spoofed address of 127.0.0.1 it will automatically be
>>whitelisted.  Is there a way around this?
>
>
> We whitelist the server hostname for mail sent from root@ and
postmaster@
> instead of the IP which works quite well
>
Aren't named addresses easily spoofed?
I seem to remember a virus trying to send false rejection messages that
said they were from postmaster@ourdomain.com. Of course the ip was *not*
  127.0.0.1

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at fsl.com  Fri Sep  3 20:11:47 2004
From: Steve.Swaney at fsl.com (Steve Swaney)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1546.1137101207.24926.mailscanner@lists.mailscanner.info>

Eric,

Thanks for the kind words. We're always happy to help out existing or
prospective MailScanner users. It was also a useful and cogent analysis of
the advantages of using MailScanner.

We're about to release the (hopefully) last beta or rc1 of SMGateway. Please
let me know if you're interested in having a look.

Thanks again,

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Eric Dantan Rzewnicki
> Sent: Friday, September 03, 2004 1:29 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [novalug] Spamassasin on a mail gateway
> 
> I cc'ed the mailscanner list on this because I wanted Julian to see the
> praise and Steve to see the opportunity to present. NovaLUG has been
> looking for meeting topics recently.
> 
> I also wanted the list to check my facts for me and point out any errors
> or omissions. Thanks all, and Julian in particular. :)
> 
> -Eric Rz.
> 
> On Fri, Sep 03, 2004 at 01:21:13PM -0400, Eric Dantan Rzewnicki wrote:
> > On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> > > Chris Gordon wrote:
> > > >In my normal uses of SpamAssasin, I call it via procmail to filter
> the
> > > >mail.  This works great when the MTA running SA is the one doing
> local
> > > >delivery.  The problem I have is I want to be able to filter with SA
> on
> > > >a server running as a mail gateway.
> > > >The scenario is that I am building a server to sit receive mail from
> the
> > > >public internet (the host where the various MX records point).  This
> > > >server will then forward all mail on to another server that end users
> > > >will use to read their mail -- no local delivery.
> > > >The question is, how can I have the gateway server run the mail
> through
> > > >SA before forwarding it on?
> > > >I'm planning to use sendmail on the gateway server.  The "internal"
> box
> > > >is running that other OS with some proprietary webmail system.  I
> have
> > > >plans to replace it, too, but that is down the road yet.
> > > >Thanks,
> > > >Chris
> > > What you probably need is AMaViS (A Mail Virus Scanner) which is a
> mail
> > > scanner that uses other third-party software to scan your mail for
> spam
> > > and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> > > SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> > > antivirus. All my daemons run in chroot jails.
> > >
> > > The following links should be useful.
> > >
> > > http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> > > performance daemon)
> > > http://www.oddquad.org/linux/anti-spam.html
> > > http://www.amavis.org/howto/
> > >
> > > If you decide to also run ClamAV in chroot, this howto I wrote might
> > > also be useful.
> > >
> > >
> https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOW
> TO
> > >
> > > Let me know if you run into any snags (most of my experience is with
> > > Postfix though).
> > >
> > > Good luck!
> >
> > Amavisd is a good solution to your problem. We used it here with
> > mcaffee's uvscan for a year before we switched to MailScanner:
> >
> > http://mailscanner.info
> >
> > We've been using mailscanner for over a year now and have been
> > extremely pleased with it.
> >
> > The main difference is that amavisd runs as a daemon and talks to your
> > MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
> > can only process messages one at a time. In contrast MailScanner is
> > typically intalled to run inbetween 2 instances of the MTA. For
> > instance, in our setup we have one postfix instance called postfix.in
> > that is configured to accept incoming mail and simply place it in the
> > defferred queue. MailScanner picks up the mail from there in batches.
> > When it is finished doing its jobs it moves the mail to the incoming
> > queue of a second postfix instance which then handles the job of either
> > passing off to the local delivery agent or sending it on to some other
> > mail host on the internet.
> >
> > The batch processing is key. Since it is processing in batches it calls
> > your viruscanners and SpamAssassin only once for each batch. So, each
> > invocation of these external programs handles numerous messages, where
> > in an amavisd set up each message requires a new instance of
> > spamassassin and a new instance of viruscanner-foo. (of course amavis
> > can work with daemonized versions of these, but that, too has overhead)
> > In my experience and that of those loyal to MailScanner this approach
> > has significant performance benefits.
> >
> > Additional performance is gained because rather than using spamassassin
> > as an external spamd and spamc pair as in a typical procmail called
> > spamassassin config, MailScanner uses spamasassin as a perl library. All
> > the spamassassin code runs within the MailScanner process. This
> > approach is also used for several virusscanners, notably sophos and
> > the opensource clamav.
> >
> > Since MailScanner is picking up email through the file system, if it
> > finds that it doesn't need to do anything to a particular message it
> > doesn't even need to make a copy of it! It simply makes a hard link in
> > the incoming queue of the outgoing MTA and removes the original link.
> > Weitse Venema, the author of postfix, takes exception to this approach
> > and therefore does not support mailscanner's use with postfix.
> > Nonetheless, MailScanner and Postfix work very well together. People in
> > the other MTA projects, sendmail, exim, etc, have no problem with
> > MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
> > author, to resolve issues.
> >
> > On top of all that, MailScanner is an extremely flexible flexible tool
> > for implementing an organization's email policy. The mailing list is
> > very active with a great many helpful people, a number of whom do little
> > else beside manage very large email systems (i.e. many millions of
> > messages per day handled by sizeable server farms dedicated to the
> > task). There are also numerous admins on the list using MailScanner as a
> > frontend scanner that passes mail off to whatever corporate beast
> > handles the delivery and users' pop/imap access (i.e. exchange,
> > lotusnotes, whatever). Julian is active on the list as well. Often he
> > responds to bug reports or feature requests with new code within several
> > days, and occasionally within hours.
> >
> > If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
> > Swaney would be willing to go out to Chantilly. Steve runs Fortress
> > Systems, a DC company that sells support for MailScanner and employs
> > Julian as CTO:
> >
> > http://www.fsl.com/
> >
> > Steve presented MailScanner at DCLUG last summer. We made the switch
> > here at RFA soon after that. Contact info is here:
> >
> > http://www.fsl.com/company/contact.html
> >
> > If you would like to know anything else about MailScanner, I'm more than
> > willing to answer any questions here on the list. You could also check
> > the mailscanner list archives. I set out to say more, but have forgotten
> > some more points I meant to make. In short, I can't say enough good
> > things about this project.
> >
> > -Eric Rz.
> >
> > 1. I get particular pleasure out of reclaiming this particular 2-letter
> > acronymn. :-D
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> Fortress Systems Ltd.
> www.fsl.com
> 



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

From Steve.Swaney at FSL.COM  Fri Sep  3 20:11:47 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1547.1137101207.24926.mailscanner@lists.mailscanner.info>

Eric,

Thanks for the kind words. We're always happy to help out existing or
prospective MailScanner users. It was also a useful and cogent analysis of
the advantages of using MailScanner.

We're about to release the (hopefully) last beta or rc1 of SMGateway. Please
let me know if you're interested in having a look.

Thanks again,

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Eric Dantan Rzewnicki
> Sent: Friday, September 03, 2004 1:29 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [novalug] Spamassasin on a mail gateway
>
> I cc'ed the mailscanner list on this because I wanted Julian to see the
> praise and Steve to see the opportunity to present. NovaLUG has been
> looking for meeting topics recently.
>
> I also wanted the list to check my facts for me and point out any errors
> or omissions. Thanks all, and Julian in particular. :)
>
> -Eric Rz.
>
> On Fri, Sep 03, 2004 at 01:21:13PM -0400, Eric Dantan Rzewnicki wrote:
> > On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> > > Chris Gordon wrote:
> > > >In my normal uses of SpamAssasin, I call it via procmail to filter
> the
> > > >mail.  This works great when the MTA running SA is the one doing
> local
> > > >delivery.  The problem I have is I want to be able to filter with SA
> on
> > > >a server running as a mail gateway.
> > > >The scenario is that I am building a server to sit receive mail from
> the
> > > >public internet (the host where the various MX records point).  This
> > > >server will then forward all mail on to another server that end users
> > > >will use to read their mail -- no local delivery.
> > > >The question is, how can I have the gateway server run the mail
> through
> > > >SA before forwarding it on?
> > > >I'm planning to use sendmail on the gateway server.  The "internal"
> box
> > > >is running that other OS with some proprietary webmail system.  I
> have
> > > >plans to replace it, too, but that is down the road yet.
> > > >Thanks,
> > > >Chris
> > > What you probably need is AMaViS (A Mail Virus Scanner) which is a
> mail
> > > scanner that uses other third-party software to scan your mail for
> spam
> > > and/or viruses. I have AMaViS (amavisd-new) setup on Postfix to use
> > > SpamAssassin and Vipul's Razor for detecting spam and ClamAV - for
> > > antivirus. All my daemons run in chroot jails.
> > >
> > > The following links should be useful.
> > >
> > > http://www.ijs.si/software/amavisd/ - amavisd-new (the new high
> > > performance daemon)
> > > http://www.oddquad.org/linux/anti-spam.html
> > > http://www.amavis.org/howto/
> > >
> > > If you decide to also run ClamAV in chroot, this howto I wrote might
> > > also be useful.
> > >
> > >
> https://www.grigorians.org/phpwiki/index.php/ClamAV%20chroot%20setup%20HOW
> TO
> > >
> > > Let me know if you run into any snags (most of my experience is with
> > > Postfix though).
> > >
> > > Good luck!
> >
> > Amavisd is a good solution to your problem. We used it here with
> > mcaffee's uvscan for a year before we switched to MailScanner:
> >
> > http://mailscanner.info
> >
> > We've been using mailscanner for over a year now and have been
> > extremely pleased with it.
> >
> > The main difference is that amavisd runs as a daemon and talks to your
> > MTA (sendmail, postfix, qmail, exim, etc) via an SMTP conversation so it
> > can only process messages one at a time. In contrast MailScanner is
> > typically intalled to run inbetween 2 instances of the MTA. For
> > instance, in our setup we have one postfix instance called postfix.in
> > that is configured to accept incoming mail and simply place it in the
> > defferred queue. MailScanner picks up the mail from there in batches.
> > When it is finished doing its jobs it moves the mail to the incoming
> > queue of a second postfix instance which then handles the job of either
> > passing off to the local delivery agent or sending it on to some other
> > mail host on the internet.
> >
> > The batch processing is key. Since it is processing in batches it calls
> > your viruscanners and SpamAssassin only once for each batch. So, each
> > invocation of these external programs handles numerous messages, where
> > in an amavisd set up each message requires a new instance of
> > spamassassin and a new instance of viruscanner-foo. (of course amavis
> > can work with daemonized versions of these, but that, too has overhead)
> > In my experience and that of those loyal to MailScanner this approach
> > has significant performance benefits.
> >
> > Additional performance is gained because rather than using spamassassin
> > as an external spamd and spamc pair as in a typical procmail called
> > spamassassin config, MailScanner uses spamasassin as a perl library. All
> > the spamassassin code runs within the MailScanner process. This
> > approach is also used for several virusscanners, notably sophos and
> > the opensource clamav.
> >
> > Since MailScanner is picking up email through the file system, if it
> > finds that it doesn't need to do anything to a particular message it
> > doesn't even need to make a copy of it! It simply makes a hard link in
> > the incoming queue of the outgoing MTA and removes the original link.
> > Weitse Venema, the author of postfix, takes exception to this approach
> > and therefore does not support mailscanner's use with postfix.
> > Nonetheless, MailScanner and Postfix work very well together. People in
> > the other MTA projects, sendmail, exim, etc, have no problem with
> > MailScanner, afaik, and have on occassion worked with Julian, the MS[1]
> > author, to resolve issues.
> >
> > On top of all that, MailScanner is an extremely flexible flexible tool
> > for implementing an organization's email policy. The mailing list is
> > very active with a great many helpful people, a number of whom do little
> > else beside manage very large email systems (i.e. many millions of
> > messages per day handled by sizeable server farms dedicated to the
> > task). There are also numerous admins on the list using MailScanner as a
> > frontend scanner that passes mail off to whatever corporate beast
> > handles the delivery and users' pop/imap access (i.e. exchange,
> > lotusnotes, whatever). Julian is active on the list as well. Often he
> > responds to bug reports or feature requests with new code within several
> > days, and occasionally within hours.
> >
> > If NoVaLUG is interested in a presentation on MailScanner, I bet Steve
> > Swaney would be willing to go out to Chantilly. Steve runs Fortress
> > Systems, a DC company that sells support for MailScanner and employs
> > Julian as CTO:
> >
> > http://www.fsl.com/
> >
> > Steve presented MailScanner at DCLUG last summer. We made the switch
> > here at RFA soon after that. Contact info is here:
> >
> > http://www.fsl.com/company/contact.html
> >
> > If you would like to know anything else about MailScanner, I'm more than
> > willing to answer any questions here on the list. You could also check
> > the mailscanner list archives. I set out to say more, but have forgotten
> > some more points I meant to make. In short, I can't say enough good
> > things about this project.
> >
> > -Eric Rz.
> >
> > 1. I get particular pleasure out of reclaiming this particular 2-letter
> > acronymn. :-D
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Fri Sep  3 20:44:57 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:47 2006
Subject: [ALSO SOLVED] Mail Configuration Oversight
Message-ID: <mailman.1548.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, 3 Sep 2004 12:54:44 -0600, JazzDarwin <dmecham@jazzercise.com> wrote:
> %org-name%   MUST NOT contain any spaces

As explained by the MailScanner.conf file?

# Enter a short identifying name for your organisation below, this is
# used to make the X-MailScanner headers unique for your organisation.
# Multiple servers within one site should use an identical value here
# to avoid adding multiple redundant headers where mail has passed
# through several servers within your organisation.
# RULE: It must not contain any spaces!
# Note: Some Symantec scanners complain (incorrectly) about "."
# ***** characters appearing in the names of headers.

The comments above each setting aren't just there to make the file
look more impressive.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From sleepy at radiotel.ro  Fri Sep  3 20:53:08 2004
From: sleepy at radiotel.ro (Botescu-Fianu Adrian)
Date: Thu Jan 12 21:26:47 2006
Subject: Problem  with Mailscanner+Postfix+xls+dbf+Outlook atachements
Message-ID: <mailman.1549.1137101207.24926.mailscanner@lists.mailscanner.info>

A have postfix, postfix.in and mailscanner with bitdefender on my mail
server and I really like this combination. A found that some atachements,
especialy EXCEL and Foxpro files that was sent with outlook are corrupt
when the recipient trie to open them after successfully download. This
problem apear only if the sender use Outlook. I tried to use my webmail or
yahoo and all was OK.

I thot that is a problem with TNEF expander so I downloaded the last
version of Mailscanner, I compilled it with the last version of TNEF. The
situation was the same.

I tried Expand TNEF= no in mailscanner.conf but the attachements were
corrupted also. I tried Tnefexpander = internal but the same problem. So
there is no problem with TNEF?

If I say Virus Scanning = no the attachements sent with Outlook are ok
when I open them in Windows.

I really like MailScanner and I do not want to use now something different
like amavis but until tomorrow  I have to figure a solution. So by any
chance does someone have a solution for my problem.

Dr.Botescu-Fianu Adrian



---
Mesajul a fost scanat de MailScanner
impotriva virusilor si a continutului
periculos si este considerat curat.
Acesta este un serviciu oferit gratuit
de Radiotel SA.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From yoloits at ycoe.org  Fri Sep  3 21:12:21 2004
From: yoloits at ycoe.org (Jay Ehrhart)
Date: Thu Jan 12 21:26:47 2006
Subject: Limit quarantine size
Message-ID: <mailman.1550.1137101207.24926.mailscanner@lists.mailscanner.info>

How do I set the quarantine in MailScanner to flush folders older than 30
days?

Thanks
Jay

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Fri Sep  3 21:19:35 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:47 2006
Subject: Limit quarantine size
Message-ID: <mailman.1551.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jay Ehrhart wrote:

> How do I set the quarantine in MailScanner to flush folders older than 30
> days?
>
> Thanks
> Jay

Look in your /etc/cron.daily and edit the file clean.quarantine
  file is well commented.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Fri Sep  3 21:23:50 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:47 2006
Subject: Limit quarantine size
Message-ID: <mailman.1552.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jay Ehrhart wrote:
> How do I set the quarantine in MailScanner to flush folders older than 30
> days?

Use the included clean.quarantine script. You have to enable it though.

Change:

$disabled = 1;

to:

$disabled = 0;

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Fri Sep  3 21:24:52 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: Limit quarantine size
Message-ID: <mailman.1553.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 01:12:21PM -0700, Jay Ehrhart wrote:
> How do I set the quarantine in MailScanner to flush folders older than 30
> days?

You can write a simple shell script:

#!/bin/bash

quarantine_dir=/var/spool/MailScanner/quarantine
quar_del_date=`date -d "30 days ago" +%Y%m%d`
rm -fr $quarantine_dir/$quar_del_date


and run it via cron daily.

With a little more work you can probably get it to check for anything
older than 30 days as well, just in case your crond doesn't happen to be
running one day for some reason or other.


-ERic Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From max at KIPNESS.COM  Fri Sep  3 21:37:01 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:47 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1554.1137101207.24926.mailscanner@lists.mailscanner.info>

>I'm not sure what caused it. The only thing I think of is that
>I hit ctrl-c when I got tired of waiting for a long rebuilding
>of the alias file with newaliases command. Now everytime I
>rebuild it takes at least 1 minute. I never noticed this before.
>
>I have over 340 messages in mqueue.in so I guess this means
>that MailScanner is not processing? I see no errors in the maillog.
>
>Can someone give me some pointers on how to troubleshoot what
>the problem might be as mail is being held up for several
>domains right now!

>Your alias file is that big?  I think I'd try stopping
>MailScanner, deleting your aliases.db and rebuild it and then
>start MailScanner.  I'd be interested to see some log
>entries...particularly those that show up immediately upon
>starting MailScanner.  Do you see any lines that mention your
>aliases file?

I've rebuilt the alias file, looked through the MAQ and all I can find is
info on debug mode, which doesn't seem to work. I set 'debug=yes' in
mailscanner.conf and then restarted the service from the console and see
nothing. I see nothing extra in the maillog either. How should this work?

At this point I still have everything stuck in mqueue.in. In the logs,
MailScanner keeps reporting that there are so many messages in the queue,
and that it it scanning 90. It keeps saying that it's scanning 90, but
obviously it's not.

If anybody could think of any other resolution or method to troubleshoot
this, I would appreciate it.

Thanks,
Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From yoloits at ycoe.org  Fri Sep  3 22:08:26 2004
From: yoloits at ycoe.org (Jay Ehrhart)
Date: Thu Jan 12 21:26:47 2006
Subject: Limit quarantine size
Message-ID: <mailman.1555.1137101207.24926.mailscanner@lists.mailscanner.info>

Thank you all.

Jay
----- Original Message -----
From: "Scott Silva" <ssilva@SGVWATER.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, September 03, 2004 1:19 PM
Subject: Re: Limit quarantine size


> Jay Ehrhart wrote:
>
> > How do I set the quarantine in MailScanner to flush folders older than
30
> > days?
> >
> > Thanks
> > Jay
>
> Look in your /etc/cron.daily and edit the file clean.quarantine
>   file is well commented.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Fri Sep  3 22:20:30 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner fails to forward to postfix incoming
Message-ID: <mailman.1556.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JazzDarwin wrote:

> Hi all,
>
> BIG Thanks to Julian for his great help.
>
> I have followed the setups as outlined at
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
>
> I have this crazy thing running but now as I
> monitor the /var/log/maillog I see MailScanner
> pick up messages from /var/spool/postfix/hold
> and it seems to process them - but it never passes
> them on to the postfix/incoming...
>
> It goes thru the cycle over and over all the time
> accumulating more messages in the que and re-scanning
> the same messages over and over but never passing them
> to postfix/incoming.
>
> I have obviously missed something -

What is your Outgoing Queue Dir set to?

Regards

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Fri Sep  3 22:53:43 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:47 2006
Subject: [novalug] Spamassasin on a mail gateway
Message-ID: <mailman.1557.1137101207.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 03, 2004 at 05:44:31PM -0400, Arshavir Grigorian wrote:
> Eric Dantan Rzewnicki wrote:
> >On Fri, Sep 03, 2004 at 02:28:20PM -0400, Arshavir Grigorian wrote:
> >>Eric Dantan Rzewnicki wrote:
> >>>On Fri, Sep 03, 2004 at 10:15:09AM -0400, Arshavir Grigorian wrote:
> >>>>Chris Gordon wrote:
> >>AMaViS also caches Mail::SpamAssassin Perl module, as well as uses the
> >That's good to know. When we were using it I don't think it did that.
> The version of AMaViS I am using is called amavisd-new and is a complete
> re-write/redesign of an older version. So it's definitely very possible
> that it didn't cache Mail::SpamAssassin before.
> I don't think I was trying to prove that AMaViS is *better* then
> MailScanner. After all I know next to nothing about MailScanner.
> Therefore any such argument on my part would be foolish.
> All I am trying to do is make sure that evertyone is on the same page on
> what AMaViS is and what it offers. That's all.

that's cool.

> >>Moreover, just like Apache, AMaViS allows for a configurable number of
> >>child processes to be forked off at start time which makes it very
> >>scalable.
> >The number of MailScanner children forked is also configurable. It is in
> >use on people's home system's with a single user running on old throw
> >away hardware on the one end and huge clustered server farms handling
> >millions of accounts on the other. Amavis can most likely make similar
> >claims.
> It surely can.
>
> http://www.linuxjournal.com/article.php?sid=7323
> http://www.linuxjournal.com/article.php?sid=7524  (followup to the first
> article)

So, there we go, the original poster has at least 2 excellent solutions
to choose from.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Sat Sep  4 00:08:24 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:47 2006
Subject: Mail stuck in mqueue.in, help!
Message-ID: <mailman.1558.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Max Kipness wrote:

>>I'm not sure what caused it. The only thing I think of is that
>>I hit ctrl-c when I got tired of waiting for a long rebuilding
>>of the alias file with newaliases command. Now everytime I
>>rebuild it takes at least 1 minute. I never noticed this before.
>>
>>I have over 340 messages in mqueue.in so I guess this means
>>that MailScanner is not processing? I see no errors in the maillog.
>>
>>Can someone give me some pointers on how to troubleshoot what
>>the problem might be as mail is being held up for several
>>domains right now!
>
>
>>Your alias file is that big?  I think I'd try stopping
>>MailScanner, deleting your aliases.db and rebuild it and then
>>start MailScanner.  I'd be interested to see some log
>>entries...particularly those that show up immediately upon
>>starting MailScanner.  Do you see any lines that mention your
>>aliases file?
>
>
> I've rebuilt the alias file, looked through the MAQ and all I can find is
> info on debug mode, which doesn't seem to work. I set 'debug=yes' in
> mailscanner.conf and then restarted the service from the console and see
> nothing. I see nothing extra in the maillog either. How should this work?

True, I don't have much on troubleshooting in the MAQ page... sorry.

Your system seems to be struggling...

The debug should give you some output while restarting mailscanner.

What kind of performance stats do you have?  What top says?

Cpu usage?  Load average?

what is the output of "free"?

what is the output of "vmstat 2"  (let it run for 5-10 lines, then ctrl-c).

Are you sure you don't have a disk that failed in one of your RAID
arrays or something?
>
> At this point I still have everything stuck in mqueue.in. In the logs,
> MailScanner keeps reporting that there are so many messages in the queue,
> and that it it scanning 90. It keeps saying that it's scanning 90, but
> obviously it's not.

So you've modified the default setting?  If it says it is sanning 90
messages, this is usually a good sign.

>
> If anybody could think of any other resolution or method to troubleshoot
> this, I would appreciate it.
>
> Thanks,
> Max
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michael at dilworth.net  Sat Sep  4 01:07:03 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:47 2006
Subject: Spam Quarantine report by user?
Message-ID: <mailman.1559.1137101207.24926.mailscanner@lists.mailscanner.info>

        I've googled around (maybe I just can't come up with
        the right query!)

        Has any one written (and would like to share) a script
        to scan the "qf" files in the spam quarantine, emailing
        the user with the qid, sender and subject?

        I would like to run this daily (cron) to allow my users
        to look for false positives, I've been doing it, and
        would like to stop! (5000 a week).

        Any thing close would be a help and I will share the
        result.

        Hoping to avoid re-inventing the wheel...
        Thanks Michael.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Sat Sep  4 02:19:28 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:47 2006
Subject: Spam Quarantine report by user?
Message-ID: <mailman.1560.1137101207.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Michael R. Dilworth (E-mail)
> Sent: Friday, September 03, 2004 8:07 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Spam Quarantine report by user?
>
>         I've googled around (maybe I just can't come up with
>         the right query!)
>
>         Has any one written (and would like to share) a script
>         to scan the "qf" files in the spam quarantine, emailing
>         the user with the qid, sender and subject?
>
>         I would like to run this daily (cron) to allow my users
>         to look for false positives, I've been doing it, and
>         would like to stop! (5000 a week).
>
>         Any thing close would be a help and I will share the
>         result.
>
>         Hoping to avoid re-inventing the wheel...
>         Thanks Michael.
>

We will be testing such a script for one of our customers early next week.
While they have paid us to develop this script, they are allowing us to
release the script as open source software.

The script will look at the quarantine directories and email daily to each
user that has email(s) in quarantine something like:

(For each email in quarantine)

        Subject: Grow whatever
        From: trusty@slezball.com

        Click here to view message
        Click here to release message

The program relies on Steve Freegard's (excellent) MailWatch program code to
"view" and "release" messages (why re-invent the wheel - but there are some
security issues with this approach :)

The intent of our customer is to:

        1. Delete the real junk (SA score > 10)
        2. Store the probable, but a few false positives (SA score >5 & <10)
        3. Send this email out once a day.

Some Caveats:

Our customer's site used LDAP lookups to reject email for unknown users on
the mail hub. If you can't establish valid email addresses on the gateway,
you will have problems can't running our (or any other) program that
attempts to perform similar function since mail for invalid users on the
mail hub will be stored in quarantine on the gateway :(

Having stated this, it should be possible to establish (in near real time)
valid "relay for" addresses by continually looking at the successful relays
in the mail log files (Anyone want to try???).

Since our program can use a list of email address as the criteria to send
the "you have mail in quarantine" emails, it should be possible to use our
program even on relatively "dumb" gateways. (once someone come up with the
". Anyone want to try??? Script solution). Seriously we'll eventually write
it but the solution will be available sooner if someone else jumps on the
problem. I'll be happy to discuss some thoughts on how to actually do this
off list.

I'll release the name of our customer as soon as I have their OK. This is
the way Open Source should work - a good idea - a solution - a user who is
willing to share their solution!

Comments, flames and other thoughts are always welcomes.

Have a great weekend.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From carinus.carelse at MRC.AC.ZA  Sat Sep  4 07:54:24 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:47 2006
Subject: Bayes error
Message-ID: <mailman.1561.1137101207.24926.mailscanner@lists.mailscanner.info>

Ja there is i just checked.

Carinus

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From carinus.carelse at MRC.AC.ZA  Sat Sep  4 08:48:52 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:47 2006
Subject: Bayes moving
Message-ID: <mailman.1562.1137101207.24926.mailscanner@lists.mailscanner.info>

Is it possible to move the bayes databases from one server to another
and can someone point me in the direction of a protocol.  Also I can't
seem to find the Bayes write up on the Mailscanner site can someone give
me the link.

Carinus

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep  4 12:06:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner fails to forward to postfix incoming
Message-ID: <mailman.1563.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Firstly, what version of MailScanner are you running, and have you followed
the instructions in the troubleshooting section of the MAQ (address at the
bottom of every list posting).

At 18:35 03/09/2004, you wrote:
>Hi all,
>
>BIG Thanks to Julian for his great help.
>
>I have followed the setups as outlined at
>http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
>
>I have this crazy thing running but now as I
>monitor the /var/log/maillog I see MailScanner
>pick up messages from /var/spool/postfix/hold
>and it seems to process them - but it never passes
>them on to the postfix/incoming...
>
>It goes thru the cycle over and over all the time
>accumulating more messages in the que and re-scanning
>the same messages over and over but never passing them
>to postfix/incoming.
>
>I have obviously missed something -
>
>Best Regards,
>
>Darwin
>
>
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Sat Sep  4 15:39:03 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:47 2006
Subject: Bayes moving
Message-ID: <mailman.1564.1137101207.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Carinus Carelse
> Sent: Saturday, September 04, 2004 3:49 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Bayes moving
>
> Is it possible to move the bayes databases from one server to another
> and can someone point me in the direction of a protocol.  Also I can't
> seem to find the Bayes write up on the Mailscanner site can someone give
> me the link.
>
> Carinus
>

Very easy to do.

Just tar up the existing bayes directory and move that file to the target
system.

Untar the file on the target system wherever you have space, i.e
/var/local/bayes, and then add the line:

bayes_path /var/local/bayes/bayes

to your MailScanner spam.assassin.prefs.conf file. Please note the
"...../bayes/bayes" is NOT a typo but refers to the fact that all of the
files in the bayes directory start with 'bayes"

Also don't forget to make sure that your permissions on the bayes directory
and files are correct.

There are "starter" (over 200 ham and 200 spam) bayes databases available
for Linux and FreeBSD at:

         http://www.fsl.com/support

Hope this helps,

Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep  4 16:16:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: non-GNU systems: serious bug in SA3 dependency
Message-ID: <mailman.1565.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
One of the dependencies for SpamAssassin 3 is the Sys::Hostname::Long perl
module.
This module assumes that the "hostname" command on the path is the GNU one!
:-(
Bad luck if you're not running on a GNU system, so all you Solaris etc
users out there, read on...

To find the fully-qualified hostname with the domain attached (ie the
FQDN), it executes the command
        hostname --fqdn

This will, on Solaris systems at least, set the hostname to the name
"--fqdn" which probably isn't what your server is called. If you try this,
change your hostname back *real* fast or all sorts of ugly shit will happen.

This showed up when I first started up MailScanner after upgrading to SA3,
as I got a usage error from "ypmatch". Subsequent attempts to start up
MailScanner appeared to fail. Running with Debug=yes caused it to bin out
with an error in /usr/perl5/site_perl/5.6.1/Sys/Hostname/Long.pm.

There are 2 ways to fix this:
1) Replace /usr/bin/hostname with the GNU version. Bad idea in my book, I
don't like messing with replacing system binaries if I can avoid it.
2) Hack the module to report your long hostname. Also a bad idea, but
easier to maintain as you don't have to remember you did it the next time
you apply a Solaris patch set and everything breaks. The Perl module is so
simple that I doubt you will ever need to upgrade it in the life of the
system anyway.

You are looking for
/usr/perl5/site_perl/5.6.1/Sys/Hostname/Long.pm
At line 75, you will see this:
                         my $tmp = `hostname --fqdn`;
Change this to tack on your domain name instead, like this:
                         my $tmp = `hostname` . '.ecs.soton.ac.uk';
where obviously you should change .ecs.soton.ac.uk to your own domain name
(with a dot on the front). Note the use of back-ticks and apostrophes in
the line above.

There is a little demo script "testall.pl" in the same directory, and you
can now safely run that to prove that you always get the correct hostname
for your server.

Thought you folks might appreciate the warning...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep  4 19:03:05 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: MailScanner not scanning...
Message-ID: <mailman.1566.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:42 03/09/2004, you wrote:
>I'm in the process of tearing my hair out.  The installation is on a
>fresh Fedora Core 2 system running Postfix 2.8.18-4 with MailScanner
>4.33.3-1.  MailScanner was installed via the RPM.  I've gone through the
>configuration over and over and I can't figure out what is missing.  The
>mail DOES go through, but it seems that there is no scanning at all
>ocurring.  I've configured it to use McAfee as the antivirus agent, but
>the EICAR files go through without being tagged as infected.  McAfee via
>the command line does find the viruses.
>
>I have this running on an older Red Hat 8 server with Postfix and I get
>the messages in the /var/log/maillog file such as:
>
>Sep  3 14:07:20 sparta MailScanner[8648]: New Batch: Scanning 1
>messages, 5194 bytes
>Sep  3 14:07:20 sparta MailScanner[8648]: Virus and Content Scanning:
>Starting
>Sep  3 14:07:21 sparta MailScanner[8648]: Uninfected: Delivered 1 messages

Start by trying the troubleshooting section in the MAQ (address at the
bottom of every post).
You may have the location of the McAfee installation wrong in
/etc/MailScanner/virus.scanners.conf.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Sat Sep  4 21:54:37 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:47 2006
Subject: in redhat 9
Message-ID: <mailman.1567.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Si se hiciera.

Raul Urqueta S wrote:
> Si se crea una lista de MailScanner en español, quiere decir que hay que
> inscribirse en otro lado?
> 
> -----Mensaje original-----
> De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En
> nombre de Alex Neuman van der Hans
> Enviado el: Martes, 31 de Agosto de 2004 18:41
> Para: MAILSCANNER@JISCMAIL.AC.UK
> Asunto: Re: in redhat 9
> 
> Si vamos a crear una lista de MailScanner en español, me anoto para 
> ayudar en lo que pueda.
> 
> If we're going to create a MailScanner list in spanish, I'll join and 
> help if possible.
> 
> En cualquier caso, definitivamente te sale mejor ponerle a tu server 
> ClamAV+BitDefender; lo bueno es que uno es libre (Clam) y el otro es
> gratis.
> 
> In any case, you're definitely better off installing ClamAV+BitDefender 
> on your server; the good thing is that one is free (as in freedom) and 
> the other is free (as in zero-cost).
> 
> greyhair wrote:
> 
> 
>>Raul,
>>
>>Did you see this?
>>http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/121.html
>>It directly relates to RedHat 9!
>>
>>Sorry, hablo solamente inglés.
>>Google trys to translate,(http://translate.google.com/translate_t)
>>
>>
> 
> http://translate.google.com/translate?u=http%3A%2F%2Fwww.sng.ecs.soton.a
> c.uk%2Fmailscanner%2Fserve%2Fcache%2F121.html&langpair=en%7Ces&hl=en&ie=
> UTF8&oe=UTF8 
> 
>>
>>
>>
>>Raul Urqueta S wrote:
>>
>>
>>>*somebody** can help me to configure the MailScanner with RedHat 9, 
>>>and Uvscan? Step by step (in Spanish better)*
>>>
>>>*I cant do it work.*
>>>
>>>*I follow the steps in the page 
>>>http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml, but 
>>>don^Òt work*
>>>
>>>* *
>>>
>>>*Thanks*
>>>
>>>* *
>>>
>>>*Raul.-*
>>>
>>>------------------------ MailScanner list ------------------------ To
> 
> 
>>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From alex at NKPANAMA.COM  Sat Sep  4 22:02:30 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:47 2006
Subject: Message-ID matching
Message-ID: <mailman.1568.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
well most of the time.

Mathias Koerber wrote:

> Hi MailScanner gurus,
>
> I am getting very frustrated by the many bounce-messages we receive
> which are in response to some virus elsewhere using our email addresses
> in the From: headers.
>
> Is there a way (in MailScanner) to
>         a) have MailScanner record the message-id of all outgoing emails
>            passing though it
>         b) matching certain incoming emails, such as bounces against
>            that list and acting differently according to whether the
>            original mail was known or not
>
> formail -D does have a facility to record message-IDs, but I believe
> calling formail on every outgoing email may be quite heavy, and we are
> still lacking a facility to check the database on incoming emails.
>
> Also, some tool will be required to clean out the database regularly,
> unless like in formail the database can be of limited size and
> old records get lost when the database fills up.
>
> Has anyone implemented such a facility in Mailscanner yet?
>
> Any hints where I should start looking if I wanted to try this
> myself (ie, where are the hooks etc)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at NKPANAMA.COM  Sat Sep  4 22:10:00 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:47 2006
Subject: 4.33.3: more defaults to change
Message-ID: <mailman.1569.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Cedilla ;)

Jeff A. Earickson wrote:

> Well, I can clearly see the accent over the first "a", the tilde over
> the second "a", and that little hangy-down squiggle under the "c" with
> my ISO-8859-1 setup.  So ISO-8859-1 must be doing something right.
> I took three years of French and can't remember what that mark under the
> "c" is called anymore.
> 
> Jeff Earickson
> 
> On Wed, 1 Sep 2004, Felipe Tonioli wrote:
> 
>> Date: Wed, 1 Sep 2004 15:50:59 -0300
>> From: Felipe Tonioli <tonioli@K2SISTEMAS.COM.BR>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: 4.33.3: more defaults to change
>>
>> I'm from brazil ... have alot of á ã ç ... so if the new default has 
>> problem
>> with that ....
>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>>> Behalf Of Mariano Absatz
>>> Sent: Wednesday, September 01, 2004 2:56 PM
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: 4.33.3: more defaults to change
>>>
>>>
>>> On Wed, 1 Sep 2004 08:45:47 +0100, Julian Field
>>> <mailscanner@ecs.soton.ac.uk> wrote:
>>>
>>>> All changed.
>>>>
>>>> Anyone got any comments to the contrary, particularly on the
>>>
>>> Charset setting?
>>>
>>> I'm totally for ISO-8859-1 charset... but then, I speak Spanish :-)
>>>
>>> -- 
>>> Mariano Absatz - El Baby
>>> el (dot) baby (AT) gmail (dot) com
>>> el (punto) baby (ARROBA:@) gmail (punto) com
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>> ---
>>> Incoming mail is certified Virus Free.
>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 8/27/2004
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html
> ).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep  4 22:33:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: MCP patches for SA3
Message-ID: <mailman.1570.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just posted a bug report to the SpamAssassin team.
They have included the "decode_attachments" property in SA3, but have not
done anything with it. Hopefully they will either include the extra
functionality, or tell me where to add it.
The code has been completely reworked in SA3, and I can't immediately see
where/if I need to add my extra code to cause the decoding of binary
attachments for MCP purposes.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Sat Sep  4 23:39:11 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:47 2006
Subject: non-GNU systems: serious bug in SA3 dependency
Message-ID: <mailman.1571.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sep 4, 2004, at 8:16 AM, Julian Field wrote:

> To find the fully-qualified hostname with the domain attached (ie the
> FQDN), it executes the command
>        hostname --fqdn
>
> This will, on Solaris systems at least, set the hostname to the name
> "--fqdn" which probably isn't what your server is called. If you try
> this,
> change your hostname back *real* fast or all sorts of ugly shit will
> happen.

[snip]

> Thought you folks might appreciate the warning...

Oh, OUCH!  Thank you for finding and reporting it.  That's just
insidious.  And it so violates the idea that Perl and its modules
should be portable.

(I mean, on my solaris systems, they can find my FQDN by just doing a
"hostname".  My hostnames are all FQDN's because they need to be with
kerberos (inspite of the fact that Solaris has its own version of
kerberos in SEAM, solaris still insists upon only letting you use the
short host name, so you have to go fix the hostname before you try to
work with a real version of kerberos).)


It seems like a better code fix would be: grep for the domain entry in
resolv.conf, and check to see if the reported hostname ends with that
string, if it does, use that.  If it doesn't, then check to see if the
reported hostname and the domain name exist in 1 line of the hosts
file.  If it does, try to find an entry in that line that has both (in
case it's not just "shortname.domain", like
"shortname.subdomain.domain").  Otherwise, give shortname.domain.

Or, even, take the code in the GNU version of hostname, and convert
that to perl, and use that in the perl module.

I'm not suggesting YOU do that, I'm saying that's what the perl module
author should have done.

Speaking of which ... did you report this bug to that author?  If you
didn't, and you don't have time to follow up with them and such, just
say so.  I'll take this one on if you want to hand it off to someone.


John

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep  4 23:49:12 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: non-GNU systems: serious bug in SA3 dependency
Message-ID: <mailman.1572.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:39 04/09/2004, you wrote:
>On Sep 4, 2004, at 8:16 AM, Julian Field wrote:
>>To find the fully-qualified hostname with the domain attached (ie the
>>FQDN), it executes the command
>>        hostname --fqdn
>>
>>This will, on Solaris systems at least, set the hostname to the name
>>"--fqdn" which probably isn't what your server is called. If you try
>>this,
>>change your hostname back *real* fast or all sorts of ugly shit will
>>happen.
>
>Oh, OUCH!  Thank you for finding and reporting it.  That's just
>insidious.  And it so violates the idea that Perl and its modules
>should be portable.
>
>Speaking of which ... did you report this bug to that author?  If you
>didn't, and you don't have time to follow up with them and such, just
>say so.  I'll take this one on if you want to hand it off to someone.

If you could take this up and pursue it, that would really help. Thankyou!
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Sat Sep  4 23:57:41 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:47 2006
Subject: Message-ID matching
Message-ID: <mailman.1573.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-09-04 at 22:02, Alex Neuman van der Hans wrote:
> You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
> well most of the time.

But be warned... the bogus virus warning ruleset contains a bunch of
rules that match various messages sent by MailScanner, you could end up
blocking messages from your own MailScanner installation...




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at NKPANAMA.COM  Sun Sep  5 01:14:25 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:47 2006
Subject: Message-ID matching
Message-ID: <mailman.1574.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Unless you whitelist your own server or 127.0.0.1; in any case I usually
don't notify anyone and rely on tools like MailWatch for reporting.

On Sat, 2004-09-04 at 22:02, Alex Neuman van der Hans wrote:
> You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
> well most of the time.

But be warned... the bogus virus warning ruleset contains a bunch of
rules that match various messages sent by MailScanner, you could end up
blocking messages from your own MailScanner installation...




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From newsgroup2 at SPACELINK.COM.AU  Sun Sep  5 07:22:31 2004
From: newsgroup2 at SPACELINK.COM.AU (Stuart Clark)
Date: Thu Jan 12 21:26:47 2006
Subject: mass email detection rule
Message-ID: <mailman.1575.1137101207.24926.mailscanner@lists.mailscanner.info>

Hi

At times our mail server gets bombarded with 1000+ spam emails from the same
recipient (well a fake hotmail address). Surely there must be a rule that
go's like this

 if someone tried to spam mailboxes on the server more that 30 per minute
then they will get blocked for 24 hours

or even better

 if anyone tried to send more that 30 emails per minute for 5 consecutive
minutes they will get blocked for 7 days

I suppose the times could be adjusted



or something like that?

Kind Regards

Stuart Clark
Director
Spacelink Communications Pty Ltd
Ph. 98570800 Fx. 98597577

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Sun Sep  5 09:19:07 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:47 2006
Subject: Message-ID matching
Message-ID: <mailman.1576.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
>> well most of the time.

> But be warned... the bogus virus warning ruleset contains a bunch of
> rules that match various messages sent by MailScanner, you could end up
> blocking messages from your own MailScanner installation...

score VIRUS_WARNING62 0

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From carinus.carelse at MRC.AC.ZA  Sun Sep  5 09:30:25 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:47 2006
Subject: New Bayes Error
Message-ID: <mailman.1577.1137101207.24926.mailscanner@lists.mailscanner.info>

Ja i have a new error messages i hope someone can shed some light on.

Carinus


debug: bayes: 20627 tie-ing to DB file R/O
/var/spool/MailScanner/spamassassin/bayes_toks
Cannot open bayes databases /var/spool/MailScanner/spamassassin/bayes_*
R/O: tie failed: Invalid argument
debug: Score set 1 chosen.
debug: Initialising learner
debug: bayes: 20627 tie-ing to DB file R/O
/var/spool/MailScanner/spamassassin/bayes_toks
Cannot open bayes databases /var/spool/MailScanner/spamassassin/bayes_*
R/O: tie failed: Invalid argument

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sun Sep  5 09:30:58 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:47 2006
Subject: New Bayes Error
Message-ID: <mailman.1578.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-09-05 at 09:30, Carinus Carelse wrote:
> Ja i have a new error messages i hope someone can shed some light on.

Are those files /that directory present?  Does the user that MailScanner
is running as have read+write access to them?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sun Sep  5 09:34:17 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:47 2006
Subject: New Bayes Error
Message-ID: <mailman.1579.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Carinus Carelse wrote:
> Ja i have a new error messages i hope someone can shed some light on.
>
> debug: bayes: 20627 tie-ing to DB file R/O
> /var/spool/MailScanner/spamassassin/bayes_toks
> Cannot open bayes databases /var/spool/MailScanner/spamassassin/bayes_*
> R/O: tie failed: Invalid argument

Looks like you have blown your Bayes DB. Happened to me several times
when I used SA:s own expire mechanism. What is bayes_auto_expire set to
in spam.assassin.prefs.conf? If it's still commented out, then it's on
and it simply does not work. Set it to 0 by removing the comment and
expire from MailScanner.conf (Rebuild Bayes Every) or do it manually
from cron.

You can read more here:

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/317.html

You could try to stop MS and then issue "sa-learn --force-expire", if
that gives the same error you have no other choice than deleting your
Bayes files, then it will start from scratch. If you had a well trained
Bayes DB it can be worth it to restore it from backup.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From subscriptions at ETEAM.COM.AU  Sun Sep  5 11:44:34 2004
From: subscriptions at ETEAM.COM.AU (Wayne Fox)
Date: Thu Jan 12 21:26:47 2006
Subject: mass email detection rule
Message-ID: <mailman.1580.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Take a look at VISPAN. It attempts to address this issue.
www.while.homeunix.net/mailstats



At 04:22 PM 5/09/2004, you wrote:
>Hi
>
>At times our mail server gets bombarded with 1000+ spam emails from the same
>recipient (well a fake hotmail address). Surely there must be a rule that
>go's like this
>
>  if someone tried to spam mailboxes on the server more that 30 per minute
>then they will get blocked for 24 hours
>
>or even better
>
>  if anyone tried to send more that 30 emails per minute for 5 consecutive
>minutes they will get blocked for 7 days
>
>I suppose the times could be adjusted
>
>
>
>or something like that?
>
>Kind Regards
>
>Stuart Clark
>Director
>Spacelink Communications Pty Ltd
>Ph. 98570800 Fx. 98597577
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 11:46:41 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: mass email detection rule
Message-ID: <mailman.1581.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
See the IP Blocking code in CustomConfig.pm. This more or less already does
what you want.
There are a load of comments in
/usr/lib/MailScanner/MailScanner/CustomConfig.pm. Look for
         IPBlock
and you'll find it all. It works with the sendmail access db at the moment.

At 07:22 05/09/2004, you wrote:
>Hi
>
>At times our mail server gets bombarded with 1000+ spam emails from the same
>recipient (well a fake hotmail address). Surely there must be a rule that
>go's like this
>
>  if someone tried to spam mailboxes on the server more that 30 per minute
>then they will get blocked for 24 hours
>
>or even better
>
>  if anyone tried to send more that 30 emails per minute for 5 consecutive
>minutes they will get blocked for 7 days
>
>I suppose the times could be adjusted
>
>
>
>or something like that?
>
>Kind Regards
>
>Stuart Clark
>Director
>Spacelink Communications Pty Ltd
>Ph. 98570800 Fx. 98597577
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 13:03:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: MCP and SpamAssassin 3
Message-ID: <mailman.1582.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In the MCP docs on
http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
there are 3 new patch files. These should implement support for checking
inside binary attachments, such as Word documents, when doing MCP checks.

You will need to add

decode_attachments 1

to your /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf file.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From idan at SECURENET.CO.IL  Sun Sep  5 13:14:47 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Disable messages to the recipient
Message-ID: <mailman.1583.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6388.0">
<TITLE>Disable messages to the recipient</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial">Hi all,</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial">I want to disable attachment blocking, virus detection etc to the recipient and send them to a specific mailbox.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial">It's possible?</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial">Thanks a lot.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Arial">Idan.</FONT></SPAN></P>
<BR>
<BR>
<BR>
<BR>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Sep  5 13:20:43 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:26:47 2006
Subject: Disable messages to the recipient
Message-ID: <mailman.1584.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-09-05 at 15:14 +0300, Idan Plotnik wrote:
> I want to disable attachment blocking, virus detection etc to the
> recipient and send them to a specific mailbox.

Send what to a mailbox??

--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Sun Sep  5 13:57:44 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Disable messages to the recipient
Message-ID: <mailman.1585.1137101207.24926.mailscanner@lists.mailscanner.info>

This kind of messages .... (see the attachment) 



-----Original Message-----
From: Michele Neylon::Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Sunday, September 05, 2004 2:21 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Disable messages to the recipient

On Sun, 2004-09-05 at 15:14 +0300, Idan Plotnik wrote:
> I want to disable attachment blocking, virus detection etc to the 
> recipient and send them to a specific mailbox.

Send what to a mailbox??

--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, "yoursite-Attachment-Warning.txt"  Text/PLAIN (Name: ]
    [ "yoursite-Attachment-Warning.txt")  15 lines. ]
    [ Unable to print this part. ]


From mailscanner at ecs.soton.ac.uk  Sun Sep  5 14:40:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1586.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
What would anyone like to see in the default configuration for this option?

I have added
        Return-Receipt-To:
        X-Mozilla-Status:
so far.

Any other useful ones, such as any other "receipt" type headers I need to add?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From idan at SECURENET.CO.IL  Sun Sep  5 15:02:04 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: What if - Quarantine Whole message as queue file =no.
Message-ID: <mailman.1587.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6388.0">
<TITLE>What if - Quarantine Whole message as queue file =no.</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Hi all,</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">If I configure my MS to &quot;</FONT><FONT SIZE=2 FACE="Arial">Quarantine Whole message as queue file =no.&quot;</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">What is the way to release a message from the Q dir ?</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Thanks a lot.</FONT></SPAN></P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 15:22:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: What if - Quarantine Whole message as queue file =no.
Message-ID: <mailman.1588.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:02 05/09/2004, you wrote:

>Hi all,
>
>If I configure my MS to "Quarantine Whole message as queue file =no."
>
>What is the way to release a message from the Q dir ?

It depends on your MTA (i.e. sendmail or Exim or whatever).
You have to ask the MTA to deliver the message for you.
In sendmail, and some others that emulate the behaviour of the sendmail
binary), it is
sendmail -t < message-file-in-quarantine

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From idan at SECURENET.CO.IL  Sun Sep  5 16:13:03 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1589.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6388.0">
<TITLE>Block ZIP file when I configure not blocking. </TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Hi All,</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">In the file filename.rules.conf I configure &quot;allow&nbsp;&nbsp; \.zip$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -&quot;</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">And still in some cases the MailScanner block ZIP file and in some not.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">I am using mailscanner-4.32.5-1.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Someone familier with this problem ?</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">BTW I don&#8217;t check file size.</FONT></SPAN></P>
<BR>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">This is a message from the MailScanner E-Mail Virus Protection Service</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">----------------------------------------------------------------------</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">The original e-mail attachment &quot;Data.zip&quot;</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">is on the list of unacceptable attachments for this site and has been</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">replaced by this warning message.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">If you wish to receive a copy of the original attachment, please</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">e-mail helpdesk and include the whole of this message</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">in your request. Alternatively, you can call them, with</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">the contents of this message to hand when you call.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">At Sun Sep&nbsp; 5 17:49:33 2004 the virus scanner said:</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">&nbsp;&nbsp; MailScanner: Eudora *.lnk security hole attack (SpmProCfg.lnk)</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Note to Help Desk: Look on the yoursite MailScanner in /var/spool/MailScanner/quarantine/20040905 (message i85EkRuG015097).</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">-- </FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Postmaster</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">MailScanner thanks transtec Computers for their support</FONT></SPAN></P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Sep  5 16:28:11 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1590.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-09-05 at 18:13 +0300, Idan Plotnik wrote:
> Hi All,
> 
> In the file filename.rules.conf I configure "allow   \.zip$
> -       -"
> 
> And still in some cases the MailScanner block ZIP file and in some
> not.
> 
> I am using mailscanner-4.32.5-1.
> 
> Someone familier with this problem ?
> 
> BTW I donâ^À^Ùt check file size.
This has been discussed many times in the past.
You need to look at the scan depth in MailScanner.conf
-- 
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Sun Sep  5 16:31:56 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1591.1137101207.24926.mailscanner@lists.mailscanner.info>

The scan depth configure to 2, what is connection, this file not include
Virus just exe file.




-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Sunday, September 05, 2004 5:28 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Block ZIP file when I configure not blocking.

On Sun, 2004-09-05 at 18:13 +0300, Idan Plotnik wrote:
> Hi All,
> 
> In the file filename.rules.conf I configure "allow   \.zip$
> -       -"
> 
> And still in some cases the MailScanner block ZIP file and in some 
> not.
> 
> I am using mailscanner-4.32.5-1.
> 
> Someone familier with this problem ?
> 
> BTW I don't check file size.
This has been discussed many times in the past.
You need to look at the scan depth in MailScanner.conf
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Sep  5 17:04:29 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1592.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 2004-09-05 at 18:31 +0300, Idan Plotnik wrote:
> The scan depth configure to 2, what is connection, this file not include
> Virus just exe file.

And have you allowed .exe files?

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Sun Sep  5 17:08:13 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1593.1137101207.24926.mailscanner@lists.mailscanner.info>

Please I want to know the reason, it don't contain virus and not
malicious content.

  


_________________________________________________


-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Sunday, September 05, 2004 5:28 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Block ZIP file when I configure not blocking.

On Sun, 2004-09-05 at 18:13 +0300, Idan Plotnik wrote:
> Hi All,
> 
> In the file filename.rules.conf I configure "allow   \.zip$
> -       -"
> 
> And still in some cases the MailScanner block ZIP file and in some 
> not.
> 
> I am using mailscanner-4.32.5-1.
> 
> Someone familier with this problem ?
> 
> BTW I don't check file size.
This has been discussed many times in the past.
You need to look at the scan depth in MailScanner.conf
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Sun Sep  5 17:08:38 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1594.1137101207.24926.mailscanner@lists.mailscanner.info>

Yes. 

_________________________________________________


-----Original Message-----
From: Michele Neylon : Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 
Sent: Sunday, September 05, 2004 6:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Block ZIP file when I configure not blocking.

On Sun, 2004-09-05 at 18:31 +0300, Idan Plotnik wrote:
> The scan depth configure to 2, what is connection, this file not 
> include Virus just exe file.

And have you allowed .exe files?

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sun Sep  5 17:26:44 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1595.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:
> Hi All,
>
> In the file filename.rules.conf I configure "allow   \.zip$
> -       -"
> And still in some cases the MailScanner block ZIP file and in some not.
> I am using mailscanner-4.32.5-1.
> Someone familier with this problem ?
>
> BTW I don't check file size.
>
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "Data.zip"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
>
> If you wish to receive a copy of the original attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Sun Sep  5 17:49:33 2004 the virus scanner said:
>    MailScanner: Eudora *.lnk security hole attack (SpmProCfg.lnk)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>
> Note to Help Desk: Look on the yoursite MailScanner in
> /var/spool/MailScanner/quarantine/20040905 (message i85EkRuG015097).

Look at the message you included yourself. The answer is there. It's not
blocked because it's a zip file but because it's a lnk-file. Grep for
lnk in filename.rules and you will find it set to deny.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Sep  5 17:38:19 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1596.1137101207.24926.mailscanner@lists.mailscanner.info>

After a upgrade to Fecore core 2 and a newer sendmail 8.12.11 and a total
re-install and still incoming and outgoing double (sometimes even more)
messages I'm starting to get annoyed with sendmail. I'm tempted to go for
postix but this will bring some huge changes in a multi domain envoirement
with mail coming in from pop accounts and bsmtp, mailman list for
scout/guide troop and mailscanner with spamassassin. I'm looking into all
the matters before I consider to change or not I have looked at the
mailscanner.conf file for relations to postfix this would be the changes or
are there more to consider?

# User to run as (not normally used for sendmail)
# If you want to change the ownership or permissions of the quarantine or
# temporary files created by MailScanner, please see the "Incoming Work"
# settings later in this file.
#Run As User = mail
#Run As User = postfix
Run As User =

# Group to run as (not normally used for sendmail)
#Run As Group = mail
#Run As Group = postfix
Run As Group =

# Set whether to use postfix, sendmail, exim or zmailer.
# If you are using postfix, then see the "SpamAssassin User State Dir"
# setting near the end of this file
MTA = postfix

# If you are using Postfix you may well need to use some of the settings
# below, as the home directory for the "postfix" user cannot be written
# to by the "postfix" user.
# You may also need to use these if you have installed SpamAssassin
# somewhere other than the default location.

# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 17:47:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1597.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:38 05/09/2004, you wrote:
>After a upgrade to Fecore core 2 and a newer sendmail 8.12.11 and a total
>re-install and still incoming and outgoing double (sometimes even more)
>messages I'm starting to get annoyed with sendmail. I'm tempted to go for

Set
Lock Type = posix
If you run sendmail with the right command-line args to dump its build
environment, you will probably find you haven't got FLOCK as the lock
method. This is by far the most likely cause. If you haven't got flock as
the lock method, then it will use posix locks instead.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sun Sep  5 17:48:49 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1598.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matthijs Althoff wrote:
> After a upgrade to Fecore core 2 and a newer sendmail 8.12.11 and a total
> re-install and still incoming and outgoing double (sometimes even more)
> messages I'm starting to get annoyed with sendmail.

<irony>Yes, it can't be your setup that is wrong because all us other
Sendmail users have double messages too but we like extra copies of
everything.</irony>

:-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Sep  5 18:23:08 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1599.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 17:47:36 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>Set
>Lock Type = posix

$ cat MailScanner.conf | grep posix

# For Exim, it defaults to "posix".
Lock Type = posix

It was suggested in August I have changed it then to posix and
a lock is created as shown in maillog but without result.

>If you run sendmail with the right command-line args to dump its build
>environment, you will probably find you haven't got FLOCK as the lock
>method. This is by far the most likely cause. If you haven't got flock as
>the lock method, then it will use posix locks instead.

$ sendmail -bt -d0.10 < /dev/null | head -n 10

Version 8.12.11
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
               MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
               NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS
               TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines:    ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASFLOCK
               HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
               HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
               HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
               HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Sun Sep  5 18:29:03 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:47 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1600.1137101207.24926.mailscanner@lists.mailscanner.info>

How do I disable these messages to the recipient ? And transfer them to
a specific mailbox ?

-----Original Message-----
From: Peter Bonivart [mailto:peter@UCGBOOK.COM] 
Sent: Sunday, September 05, 2004 6:27 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Block ZIP file when I configure not blocking.

Idan Plotnik wrote:
> Hi All,
>
> In the file filename.rules.conf I configure "allow   \.zip$
> -       -"
> And still in some cases the MailScanner block ZIP file and in some
not.
> I am using mailscanner-4.32.5-1.
> Someone familier with this problem ?
>
> BTW I don't check file size.
>
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "Data.zip"
> is on the list of unacceptable attachments for this site and has been 
> replaced by this warning message.
>
> If you wish to receive a copy of the original attachment, please 
> e-mail helpdesk and include the whole of this message in your request.

> Alternatively, you can call them, with the contents of this message to

> hand when you call.
>
> At Sun Sep  5 17:49:33 2004 the virus scanner said:
>    MailScanner: Eudora *.lnk security hole attack (SpmProCfg.lnk)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>
> Note to Help Desk: Look on the yoursite MailScanner in
> /var/spool/MailScanner/quarantine/20040905 (message i85EkRuG015097).

Look at the message you included yourself. The answer is there. It's not
blocked because it's a zip file but because it's a lnk-file. Grep for
lnk in filename.rules and you will find it set to deny.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 18:30:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1601.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:23 05/09/2004, you wrote:
>On Sun, 5 Sep 2004 17:47:36 +0100, Julian Field
><mailscanner@ECS.SOTON.AC.UK> wrote:
>
> >Set
> >Lock Type = posix
>
>$ cat MailScanner.conf | grep posix
>
># For Exim, it defaults to "posix".
>Lock Type = posix
>
>It was suggested in August I have changed it then to posix and
>a lock is created as shown in maillog but without result.

 From your output below, you should leave Lock Type as the default (i.e.
comment it out and let MailScanner set it for you).

Once you have done that, you should be okay.

Make sure you only have the MailScanner sendmail processes running, and you
don't have any of the original ones. You should have 1 doing "-bd" and 1
doing "-q15m", and probably 1 running as smmsp process the clientmqueue.

With all that lot in place, you should only be getting 1 copy of each message.

If you would like me to login and take a look for you, send me login
details and root pw off-list and I'll check it looks okay for you.

> >If you run sendmail with the right command-line args to dump its build
> >environment, you will probably find you haven't got FLOCK as the lock
> >method. This is by far the most likely cause. If you haven't got flock as
> >the lock method, then it will use posix locks instead.
>
>$ sendmail -bt -d0.10 < /dev/null | head -n 10
>
>Version 8.12.11
>Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
>                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
>                NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS
>                TCPWRAPPERS USERDB USE_LDAP_INIT
>OS Defines:    ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD HASFLOCK
>                HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
>                HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
>                HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
>                HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Sep  5 18:32:41 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1602.1137101207.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 18:48:49 +0200, Peter Bonivart <peter@UCGBOOK.COM> wrote:

><irony>Yes, it can't be your setup that is wrong because all us other
>Sendmail users have double messages too but we like extra copies of
>everything.</irony>

<funnymood> Duuhh So there is no need to put "Archive Mail =" into
MailScanner, Sendmail will do the copies for you :-)</funnymood>

It only seems to have effect on users getting mail bsmtp relays, pop
accounts do not seem to be affected. It is a rpm install of sendmail no
extra stuff compiled in. My setup is detailed in one of the August messages
which can be found as http://tinyurl.com/49e54

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 18:48:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:47 2006
Subject: install postfix
Message-ID: <mailman.1603.1137101207.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:32 05/09/2004, you wrote:
>On Sun, 5 Sep 2004 18:48:49 +0200, Peter Bonivart <peter@UCGBOOK.COM> wrote:
>
> ><irony>Yes, it can't be your setup that is wrong because all us other
> >Sendmail users have double messages too but we like extra copies of
> >everything.</irony>
>
><funnymood> Duuhh So there is no need to put "Archive Mail =" into
>MailScanner, Sendmail will do the copies for you :-)</funnymood>
>
>It only seems to have effect on users getting mail bsmtp relays, pop
>accounts do not seem to be affected. It is a rpm install of sendmail no
>extra stuff compiled in. My setup is detailed in one of the August messages
>which can be found as http://tinyurl.com/49e54

You have done
chkconfig sendmail off
service sendmail stop
chkconfig MailScanner on
service MailScanner start
haven't you? I just want to ensure that your original sendmail processes
aren't also running the queues...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Sep  5 18:55:41 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:48 2006
Subject: install postfix
Message-ID: <mailman.1604.1137101208.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 18:30:36 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

> From your output below, you should leave Lock Type as the default (i.e.
>comment it out and let MailScanner set it for you).

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For Exim, it defaults to "posix".
# No other type is implemented.
#Lock Type = flock
#Lock Type =

As completely comment like above?

>Once you have done that, you should be okay.

Sep  5 19:39:02 bromberg sendmail[16445]: alias database /etc/aliases
rebuilt by postman
Sep  5 19:39:02 bromberg sendmail[16445]: /etc/aliases: 73 aliases, longest
49 bytes, 1218 bytes total
Sep  5 19:39:02 bromberg sendmail[16457]: starting daemon (8.12.11): SMTP
Sep  5 19:39:02 bromberg sm-msp-queue[16463]: starting daemon (8.12.11):
queueing@00:15:00
Sep  5 19:39:02 bromberg sendmail[16470]: starting daemon (8.12.11):
queueing@00:15:00
Sep  5 19:39:03 bromberg MailScanner[16489]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Sep  5 19:39:04 bromberg MailScanner[16489]: Using locktype = flock
Sep  5 19:39:13 bromberg MailScanner[16493]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Sep  5 19:39:23 bromberg MailScanner[16495]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Sep  5 19:39:33 bromberg MailScanner[16496]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Sep  5 19:39:34 bromberg MailScanner[16496]: Using locktype = flock
Sep  5 19:39:34 bromberg MailScanner[16493]: Using locktype = flock
Sep  5 19:39:34 bromberg MailScanner[16495]: Using locktype = flock
Sep  5 19:39:43 bromberg MailScanner[16498]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Sep  5 19:39:44 bromberg MailScanner[16498]: Using locktype = flock

>Make sure you only have the MailScanner sendmail processes running, and you
>don't have any of the original ones. You should have 1 doing "-bd" and 1
>doing "-q15m", and probably 1 running as smmsp process the clientmqueue.

There is a startup from the log above and this tells status:

$ service MailScanner status
Checking MailScanner daemons:
MailScanner:                                      [  OK  ]
incoming sendmail:                                [  OK  ]
outgoing sendmail:                                [  OK  ]

Not sure about this one..

$ service sendmail status
sendmail (pid 16470 16463 16457) is running...

However in ntsysv only MailScanner is marked to be statup up
on boot, sendmail is set to off..

> With all that lot in place, you should only be getting 1 copy of each
> message.

After the second message it wend wrong.

>If you would like me to login and take a look for you, send me login
>details and root pw off-list and I'll check it looks okay for you.

Would jkf AT ecs.soton.ac.uk be the right address?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep  5 19:01:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: install postfix
Message-ID: <mailman.1605.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:55 05/09/2004, you wrote:
> >If you would like me to login and take a look for you, send me login
> >details and root pw off-list and I'll check it looks okay for you.
>
>Would jkf AT ecs.soton.ac.uk be the right address?

Better is mailscanner AT ....
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Sun Sep  5 19:06:32 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:48 2006
Subject: install postfix
Message-ID: <mailman.1606.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matthijs Althoff wrote:

>After a upgrade to Fecore core 2 and a newer sendmail 8.12.11 and a total
>re-install and still incoming and outgoing double (sometimes even more)
>messages I'm starting to get annoyed with sendmail. I'm tempted to go for
>postix but this will bring some huge changes in a multi domain envoirement
>with mail coming in from pop accounts and bsmtp, mailman list for
>scout/guide troop and mailscanner with spamassassin. I'm looking into all
>the matters before I consider to change or not I have looked at the
>mailscanner.conf file for relations to postfix this would be the changes or
>are there more to consider?
>
># User to run as (not normally used for sendmail)
># If you want to change the ownership or permissions of the quarantine or
># temporary files created by MailScanner, please see the "Incoming Work"
># settings later in this file.
>#Run As User = mail
>#Run As User = postfix
>Run As User =
>
># Group to run as (not normally used for sendmail)
>#Run As Group = mail
>#Run As Group = postfix
>Run As Group =
>
># Set whether to use postfix, sendmail, exim or zmailer.
># If you are using postfix, then see the "SpamAssassin User State Dir"
># setting near the end of this file
>MTA = postfix
>
># If you are using Postfix you may well need to use some of the settings
># below, as the home directory for the "postfix" user cannot be written
># to by the "postfix" user.
># You may also need to use these if you have installed SpamAssassin
># somewhere other than the default location.
>
># The per-user files (bayes, auto-whitelist, user_prefs) are looked
># for here and in ~/.spamassassin/. Note the files are mutable.
># If this is unset then no extra places are searched for.
># If using Postfix, you probably want to set this as shown in the example
># line at the end of this comment, and do
>#      mkdir /var/spool/MailScanner/spamassassin
>#      chown postfix.postfix /var/spool/MailScanner/spamassassin
>#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>
>
>
That's about it for MS. I too run multi-domain, with Mailman (Ironically
for a few Scout mailing lists :-) ) and have no problems at all with
Postfix. I have found it nice and simple to set up with a MySQL database
driving the user, transport, virtual user maps. Just remember that
unlike Sendmail, Postfix trusts no-one so all files that MS might
manipulate (Queue, quarantine, bayes etc) all need to be owned by the
Postfix user. This is normally one large area for 'sillys' to creep into.

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at bromberg.xs4all.nl  Sun Sep  5 19:16:17 2004
From: m.althoff at bromberg.xs4all.nl (J.M. Althoff)
Date: Thu Jan 12 21:26:48 2006
Subject: bromberg mailscanner setup
Message-ID: <mailman.1607.1137101208.24926.mailscanner@lists.mailscanner.info>

I have setup a user account for you which you can access by ssh (ssh1)

Host: bromberg.althoffcentral.com
IP:  82.92.118.67
Login:  fieldj
Password:  jumailfi

>From there you can su with temp password: you4rock2

The setup is based on Fedora Core 2 with sendmail

sendmail -> /etc/mail
mailscanner -> /etc/MailScanner
logfiles -> /var/log
Editors: vi or Pico are available

I have not used talk in ages but is is available I will be around somewhere
as user postman logged in..

Thank a lot!

J.M. Althoff,

--
e-mail m.althoff@bromberg.xs4all.nl / postbus@althoffcentral.com
althoffcentral anti-spam site : http://www.althoffcentral.com
scouting web website : http://www.cycloongroep.nl
e-mail policy : http://www.althoffcentral.com/policy



------------------------------------------------------------
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
We enforce a strict spam and virus policy, for further
information read http://www.althoffcentral.com/policy
------------------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at NKPANAMA.COM  Sun Sep  5 19:18:40 2004
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:48 2006
Subject: install postfix
Message-ID: <mailman.1608.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
BTW, remember that some RPM's will make sendmail "run on startup"
without telling you. I've seen cases where people either up2date,
apt-get or (place your package manager here) sendmail and wind up having
two of them running. Usually that'll just get you a bunch of "port is in
use" messages in the logs, but with locking gone bad I would suppose
double messages would be possible.

Also make sure you're not running anything else in front of sendmail,
like the old "sendmail sandwich" kludge that had to be applied to Trend
Micro's InterScan if you didn't want to turn your machine into a wide
open relay.

Julian Field wrote:
> At 18:32 05/09/2004, you wrote:
>
>> On Sun, 5 Sep 2004 18:48:49 +0200, Peter Bonivart <peter@UCGBOOK.COM>
>> wrote:
>>
>> ><irony>Yes, it can't be your setup that is wrong because all us other
>> >Sendmail users have double messages too but we like extra copies of
>> >everything.</irony>
>>
>> <funnymood> Duuhh So there is no need to put "Archive Mail =" into
>> MailScanner, Sendmail will do the copies for you :-)</funnymood>
>>
>> It only seems to have effect on users getting mail bsmtp relays, pop
>> accounts do not seem to be affected. It is a rpm install of sendmail no
>> extra stuff compiled in. My setup is detailed in one of the August
>> messages
>> which can be found as http://tinyurl.com/49e54
>
>
> You have done
> chkconfig sendmail off
> service sendmail stop
> chkconfig MailScanner on
> service MailScanner start
> haven't you? I just want to ensure that your original sendmail processes
> aren't also running the queues...
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sun Sep  5 19:19:38 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:48 2006
Subject: bromberg mailscanner setup
Message-ID: <mailman.1609.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> I have setup a user account for you which you can access by ssh (ssh1)
>
> Host: bromberg.althoffcentral.com
> IP:  82.92.118.67
> Login:  fieldj
> Password:  jumailfi
>
>> From there you can su with temp password: you4rock2
>
> The setup is based on Fedora Core 2 with sendmail

Ouch, i would suggest changing those ;)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Sun Sep  5 19:32:32 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:48 2006
Subject: bromberg mailscanner setup
Message-ID: <mailman.1610.1137101208.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 20:19:38 +0200, Raymond Dijkxhoorn
<raymond@PROLOCATION.NET> wrote:

>Ouch, i would suggest changing those ;)

Ok now I feel very very very very very very very very very very very very
very very very very very very very very very very very very very very very
very very very very very very very very very very very very very very very
very very very very very very very very very very very very stupid.

It was a temporary, has been corrected right away!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep  6 07:42:19 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1611.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Fri, 3 Sep 2004, Martin Sapsed wrote:

> Remco Barendse wrote:
>> I wonder why the wrapper script still works but the update doesn't. I
>> don't understand anything of the wrapper or update script to see where it
>> is looking.
>
> I'm guessing that perhaps when you try the wrapper by hand, your PATH is
> different to when cron runs the update script?


Possibly... but MailScanner is finding clamav without probs, it's just not
updating!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 08:08:36 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1612.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 1 Sep 2004, Julian Field wrote:

> At 16:31 01/09/2004, you wrote:
>> fdisk did the trick :)
>>
>> The box is running TaoLinux, haven't got a clue what broke the perl on the
>> box, it's a production box so i never fiddle with it.
>>
>> Can we include the pre-requisites for SpamAss 3 in the install.sh script?
>
> If you are prepared to not have RPMs for them, then look at the start of
> the "Other stuff" bit of the downloads page on www.mailscanner.info.

Thanks for this!

Noticed that you updated the package with SpamAss 3.00-rc3, thanks for
that. The included ClamAV version is .075 however while 0.75-1 is the
latest (not a real problem I guess).

I tried to install the package (deleted the Clam tarball because I use the
RPM so hopefully it wont install now)

[root@linux instsa]# ./install-Clam-SA.sh
You appear to be running on Solaris, I will use the ready-built
binaries for you where necessary.

This is strange, the box is in fact running a RedHat Enterprise rebuild
(TaoLinux). Is this something I should worry about, will it break stuff?
(Especially the ready built binaries remark is something that gets me
worried :)

Thanks!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 09:07:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1613.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 07:42 06/09/2004, you wrote:
>On Fri, 3 Sep 2004, Martin Sapsed wrote:
>
>>Remco Barendse wrote:
>>>I wonder why the wrapper script still works but the update doesn't. I
>>>don't understand anything of the wrapper or update script to see where it
>>>is looking.
>>
>>I'm guessing that perhaps when you try the wrapper by hand, your PATH is
>>different to when cron runs the update script?
>
>
>Possibly... but MailScanner is finding clamav without probs, it's just not
>updating!

How are you running the update?e
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 09:08:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1614.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:08 06/09/2004, you wrote:
>On Wed, 1 Sep 2004, Julian Field wrote:
>
>>At 16:31 01/09/2004, you wrote:
>>>fdisk did the trick :)
>>>
>>>The box is running TaoLinux, haven't got a clue what broke the perl on the
>>>box, it's a production box so i never fiddle with it.
>>>
>>>Can we include the pre-requisites for SpamAss 3 in the install.sh script?
>>
>>If you are prepared to not have RPMs for them, then look at the start of
>>the "Other stuff" bit of the downloads page on www.mailscanner.info.
>
>Thanks for this!
>
>Noticed that you updated the package with SpamAss 3.00-rc3, thanks for
>that. The included ClamAV version is .075 however while 0.75-1 is the
>latest (not a real problem I guess).
>
>I tried to install the package (deleted the Clam tarball because I use the
>RPM so hopefully it wont install now)
>
>[root@linux instsa]# ./install-Clam-SA.sh
>You appear to be running on Solaris, I will use the ready-built
>binaries for you where necessary.
>
>This is strange, the box is in fact running a RedHat Enterprise rebuild
>(TaoLinux). Is this something I should worry about, will it break stuff?
>(Especially the ready built binaries remark is something that gets me
>worried :)

No, don't worry. I must remove that output from the script.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.sapsed at BANGOR.AC.UK  Mon Sep  6 09:48:58 2004
From: m.sapsed at BANGOR.AC.UK (Martin Sapsed)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1615.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> What would anyone like to see in the default configuration for this option?
>
> I have added
>        Return-Receipt-To:
>        X-Mozilla-Status:
> so far.
>
> Any other useful ones, such as any other "receipt" type headers I need
> to add?

Prefix: this isn't criticising, it's thinking out loud!

On receipts, should MailScanner, by default, break functionality that
people expect to work? Isn't this something that should be left to
sysadmins to decide on? It would be nice if MailScanner could break
out-of-office replies in some way, but doing so by default might upset a
lot of people.

Just a thought...

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Mon Sep  6 09:56:14 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1616.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> What would anyone like to see in the default configuration for this option?
>
> I have added
>        Return-Receipt-To:
>        X-Mozilla-Status:
> so far.
>
> Any other useful ones, such as any other "receipt" type headers I need
> to add?
There are two:
X-Mozilla-Status:
X-Mozilla-Status2:

http://www.eyrich-net.org/mozilla/X-Mozilla-Status.html

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 09:58:41 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: clamav rpm update doesn't work
Message-ID: <mailman.1617.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
it's running now without any changes to MailScanner (out-of-the-box
config) but with a symlink from the rpm location of the update script in
/usr/local/bin : freshclam -> /usr/bin/freshclam

This is why I was requesting that the MailScanner clamav update script
would look for the freshclam script in 2 locations.

Cheers!
Remco


On Mon, 6 Sep 2004, Julian Field wrote:

> At 07:42 06/09/2004, you wrote:
>> On Fri, 3 Sep 2004, Martin Sapsed wrote:
>>
>>> Remco Barendse wrote:
>>>> I wonder why the wrapper script still works but the update doesn't. I
>>>> don't understand anything of the wrapper or update script to see where it
>>>> is looking.
>>>
>>> I'm guessing that perhaps when you try the wrapper by hand, your PATH is
>>> different to when cron runs the update script?
>>
>>
>> Possibly... but MailScanner is finding clamav without probs, it's just not
>> updating!
>
> How are you running the update?e
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From t.d.lee at DURHAM.AC.UK  Mon Sep  6 10:20:01 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1618.1137101208.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004, Julian Field wrote:

> What would anyone like to see in the default configuration for this option?
>
> I have added
>         Return-Receipt-To:
>         X-Mozilla-Status:
> so far.

While many of us in our day-to-day lives might have have a strong personal
preference for removing "Return-Receipt-To:", I'm not sure that this
should be MS's default site-wide, world-wide setting.  Doing so makes it
significantly change default site-wide email functionality, a thing which
we ought to be cautious about (despite personal enthusiasms we, as
individuals might have!).

Shouldn't MS's default setting be empty (or restricted to a "known to be
harmful (virus analogy)" example?  (Naturally, the accompanying comment
can point out the benefits of including "Return-Receipt-To:" in the
configuration!)

Hope that helps.

--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Mon Sep  6 10:20:31 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1619.1137101208.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 11:40 pm, Julian Field wrote:
> What would anyone like to see in the default configuration for this option?
>
> I have added
>         Return-Receipt-To:
>         X-Mozilla-Status:
> so far.
>
> Any other useful ones, such as any other "receipt" type headers I need to
> add? --
> Julian Field

I'll put my hand up for

X-Priority:

Would make my mail box look a LOT neater ;)  Especially if I could remove it
for specific users (or should that be "lusers")...you get the idea.

-- James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From bovati at MONDADORI.COM  Mon Sep  6 10:28:55 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1620.1137101208.24926.mailscanner@lists.mailscanner.info>

On Friday 03 September 2004 17:29, you wrote:
> Mirko Bovati wrote:
> > On Friday 03 September 2004 16:28, you wrote:
> >>Mirko
> >>
> >>do these scanners recognise the virus is called from the command line on
> >>the MS computer??
> >
> > hi Martin,
> >
> > The local antivirus who finds the virus is VisusScan 7.0 on a MS
> > computer. VirusScan doesn't clean the email. I forward the infected email
> > (and MailScanner say it is clean) and the recipient again find it is
> > infected.
> >
> > But, on another way, if I after receiving the infected email, I save the
> > attach (i.e. the virus) and I send a new email with the saved attach
> > attached, the MailScanner find the virus.
> >
> > I don't know if I answered your question.
> >
> > mirko
>
> Mirko
>
> OK are you keeping archive copies of the mails? If so what happens if
> you run the virus scanner on the infected message it misses - ie run the
> virus outside of MS control, from the command line, on the infected
> message.

Running from command line on a linux box, uvscan misses the infected messages.
the same happens df/qf pair.

So it seems e mcafee problem.


>
> That way you'll know if there's something wrong with MS or the virus
> scanner..

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep  6 10:42:16 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1621.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I use the MCP feature of MailScanner to filter the outgoing
Return-Receipt-To: notifications but I allow the returns from the outside
:)


On Mon, 6 Sep 2004, David Lee wrote:

> On Sun, 5 Sep 2004, Julian Field wrote:
>
>> What would anyone like to see in the default configuration for this option?
>>
>> I have added
>>         Return-Receipt-To:
>>         X-Mozilla-Status:
>> so far.
>
> While many of us in our day-to-day lives might have have a strong personal
> preference for removing "Return-Receipt-To:", I'm not sure that this
> should be MS's default site-wide, world-wide setting.  Doing so makes it
> significantly change default site-wide email functionality, a thing which
> we ought to be cautious about (despite personal enthusiasms we, as
> individuals might have!).
>
> Shouldn't MS's default setting be empty (or restricted to a "known to be
> harmful (virus analogy)" example?  (Naturally, the accompanying comment
> can point out the benefits of including "Return-Receipt-To:" in the
> configuration!)
>
> Hope that helps.
>
> --
>
> :  David Lee                                I.T. Service          :
> :  Systems Programmer                       Computer Centre       :
> :                                           University of Durham  :
> :  http://www.dur.ac.uk/t.d.lee/            South Road            :
> :                                           Durham                :
> :  Phone: +44 191 334 2752                  U.K.                  :
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 10:44:59 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1622.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Mirko Bovati wrote:

> On Friday 03 September 2004 17:29, you wrote:
>> Mirko Bovati wrote:
>>> On Friday 03 September 2004 16:28, you wrote:
>>>> Mirko
>>>>
>>>> do these scanners recognise the virus is called from the command line on
>>>> the MS computer??
>>>
>>> hi Martin,
>>>
>>> The local antivirus who finds the virus is VisusScan 7.0 on a MS
>>> computer. VirusScan doesn't clean the email. I forward the infected email
>>> (and MailScanner say it is clean) and the recipient again find it is
>>> infected.
>>>
>>> But, on another way, if I after receiving the infected email, I save the
>>> attach (i.e. the virus) and I send a new email with the saved attach
>>> attached, the MailScanner find the virus.
>>>
>>> I don't know if I answered your question.
>>>
>>> mirko
>>
>> Mirko
>>
>> OK are you keeping archive copies of the mails? If so what happens if
>> you run the virus scanner on the infected message it misses - ie run the
>> virus outside of MS control, from the command line, on the infected
>> message.
>
> Running from command line on a linux box, uvscan misses the infected messages.
> the same happens df/qf pair.
>
> So it seems e mcafee problem.

Did you read/follow the part about not using any symlinks anywhere for
mcafee? On some systems this causes mcafee to behave strange and not
detect virii that it does properly find from the command line

I used to have symlinks to my dat files and binary untill I got badly
bitten....

I decided to ditch mcafee completely but that's another subject :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Christo at IT4AFRICA.CO.ZA  Mon Sep  6 11:05:24 2004
From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout)
Date: Thu Jan 12 21:26:48 2006
Subject: Attachment Size Filters
Message-ID: <mailman.1623.1137101208.24926.mailscanner@lists.mailscanner.info>

I have a attachment size filter for certain users. I would just like to know
if there is a way to have the message delivered but strip away the
attachment. Some of our clients enforce email for work related use only.
This way we can have the user forward the message with the removed
attachment to the administrator for Quarantine release consideration.

What features are included in the attachment and Max Message site rules.

Thanx

Christo Bezuidenhout



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From bovati at MONDADORI.COM  Mon Sep  6 11:10:01 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1624.1137101208.24926.mailscanner@lists.mailscanner.info>

On Monday 06 September 2004 11:44, you wrote:
> On Mon, 6 Sep 2004, Mirko Bovati wrote:
> > On Friday 03 September 2004 17:29, you wrote:
> >> Mirko Bovati wrote:
> >>> On Friday 03 September 2004 16:28, you wrote:
> >>>> Mirko
> >>>>
> >>>> do these scanners recognise the virus is called from the command line
> >>>> on the MS computer??
> >>>
> >>> hi Martin,
> >>>
> >>> The local antivirus who finds the virus is VisusScan 7.0 on a MS
> >>> computer. VirusScan doesn't clean the email. I forward the infected
> >>> email (and MailScanner say it is clean) and the recipient again find it
> >>> is infected.
> >>>
> >>> But, on another way, if I after receiving the infected email, I save
> >>> the attach (i.e. the virus) and I send a new email with the saved
> >>> attach attached, the MailScanner find the virus.
> >>>
> >>> I don't know if I answered your question.
> >>>
> >>> mirko
> >>
> >> Mirko
> >>
> >> OK are you keeping archive copies of the mails? If so what happens if
> >> you run the virus scanner on the infected message it misses - ie run the
> >> virus outside of MS control, from the command line, on the infected
> >> message.
> >
> > Running from command line on a linux box, uvscan misses the infected
> > messages. the same happens df/qf pair.
> >
> > So it seems e mcafee problem.
>
> Did you read/follow the part about not using any symlinks anywhere for
> mcafee? On some systems this causes mcafee to behave strange and not
> detect virii that it does properly find from the command line

I think yes:
[mirko@harey /usr/local/uvscan]$ ls -l
total 8448
-rw-rw-rw-  1 root root  416862 Sep  1 06:32 clean.dat
-r--r--r--  1 root root   12014 Sep  6 10:32 contact.txt
-r--r--r--  1 root root  971875 Sep  6 10:32 e4320upg.pdf
-rw-rw-rw-  1 root root     110 Sep  1 06:32 file_id.diz
-rw-rw-rw-  1 root root   12124 Oct 15  1998 internet.dat
lrwxrwxrwx  1 root root      15 Sep  6 10:32 liblnxfv.so -> ./liblnxfv.so.4
-r-xr-xr-x  1 root root 2664512 Sep  6 10:32 liblnxfv.so.4
-r--r--r--  1 root root    1056 Sep  6 10:32 license.dat
-r--r--r--  1 root root    1809 Sep  6 10:32 license.txt
-r--r--r--  1 root root   38154 Sep  6 10:32 messages.dat
-rw-rw-rw-  1 root root  499211 Sep  1 06:32 names.dat
-rw-rw-rw-  1 root root    1209 Sep  1 06:32 packing.lst
-rw-rw-rw-  1 root root     708 Sep  1 06:32 pkgdesc.ini
-rw-rw-rw-  1 root root   45921 Sep  1 06:32 readme.txt
-rw-rw-rw-  1 root root   12169 Sep  1 06:32 reseller.txt
-rw-rw-rw-  1 root root 3690590 Sep  1 06:32 scan.dat
-r--r--r--  1 root root    5546 Sep  6 10:32 signlic.txt
-r-xr-xr-x  1 root root    6302 Sep  6 10:32 uninstall-uvscan
-r-xr-xr-x  1 root root  127699 Sep  6 10:32 uvscan
-r--r--r--  1 root root   13422 Sep  6 10:32 uvscan.1
-r-xr-xr-x  1 root root     402 Sep  6 10:32 uvscan_secure
-rwxrwxrwx  1 root root   51200 Sep  1 06:32 validate.exe

I think the test below says uvscan in working properly. Does it?

[mirko@harey ~/tempo]$ ls
Conclusioni.zip  dfi82C4rD20713  forwarded-email  qfi82C4rD20713
[mirko@harey ~/tempo]$ uvscan --verbose /home/mirko/tempo
Scanning /home/mirko/tempo/*
Scanning file /home/mirko/tempo/dfi82C4rD20713
Scanning file /home/mirko/tempo/qfi82C4rD20713
Scanning file /home/mirko/tempo/Conclusioni.zip
/home/mirko/tempo/Conclusioni.zip
        Found the W32/Mabutu.a@MM!zip virus !!!
Scanning file /home/mirko/tempo/forwarded-email

Conclusioni.zip is the saved attachment.

mirko

> I used to have symlinks to my dat files and binary untill I got badly
> bitten....
>
> I decided to ditch mcafee completely but that's another subject :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep  6 11:26:40 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1625.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Mirko Bovati wrote:

> On Monday 06 September 2004 11:44, you wrote:
>> On Mon, 6 Sep 2004, Mirko Bovati wrote:
>>> On Friday 03 September 2004 17:29, you wrote:
>>>> Mirko Bovati wrote:
>>>>> On Friday 03 September 2004 16:28, you wrote:
>>>>>> Mirko
>>>>>>
>>>>>> do these scanners recognise the virus is called from the command line
>>>>>> on the MS computer??
>>>>>
>>>>> hi Martin,
>>>>>
>>>>> The local antivirus who finds the virus is VisusScan 7.0 on a MS
>>>>> computer. VirusScan doesn't clean the email. I forward the infected
>>>>> email (and MailScanner say it is clean) and the recipient again find it
>>>>> is infected.
>>>>>
>>>>> But, on another way, if I after receiving the infected email, I save
>>>>> the attach (i.e. the virus) and I send a new email with the saved
>>>>> attach attached, the MailScanner find the virus.
>>>>>
>>>>> I don't know if I answered your question.
>>>>>
>>>>> mirko
>>>>
>>>> Mirko
>>>>
>>>> OK are you keeping archive copies of the mails? If so what happens if
>>>> you run the virus scanner on the infected message it misses - ie run the
>>>> virus outside of MS control, from the command line, on the infected
>>>> message.
>>>
>>> Running from command line on a linux box, uvscan misses the infected
>>> messages. the same happens df/qf pair.
>>>
>>> So it seems e mcafee problem.
>>
>> Did you read/follow the part about not using any symlinks anywhere for
>> mcafee? On some systems this causes mcafee to behave strange and not
>> detect virii that it does properly find from the command line
>
> I think yes:
> [mirko@harey /usr/local/uvscan]$ ls -l
> total 8448
> -rw-rw-rw-  1 root root  416862 Sep  1 06:32 clean.dat
> -r--r--r--  1 root root   12014 Sep  6 10:32 contact.txt
> -r--r--r--  1 root root  971875 Sep  6 10:32 e4320upg.pdf
> -rw-rw-rw-  1 root root     110 Sep  1 06:32 file_id.diz
> -rw-rw-rw-  1 root root   12124 Oct 15  1998 internet.dat
> lrwxrwxrwx  1 root root      15 Sep  6 10:32 liblnxfv.so -> ./liblnxfv.so.4
> -r-xr-xr-x  1 root root 2664512 Sep  6 10:32 liblnxfv.so.4
> -r--r--r--  1 root root    1056 Sep  6 10:32 license.dat
> -r--r--r--  1 root root    1809 Sep  6 10:32 license.txt
> -r--r--r--  1 root root   38154 Sep  6 10:32 messages.dat
> -rw-rw-rw-  1 root root  499211 Sep  1 06:32 names.dat
> -rw-rw-rw-  1 root root    1209 Sep  1 06:32 packing.lst
> -rw-rw-rw-  1 root root     708 Sep  1 06:32 pkgdesc.ini
> -rw-rw-rw-  1 root root   45921 Sep  1 06:32 readme.txt
> -rw-rw-rw-  1 root root   12169 Sep  1 06:32 reseller.txt
> -rw-rw-rw-  1 root root 3690590 Sep  1 06:32 scan.dat
> -r--r--r--  1 root root    5546 Sep  6 10:32 signlic.txt
> -r-xr-xr-x  1 root root    6302 Sep  6 10:32 uninstall-uvscan
> -r-xr-xr-x  1 root root  127699 Sep  6 10:32 uvscan
> -r--r--r--  1 root root   13422 Sep  6 10:32 uvscan.1
> -r-xr-xr-x  1 root root     402 Sep  6 10:32 uvscan_secure
> -rwxrwxrwx  1 root root   51200 Sep  1 06:32 validate.exe
>
> I think the test below says uvscan in working properly. Does it?
>
> [mirko@harey ~/tempo]$ ls
> Conclusioni.zip  dfi82C4rD20713  forwarded-email  qfi82C4rD20713
> [mirko@harey ~/tempo]$ uvscan --verbose /home/mirko/tempo
> Scanning /home/mirko/tempo/*
> Scanning file /home/mirko/tempo/dfi82C4rD20713
> Scanning file /home/mirko/tempo/qfi82C4rD20713
> Scanning file /home/mirko/tempo/Conclusioni.zip
> /home/mirko/tempo/Conclusioni.zip
>        Found the W32/Mabutu.a@MM!zip virus !!!
> Scanning file /home/mirko/tempo/forwarded-email
>
> Conclusioni.zip is the saved attachment.

Yes indeed, that is exactly the behaviour from mcafee i was seeing too.
When issued from the command line mcafee would properly detect the virus
but would declare it 'virus free' when scanned from MailScanner.

By the looks of it your mcafee directory is ok but this doesn't mean that
there aren't any symlinks to these binaries elswhere on the box.

I would check virus.scanners.conf to see from which location MailScanner
is invoking mcafee. Also I would check if there are any symlinks to the
dat files. If there are, replace the symlinks to the datfiles with
the real dat files and try scanning from MailScanner again.


>
> mirko
>
>> I used to have symlinks to my dat files and binary untill I got badly
>> bitten....
>>
>> I decided to ditch mcafee completely but that's another subject :)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 11:49:46 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1626.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Julian Field wrote:

> At 08:08 06/09/2004, you wrote:
>> On Wed, 1 Sep 2004, Julian Field wrote:
>>
>>> At 16:31 01/09/2004, you wrote:
>>>> fdisk did the trick :)
>>>>
>>>> The box is running TaoLinux, haven't got a clue what broke the perl on
>>>> the
>>>> box, it's a production box so i never fiddle with it.
>>>>
>>>> Can we include the pre-requisites for SpamAss 3 in the install.sh script?
>>>
>>> If you are prepared to not have RPMs for them, then look at the start of
>>> the "Other stuff" bit of the downloads page on www.mailscanner.info.
>>
>> Thanks for this!
>>
>> Noticed that you updated the package with SpamAss 3.00-rc3, thanks for
>> that. The included ClamAV version is .075 however while 0.75-1 is the
>> latest (not a real problem I guess).
>>
>> I tried to install the package (deleted the Clam tarball because I use the
>> RPM so hopefully it wont install now)
>>
>> [root@linux instsa]# ./install-Clam-SA.sh
>> You appear to be running on Solaris, I will use the ready-built
>> binaries for you where necessary.
>>
>> This is strange, the box is in fact running a RedHat Enterprise rebuild
>> (TaoLinux). Is this something I should worry about, will it break stuff?
>> (Especially the ready built binaries remark is something that gets me
>> worried :)
>
> No, don't worry. I must remove that output from the script.

OK, thanks!

The install script completed, hopefully SpamAss 3 is up and running now,
my attempt of last week resulted in a load average of 47(!!)


Is there anything that must be added to the MS config files to start using
surbl or define a score? Couldn't find it in the faq/maq yet :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep  6 11:55:50 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1627.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
<snip>
>>
>> No, don't worry. I must remove that output from the script.
>
>
> OK, thanks!
>
> The install script completed, hopefully SpamAss 3 is up and running now,
> my attempt of last week resulted in a load average of 47(!!)
>
>
> Is there anything that must be added to the MS config files to start using
> surbl or define a score? Couldn't find it in the faq/maq yet :)

surbl stuff should be built into SA 3.0 - check the default rules in
/usr/local/share/spamassassin..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From bovati at MONDADORI.COM  Mon Sep  6 12:39:13 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1628.1137101208.24926.mailscanner@lists.mailscanner.info>

On Monday 06 September 2004 12:26, you wrote:
> On Mon, 6 Sep 2004, Mirko Bovati wrote:
> > On Monday 06 September 2004 11:44, you wrote:
> >> On Mon, 6 Sep 2004, Mirko Bovati wrote:
> >>> On Friday 03 September 2004 17:29, you wrote:
> >>>> Mirko Bovati wrote:
> >>>>> On Friday 03 September 2004 16:28, you wrote:
> >>>>>> Mirko
> >>>>>>
> >>>>>> do these scanners recognise the virus is called from the command
> >>>>>> line on the MS computer??
> >>>>>
> >>>>> hi Martin,
> >>>>>
> >>>>> The local antivirus who finds the virus is VisusScan 7.0 on a MS
> >>>>> computer. VirusScan doesn't clean the email. I forward the infected
> >>>>> email (and MailScanner say it is clean) and the recipient again find
> >>>>> it is infected.
> >>>>>
> >>>>> But, on another way, if I after receiving the infected email, I save
> >>>>> the attach (i.e. the virus) and I send a new email with the saved
> >>>>> attach attached, the MailScanner find the virus.
> >>>>>
> >>>>> I don't know if I answered your question.
> >>>>>
> >>>>> mirko
> >>>>
> >>>> Mirko
> >>>>
> >>>> OK are you keeping archive copies of the mails? If so what happens if
> >>>> you run the virus scanner on the infected message it misses - ie run
> >>>> the virus outside of MS control, from the command line, on the
> >>>> infected message.
> >>>
> >>> Running from command line on a linux box, uvscan misses the infected
> >>> messages. the same happens df/qf pair.
> >>>
> >>> So it seems e mcafee problem.
> >>
> >> Did you read/follow the part about not using any symlinks anywhere for
> >> mcafee? On some systems this causes mcafee to behave strange and not
> >> detect virii that it does properly find from the command line
> >
> > I think yes:
> > [mirko@harey /usr/local/uvscan]$ ls -l
> > total 8448
> > -rw-rw-rw-  1 root root  416862 Sep  1 06:32 clean.dat
> > -r--r--r--  1 root root   12014 Sep  6 10:32 contact.txt
> > -r--r--r--  1 root root  971875 Sep  6 10:32 e4320upg.pdf
> > -rw-rw-rw-  1 root root     110 Sep  1 06:32 file_id.diz
> > -rw-rw-rw-  1 root root   12124 Oct 15  1998 internet.dat
> > lrwxrwxrwx  1 root root      15 Sep  6 10:32 liblnxfv.so ->
> > ./liblnxfv.so.4 -r-xr-xr-x  1 root root 2664512 Sep  6 10:32
> > liblnxfv.so.4
> > -r--r--r--  1 root root    1056 Sep  6 10:32 license.dat
> > -r--r--r--  1 root root    1809 Sep  6 10:32 license.txt
> > -r--r--r--  1 root root   38154 Sep  6 10:32 messages.dat
> > -rw-rw-rw-  1 root root  499211 Sep  1 06:32 names.dat
> > -rw-rw-rw-  1 root root    1209 Sep  1 06:32 packing.lst
> > -rw-rw-rw-  1 root root     708 Sep  1 06:32 pkgdesc.ini
> > -rw-rw-rw-  1 root root   45921 Sep  1 06:32 readme.txt
> > -rw-rw-rw-  1 root root   12169 Sep  1 06:32 reseller.txt
> > -rw-rw-rw-  1 root root 3690590 Sep  1 06:32 scan.dat
> > -r--r--r--  1 root root    5546 Sep  6 10:32 signlic.txt
> > -r-xr-xr-x  1 root root    6302 Sep  6 10:32 uninstall-uvscan
> > -r-xr-xr-x  1 root root  127699 Sep  6 10:32 uvscan
> > -r--r--r--  1 root root   13422 Sep  6 10:32 uvscan.1
> > -r-xr-xr-x  1 root root     402 Sep  6 10:32 uvscan_secure
> > -rwxrwxrwx  1 root root   51200 Sep  1 06:32 validate.exe
> >
> > I think the test below says uvscan in working properly. Does it?
> >
> > [mirko@harey ~/tempo]$ ls
> > Conclusioni.zip  dfi82C4rD20713  forwarded-email  qfi82C4rD20713
> > [mirko@harey ~/tempo]$ uvscan --verbose /home/mirko/tempo
> > Scanning /home/mirko/tempo/*
> > Scanning file /home/mirko/tempo/dfi82C4rD20713
> > Scanning file /home/mirko/tempo/qfi82C4rD20713
> > Scanning file /home/mirko/tempo/Conclusioni.zip
> > /home/mirko/tempo/Conclusioni.zip
> >        Found the W32/Mabutu.a@MM!zip virus !!!
> > Scanning file /home/mirko/tempo/forwarded-email
> >
> > Conclusioni.zip is the saved attachment.
>
> Yes indeed, that is exactly the behaviour from mcafee i was seeing too.
> When issued from the command line mcafee would properly detect the virus
> but would declare it 'virus free' when scanned from MailScanner.
>
> By the looks of it your mcafee directory is ok but this doesn't mean that
> there aren't any symlinks to these binaries elswhere on the box.

-- The look of the mcafee directory says that there aren't any symlinks to dat
files.
[mirko@harey ~]$ which uvscan
/usr/local/bin/uvscan
and this says there is not any symlink. isn't ?


-- The test scan on the directory /home/mirko/tempo above says that uvscan is
missing the virus, because "dfi82C4rD20713", "qfi82C4rD20713" are the
infected pair and "forwarded-email" is the email received after the forward
that I was spoken at the beginning.
That's I can understand.

I will send the sendmail' s pair to Nai and wait for news.
have you got any other hints?

thanks,
mirko

>
> I would check virus.scanners.conf to see from which location MailScanner
> is invoking mcafee. Also I would check if there are any symlinks to the
> dat files. If there are, replace the symlinks to the datfiles with
> the real dat files and try scanning from MailScanner again.
>
> > mirko
> >
> >> I used to have symlinks to my dat files and binary untill I got badly
> >> bitten....
> >>
> >> I decided to ditch mcafee completely but that's another subject :)
> >

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Mon Sep  6 13:05:33 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:48 2006
Subject: Disable filename.rules - how to ?
Message-ID: <mailman.1629.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6388.0">
<TITLE>Disable filename.rules - how to ?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Hello,</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Somone knows how to disable &quot;filename&quot; checking in MS ?</FONT></SPAN></P>
<BR>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Thanks</FONT></SPAN></P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at BARENDSE.TO  Mon Sep  6 13:20:15 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1630.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>> The install script completed, hopefully SpamAss 3 is up and running now,
>> my attempt of last week resulted in a load average of 47(!!)
>>
>>
>> Is there anything that must be added to the MS config files to start using
>> surbl or define a score? Couldn't find it in the faq/maq yet :)
>
> surbl stuff should be built into SA 3.0 - check the default rules in
> /usr/local/share/spamassassin..


Sorry for being totally clueless but is this sufficient?
/usr/share/spamassassin/20_uri_tests.cf

Do I need to add any scores to my configs?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep  6 13:36:53 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1631.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco

I don't have a SA3.0 installation to check, but that does look like the
correct rules file.

if you look at the file it should have some comments and be calling
subl.org domains as part of the rule definition. It should also have
scores greater than zero defined as part of the file.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
>>> The install script completed, hopefully SpamAss 3 is up and running now,
>>> my attempt of last week resulted in a load average of 47(!!)
>>>
>>>
>>> Is there anything that must be added to the MS config files to start
>>> using
>>> surbl or define a score? Couldn't find it in the faq/maq yet :)
>>
>>
>> surbl stuff should be built into SA 3.0 - check the default rules in
>> /usr/local/share/spamassassin..
>
>
>
> Sorry for being totally clueless but is this sufficient?
> /usr/share/spamassassin/20_uri_tests.cf
>
> Do I need to add any scores to my configs?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Mon Sep  6 14:12:33 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:48 2006
Subject: Disable filename.rules - how to ?
Message-ID: <mailman.1632.1137101208.24926.mailscanner@lists.mailscanner.info>

Hello,

There is an archive of this list here, the address is appended to
every single email sent to this list, you might like to search it
before posting. Here's a direct link to the search:
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?S1=mailscanner

I searched for disable filename checking and found a really good
answer from Julian, to save you  the effort of finding it yourself,
here's the URL

http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0301&L=mailscanner&P=R49829&I=-1


HTH HAND

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep  6 14:16:37 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:48 2006
Subject: Disable filename.rules - how to ?
Message-ID: <mailman.1633.1137101208.24926.mailscanner@lists.mailscanner.info>

Idan Plotnik wrote:
> Hello,
>
> Somone knows how to disable "filename" checking in MS ?
>
> Thanks

If you *look* in MailScanner.conf you will find reference to both filename
and filetype rules. It's around line 655

A lot of your queries have already been addressed in either the FAQ, MAQ or
in previous discussions, while MailScanner.conf is very well commented as
well.

Michele

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Mon Sep  6 14:33:02 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:48 2006
Subject: spam oneliners {Virus Scanned}
Message-ID: <mailman.1634.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> I don't have a SA3.0 installation to check, but that does look like the
> correct rules file.
>
> if you look at the file it should have some comments and be calling
> subl.org domains as part of the rule definition. It should also have
> scores greater than zero defined as part of the file.

Its enabled by default, no need to change anything, unless you would like
to bump the scores.

bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From bovati at MONDADORI.COM  Mon Sep  6 14:59:29 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1635.1137101208.24926.mailscanner@lists.mailscanner.info>

>
> I will send the sendmail' s pair to Nai and wait for news.
> have you got any other hints?


I sent the infected email to Nai, they anwered (an autoreply).
they said they detected a MIME encoded e-mail file. that's true.
So the question is: is the command line (uvscan) able to check
MIME files without any other help (module plugin etc..).

I think MailScanner does it by perl-MIME-Base64-2.12-1.src.rpm
perl-MIME-tools-5.411-pl4.3.src.rpm. Isn't?

If that's true I'm at the starting point: uvscan alone is not supposed to
check MIME files and MailScanner (at least my installation) is missing some
virus.

I am available to send the mail o the sendmail pair to test if is only my
installation affected.

thanks
Mirko



>
> thanks,
> mirko
>
> > I would check virus.scanners.conf to see from which location MailScanner
> > is invoking mcafee. Also I would check if there are any symlinks to the
> > dat files. If there are, replace the symlinks to the datfiles with
> > the real dat files and try scanning from MailScanner again.
> >
> > > mirko
> > >
> > >> I used to have symlinks to my dat files and binary untill I got badly
> > >> bitten....
> > >>
> > >> I decided to ditch mcafee completely but that's another subject :)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 15:31:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1636.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just published a package that will install ClamAV (if you want it
to), SpamAssassin 3 and all their dependencies, so that you can use the
"clamavmodule" scanner and the latest release candidate of SpamAssassin 3.

This package contains all of the non-RPM package I published a few days
ago, together with an equivalent setup for RPM-based systems.

Should help you get going nice and quickly.

It's at
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
which is mentioned in the "Other stuff" bit of the downloads page on
www.mailscanner.info.

Let me know if you have any problems with it.
I have tried it on RedHat, SuSE and Solaris systems.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 15:49:08 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1637.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just when I finally decided to install the tarball this morning because of
lack of the RPMS  :)

The non RPM version is working well so far, will try the RPM version
now too

Thanks for making it available!

2 questions:

- clamav is not installed from RPM?? (Dag Wieers is making excellent
.src.rpms for clam) http://dag.wieers.com/packages/clamav/
- spamass 3 is included as an rpm package whereas in the past the advise
was not to use the rpm? do we need to clean out any files from tarball
spamass before using this version?


Thanks again for such an excellent support package!!

Remco


On Mon, 6 Sep 2004, Julian Field wrote:

> I have just published a package that will install ClamAV (if you want it
> to), SpamAssassin 3 and all their dependencies, so that you can use the
> "clamavmodule" scanner and the latest release candidate of SpamAssassin 3.
>
> This package contains all of the non-RPM package I published a few days
> ago, together with an equivalent setup for RPM-based systems.
>
> Should help you get going nice and quickly.
>
> It's at
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
> which is mentioned in the "Other stuff" bit of the downloads page on
> www.mailscanner.info.
>
> Let me know if you have any problems with it.
> I have tried it on RedHat, SuSE and Solaris systems.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From csweeney at OSUBUCKS.ORG  Mon Sep  6 15:58:34 2004
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1638.1137101208.24926.mailscanner@lists.mailscanner.info>

Just want to make sure will this work to upgrade a system already running
MailScanner, ClamAV and Spamassassin 2.6x ?

--
Thanks
Chris


---------- Original Message -----------
From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
To: MAILSCANNER@JISCMAIL.AC.UK
Sent: Mon, 6 Sep 2004 15:31:04 +0100
Subject: RPM-based install package for ClamAV and SpamAssassin 3

> I have just published a package that will install ClamAV (if you
> want it to), SpamAssassin 3 and all their dependencies, so that you
> can use the "clamavmodule" scanner and the latest release candidate
> of SpamAssassin 3.
>
> This package contains all of the non-RPM package I published a few days
> ago, together with an equivalent setup for RPM-based systems.
>
> Should help you get going nice and quickly.
>
> It's at
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
> which is mentioned in the "Other stuff" bit of the downloads page on
> www.mailscanner.info.
>
> Let me know if you have any problems with it.
> I have tried it on RedHat, SuSE and Solaris systems.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
------- End of Original Message -------


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Mon Sep  6 16:13:35 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:48 2006
Subject: updating sendmail
Message-ID: <mailman.1639.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=986080315-06092004><FONT face=Arial>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=986080315-06092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=986080315-06092004><FONT face=Arial>Didn't find any mention of 
this in the MAQ or the archives. I am about to simply update my installation of 
Sendmail using the RPM method. I have a running setup of MailScanner, ClamAV 
working at this time. From anyone's experience, is there anything I need to look 
out for when updating Sendmail this way as it relates to the MailScanner setup? 
Any right or wrong way to do this so as not to break the MailScanner/ClamAV 
setup? I have made backups of my sendmail.mc and .cf files. Anything 
else?</FONT></SPAN></DIV>
<DIV><SPAN class=986080315-06092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=986080315-06092004><FONT face=Arial>Dave</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV><!-- Converted from text/plain format -->
<P align=left><FONT size=2><FONT face=Verdana>David Filchak<BR>President - Zuka 
Inc.<BR>Toronto, On Canada M5V2J1<BR>www.zuka.net | www.screamingmedia.ca</FONT> 
</FONT></P>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:18:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1640.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:49 06/09/2004, you wrote:
>- clamav is not installed from RPM?? (Dag Wieers is making excellent
>.src.rpms for clam) http://dag.wieers.com/packages/clamav/

Yes, I couldn't remember where they were. Does his rpm install into
/usr/local/bin or /usr/bin? It's just that virus.scanners.conf assumes it
is in /usr/local/bin, so I would have to write some code to automatically
edit virus.scanners.conf for you.

>- spamass 3 is included as an rpm package whereas in the past the advise
>was not to use the rpm? do we need to clean out any files from tarball
>spamass before using this version?

The problem was always with using an RPM for it, and this is still a
problem. It's to do with the way perl is structured, and there is nothing
you can do about it.
My package includes an SRPM (source RPM) for SpamAssassin, and rebuilds the
RPM on your system so that it can guarantee to get all the directories right.

You shouldn't need to clear anything out, as it should all be in the same
place, and so will overwrite the old tarball installation.

>Thanks again for such an excellent support package!!

No problem.

>On Mon, 6 Sep 2004, Julian Field wrote:
>>I have just published a package that will install ClamAV (if you want it
>>to), SpamAssassin 3 and all their dependencies, so that you can use the
>>"clamavmodule" scanner and the latest release candidate of SpamAssassin 3.
>>
>>This package contains all of the non-RPM package I published a few days
>>ago, together with an equivalent setup for RPM-based systems.
>>
>>Should help you get going nice and quickly.
>>
>>It's at
>>http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
>>which is mentioned in the "Other stuff" bit of the downloads page on
>>www.mailscanner.info.
>>
>>Let me know if you have any problems with it.
>>I have tried it on RedHat, SuSE and Solaris systems.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:20:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1641.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:58 06/09/2004, you wrote:
>Just want to make sure will this work to upgrade a system already running
>MailScanner, ClamAV and Spamassassin 2.6x ?

That's the idea, yes. If you already have ClamAV installed, then use
         ./INSTALL-rpm.sh --noclam
and it will skip that bit. It will still install the Mail::ClamAV perl
module for use by the "clamavmodule" scanner setting in MailScanner.conf.

>---------- Original Message -----------
>From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Sent: Mon, 6 Sep 2004 15:31:04 +0100
>Subject: RPM-based install package for ClamAV and SpamAssassin 3
>
> > I have just published a package that will install ClamAV (if you
> > want it to), SpamAssassin 3 and all their dependencies, so that you
> > can use the "clamavmodule" scanner and the latest release candidate
> > of SpamAssassin 3.
> >
> > This package contains all of the non-RPM package I published a few days
> > ago, together with an equivalent setup for RPM-based systems.
> >
> > Should help you get going nice and quickly.
> >
> > It's at
> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
> > which is mentioned in the "Other stuff" bit of the downloads page on
> > www.mailscanner.info.
> >
> > Let me know if you have any problems with it.
> > I have tried it on RedHat, SuSE and Solaris systems.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 16:21:03 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: updating sendmail
Message-ID: <mailman.1642.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
the question is a bit off topic, as it is not related to MailScanner

It depends on the distro you are running, I tried updating a RedHat 6.2
box with newer sendmail rpms once, after days of struggling I gave up
solving all the dependencies.

If the rpms update without complaining you will most likely not have any
problems

On Mon, 6 Sep 2004, Dave Filchak wrote:

> Hi,
>
> Didn't find any mention of this in the MAQ or the archives. I am about to
> simply update my installation of Sendmail using the RPM method. I have a
> running setup of MailScanner, ClamAV working at this time. From anyone's
> experience, is there anything I need to look out for when updating Sendmail
> this way as it relates to the MailScanner setup? Any right or wrong way to
> do this so as not to break the MailScanner/ClamAV setup? I have made backups
> of my sendmail.mc and .cf files. Anything else?
>
> Dave
>
>
> David Filchak
> President - Zuka Inc.
> Toronto, On Canada M5V2J1
> www.zuka.net | www.screamingmedia.ca
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Mon Sep  6 16:28:25 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:48 2006
Subject: updating sendmail
Message-ID: <mailman.1643.1137101208.24926.mailscanner@lists.mailscanner.info>

 Sorry ... Yes on the surface it might appear my message was off topic.
However, I wasn't concerned about the actual updating of Sendmail but rather
how it would effect (if at all) the installation of MS and CAV.

Cheers

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Remco Barendse
Sent: Monday, September 06, 2004 11:21 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: updating sendmail

the question is a bit off topic, as it is not related to MailScanner

It depends on the distro you are running, I tried updating a RedHat 6.2 box
with newer sendmail rpms once, after days of struggling I gave up solving
all the dependencies.

If the rpms update without complaining you will most likely not have any
problems

On Mon, 6 Sep 2004, Dave Filchak wrote:

> Hi,
>
> Didn't find any mention of this in the MAQ or the archives. I am about
> to simply update my installation of Sendmail using the RPM method. I
> have a running setup of MailScanner, ClamAV working at this time. From
> anyone's experience, is there anything I need to look out for when
> updating Sendmail this way as it relates to the MailScanner setup? Any
> right or wrong way to do this so as not to break the
> MailScanner/ClamAV setup? I have made backups of my sendmail.mc and .cf
files. Anything else?
>
> Dave
>
>
> David Filchak
> President - Zuka Inc.
> Toronto, On Canada M5V2J1
> www.zuka.net | www.screamingmedia.ca
>
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:33:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1644.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:49 06/09/2004, you wrote:
>- clamav is not installed from RPM?? (Dag Wieers is making excellent
>.src.rpms for clam) http://dag.wieers.com/packages/clamav/

I have just updated the package to include his RPM instead of building it
from source.
No need to use the SRPM as far as I can see.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:40:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: "Remove These Headers" defaults?
Message-ID: <mailman.1645.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:48 06/09/2004, you wrote:
>On receipts, should MailScanner, by default, break functionality that
>people expect to work? Isn't this something that should be left to
>sysadmins to decide on? It would be nice if MailScanner could break
>out-of-office replies in some way, but doing so by default might upset a
>lot of people.

Yes, you are probably right. I'll remove the return-receipt-to: header
alone, but mention it in the docs.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Mon Sep  6 16:44:14 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1646.1137101208.24926.mailscanner@lists.mailscanner.info>

Is this to be used as an update tool as well or specifically for new
installs?

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Monday, September 06, 2004 11:20 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3

At 15:58 06/09/2004, you wrote:
>Just want to make sure will this work to upgrade a system already
>running MailScanner, ClamAV and Spamassassin 2.6x ?

That's the idea, yes. If you already have ClamAV installed, then use
         ./INSTALL-rpm.sh --noclam
and it will skip that bit. It will still install the Mail::ClamAV perl
module for use by the "clamavmodule" scanner setting in MailScanner.conf.

>---------- Original Message -----------
>From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
>To: MAILSCANNER@JISCMAIL.AC.UK
>Sent: Mon, 6 Sep 2004 15:31:04 +0100
>Subject: RPM-based install package for ClamAV and SpamAssassin 3
>
> > I have just published a package that will install ClamAV (if you
> > want it to), SpamAssassin 3 and all their dependencies, so that you
> > can use the "clamavmodule" scanner and the latest release candidate
> > of SpamAssassin 3.
> >
> > This package contains all of the non-RPM package I published a few
> > days ago, together with an equivalent setup for RPM-based systems.
> >
> > Should help you get going nice and quickly.
> >
> > It's at
> > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.t
> > ar.gz which is mentioned in the "Other stuff" bit of the downloads
> > page on www.mailscanner.info.
> >
> > Let me know if you have any problems with it.
> > I have tried it on RedHat, SuSE and Solaris systems.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:46:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1647.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:39 06/09/2004, you wrote:
>I will send the sendmail' s pair to Nai and wait for news.
>have you got any other hints?

Have you checked that the path to /var/spool/MailScanner/incoming contains
no symlinks at all? The fact that your qf and df files you are checking
appear to be under /home makes me think that possibly the directory you
have given MailScanner.conf for the incoming working directory contains
some symlinks in it.

You must put the real absolute path in the MailScanner.conf file, just like
it says in there.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:47:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: Attachment Size Filters
Message-ID: <mailman.1648.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It will strip attachments that are too big, but it should still deliver the
rest of the message. Use the attachment size limit for this, as this
restriction applies to each attachment individually. The max message size
limit will strip everything out if the message is too big, which isn't what
you want.

At 11:05 06/09/2004, you wrote:
>I have a attachment size filter for certain users. I would just like to know
>if there is a way to have the message delivered but strip away the
>attachment. Some of our clients enforce email for work related use only.
>This way we can have the user forward the message with the removed
>attachment to the administrator for Quarantine release consideration.
>
>What features are included in the attachment and Max Message site rules.
>
>Thanx
>
>Christo Bezuidenhout
>
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 16:57:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1649.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:44 06/09/2004, you wrote:
>Is this to be used as an update tool as well or specifically for new
>installs?

Mostly just for new installs, but there's no reason it wouldn't work as an
updater.

I just wrote it because Mail::ClamAV, and particularly SpamAssassin 3, have
a huge list of dependencies. This makes them a real pain to install by
hand, especially when CPAN decides it's going to update your entire Perl
installation half way through.

>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Julian Field
>Sent: Monday, September 06, 2004 11:20 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3
>
>At 15:58 06/09/2004, you wrote:
> >Just want to make sure will this work to upgrade a system already
> >running MailScanner, ClamAV and Spamassassin 2.6x ?
>
>That's the idea, yes. If you already have ClamAV installed, then use
>          ./INSTALL-rpm.sh --noclam
>and it will skip that bit. It will still install the Mail::ClamAV perl
>module for use by the "clamavmodule" scanner setting in MailScanner.conf.
>
> >---------- Original Message -----------
> >From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Sent: Mon, 6 Sep 2004 15:31:04 +0100
> >Subject: RPM-based install package for ClamAV and SpamAssassin 3
> >
> > > I have just published a package that will install ClamAV (if you
> > > want it to), SpamAssassin 3 and all their dependencies, so that you
> > > can use the "clamavmodule" scanner and the latest release candidate
> > > of SpamAssassin 3.
> > >
> > > This package contains all of the non-RPM package I published a few
> > > days ago, together with an equivalent setup for RPM-based systems.
> > >
> > > Should help you get going nice and quickly.
> > >
> > > It's at
> > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.t
> > > ar.gz which is mentioned in the "Other stuff" bit of the downloads
> > > page on www.mailscanner.info.
> > >
> > > Let me know if you have any problems with it.
> > > I have tried it on RedHat, SuSE and Solaris systems.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jpabuyer at TECNOERA.COM  Mon Sep  6 16:57:58 2004
From: jpabuyer at TECNOERA.COM (Juan Pablo Abuyeres)
Date: Thu Jan 12 21:26:48 2006
Subject: postfix installation
Message-ID: <mailman.1650.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
Hi,<BR>
<BR>
I've installed Fedora Core 2, and I'm installing Postfix with MailScanner. The point is, I've followed the directives at <A HREF="http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml</A> to perform the installation. But I have a question about point 3, which says:<BR>
<BR>
Make sure you have the chroot jail set up in /var/spool/postfix. You should be able to see &quot;etc&quot;, &quot;usr&quot; and &quot;lib&quot; directories inside /var/spool/postfix). If you haven't got the chroot jail setup already, then look in the &quot;examples&quot; directory of the Postfix documentation and you will find a script in there to set up it up for your operating system. If you can't find that, then see the &quot;Problems or Errors&quot; section further down this page.<BR>
<BR>
Is it totally necesary to do that? I missed that part, and MailScanner seems to be working just fine, so I don't know what would happen if I don't chroot Postfix. Or is it an option to enhance security?<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
-- <BR>
Juan Pablo Abuyeres &lt;<A HREF="mailto:jpabuyer@tecnoera.com"><U>jpabuyer@tecnoera.com</U></A>&gt;
</TD>
</TR>
</TABLE>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 17:01:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: postfix installation
Message-ID: <mailman.1651.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:57 06/09/2004, you wrote:
>Hi,
>
>I've installed Fedora Core 2, and I'm installing Postfix with MailScanner.
>The point is, I've followed the directives at
><http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml>http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
>to perform the installation. But I have a question about point 3, which says:
>
>Make sure you have the chroot jail set up in /var/spool/postfix. You
>should be able to see "etc", "usr" and "lib" directories inside
>/var/spool/postfix). If you haven't got the chroot jail setup already,
>then look in the "examples" directory of the Postfix documentation and you
>will find a script in there to set up it up for your operating system. If
>you can't find that, then see the "Problems or Errors" section further
>down this page.
>
>Is it totally necesary to do that? I missed that part, and MailScanner
>seems to be working just fine, so I don't know what would happen if I
>don't chroot Postfix. Or is it an option to enhance security?

It just gives Postfix increased security. If someone manages to break
through your SMTP server, they can't actually access the rest of your
system at all as they will be running in a jail.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Mon Sep  6 17:13:16 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1652.1137101208.24926.mailscanner@lists.mailscanner.info>

Well I guess that this would depend on the installation being updated being
originally installed via the RPM? It will not upgrade any installations
previously done by tar ball.

Dave
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Monday, September 06, 2004 11:57 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3

At 16:44 06/09/2004, you wrote:
>Is this to be used as an update tool as well or specifically for new
>installs?

Mostly just for new installs, but there's no reason it wouldn't work as an
updater.

I just wrote it because Mail::ClamAV, and particularly SpamAssassin 3, have
a huge list of dependencies. This makes them a real pain to install by hand,
especially when CPAN decides it's going to update your entire Perl
installation half way through.

>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Monday, September 06, 2004 11:20 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3
>
>At 15:58 06/09/2004, you wrote:
> >Just want to make sure will this work to upgrade a system already
> >running MailScanner, ClamAV and Spamassassin 2.6x ?
>
>That's the idea, yes. If you already have ClamAV installed, then use
>          ./INSTALL-rpm.sh --noclam
>and it will skip that bit. It will still install the Mail::ClamAV perl
>module for use by the "clamavmodule" scanner setting in MailScanner.conf.
>
> >---------- Original Message -----------
> >From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Sent: Mon, 6 Sep 2004 15:31:04 +0100
> >Subject: RPM-based install package for ClamAV and SpamAssassin 3
> >
> > > I have just published a package that will install ClamAV (if you
> > > want it to), SpamAssassin 3 and all their dependencies, so that
> > > you can use the "clamavmodule" scanner and the latest release
> > > candidate of SpamAssassin 3.
> > >
> > > This package contains all of the non-RPM package I published a few
> > > days ago, together with an equivalent setup for RPM-based systems.
> > >
> > > Should help you get going nice and quickly.
> > >
> > > It's at
> > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA
> > > .t ar.gz which is mentioned in the "Other stuff" bit of the
> > > downloads page on www.mailscanner.info.
> > >
> > > Let me know if you have any problems with it.
> > > I have tried it on RedHat, SuSE and Solaris systems.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep  6 17:35:41 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1653.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Julian Field wrote:

> At 15:49 06/09/2004, you wrote:
>> - clamav is not installed from RPM?? (Dag Wieers is making excellent
>> .src.rpms for clam) http://dag.wieers.com/packages/clamav/
>
> Yes, I couldn't remember where they were. Does his rpm install into
> /usr/local/bin or /usr/bin? It's just that virus.scanners.conf assumes it
> is in /usr/local/bin, so I would have to write some code to automatically
> edit virus.scanners.conf for you.

/usr/sbin/clamd
/usr/bin/clamscan
/usr/bin/freshclam
/usr/bin/clamav-config
/usr/bin/clamdscan

:)

>> - spamass 3 is included as an rpm package whereas in the past the advise
>> was not to use the rpm? do we need to clean out any files from tarball
>> spamass before using this version?
>
> The problem was always with using an RPM for it, and this is still a
> problem. It's to do with the way perl is structured, and there is nothing
> you can do about it.
> My package includes an SRPM (source RPM) for SpamAssassin, and rebuilds the
> RPM on your system so that it can guarantee to get all the directories right.
>
> You shouldn't need to clear anything out, as it should all be in the same
> place, and so will overwrite the old tarball installation.

>
>> Thanks again for such an excellent support package!!
>
> No problem.
>
>> On Mon, 6 Sep 2004, Julian Field wrote:
>>> I have just published a package that will install ClamAV (if you want it
>>> to), SpamAssassin 3 and all their dependencies, so that you can use the
>>> "clamavmodule" scanner and the latest release candidate of SpamAssassin 3.
>>>
>>> This package contains all of the non-RPM package I published a few days
>>> ago, together with an equivalent setup for RPM-based systems.
>>>
>>> Should help you get going nice and quickly.
>>>
>>> It's at
>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
>>> which is mentioned in the "Other stuff" bit of the downloads page on
>>> www.mailscanner.info.
>>>
>>> Let me know if you have any problems with it.
>>> I have tried it on RedHat, SuSE and Solaris systems.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 17:38:36 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1654.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Julian Field wrote:

> At 15:49 06/09/2004, you wrote:
>> - clamav is not installed from RPM?? (Dag Wieers is making excellent
>> .src.rpms for clam) http://dag.wieers.com/packages/clamav/
>
> I have just updated the package to include his RPM instead of building it
> from source.
> No need to use the SRPM as far as I can see.

I never tried the RPMS, I only tried the SRPMS. I guess if you are making
the script compile SA it would be equal work to have it recompile clam
too? Personally I prefer a recompiled package because if you have
optimizations for the compilation (cpu type, number of cpu's etc).
hopefully clam will do something usefull with it.

But I guess an rpm should work fine too

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep  6 17:43:01 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1655.1137101208.24926.mailscanner@lists.mailscanner.info>

Nice looking package. I'll "play with" it later on one of our test machines
(just need to plug the damned thing in)

One thing that you may have overlooked is a README or similar, as you have
included 2 .sh files, which may cause some confusion

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 17:56:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1656.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:38 06/09/2004, you wrote:
>On Mon, 6 Sep 2004, Julian Field wrote:
>
>>At 15:49 06/09/2004, you wrote:
>>>- clamav is not installed from RPM?? (Dag Wieers is making excellent
>>>.src.rpms for clam) http://dag.wieers.com/packages/clamav/
>>
>>I have just updated the package to include his RPM instead of building it
>>from source.
>>No need to use the SRPM as far as I can see.
>
>I never tried the RPMS, I only tried the SRPMS. I guess if you are making
>the script compile SA it would be equal work to have it recompile clam
>too? Personally I prefer a recompiled package because if you have
>optimizations for the compilation (cpu type, number of cpu's etc).
>hopefully clam will do something usefull with it.

Agreed, there may be very small differences. But as it's not a Perl module
package, there is no actual need to recompile it. It's only Perl modules
where this is absolutely necessary.

>But I guess an rpm should work fine too

Should work fine. Agreed it will be a generic i386 binary. If you are after
the last ounce out of Clam and you have a system which can make a
significant difference by targeting a different architecture, then you will
have to recompile it for your own system. But this affects very few people,
and they are the ones who are quite competent enough to easily do it for
themselves, and just tell my script not to install ClamAV at all (with
"--noclam").
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep  6 18:34:32 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1657.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Julian Field wrote:

> At 17:38 06/09/2004, you wrote:
>> On Mon, 6 Sep 2004, Julian Field wrote:
>>
>>> At 15:49 06/09/2004, you wrote:
>>>> - clamav is not installed from RPM?? (Dag Wieers is making excellent
>>>> .src.rpms for clam) http://dag.wieers.com/packages/clamav/
>>>
>>> I have just updated the package to include his RPM instead of building it
>>> from source.
>>> No need to use the SRPM as far as I can see.
>>
>> I never tried the RPMS, I only tried the SRPMS. I guess if you are making
>> the script compile SA it would be equal work to have it recompile clam
>> too? Personally I prefer a recompiled package because if you have
>> optimizations for the compilation (cpu type, number of cpu's etc).
>> hopefully clam will do something usefull with it.
>
> Agreed, there may be very small differences. But as it's not a Perl module
> package, there is no actual need to recompile it. It's only Perl modules
> where this is absolutely necessary.
>
>> But I guess an rpm should work fine too
>
> Should work fine. Agreed it will be a generic i386 binary. If you are after
> the last ounce out of Clam and you have a system which can make a
> significant difference by targeting a different architecture, then you will
> have to recompile it for your own system. But this affects very few people,
> and they are the ones who are quite competent enough to easily do it for
> themselves, and just tell my script not to install ClamAV at all (with
> "--noclam").

Cool :)

I'm not running that high spec spectacular boxes but I am running a
rebuild of RedHat Enterprise Linux. RHEL has an exotic kernel to say the
least, basically it's a 2.4 kernel with everything from 2.6 kernels
backported to it. I'm a little bit more careful with such a setup not to
screw up (I'm particularly good at screwing up) :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From max at KIPNESS.COM  Mon Sep  6 18:44:38 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:48 2006
Subject: sa-learn question
Message-ID: <mailman.1658.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=423533917-06092004><FONT face=Arial size=2>Hello 
-</FONT></SPAN></DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial size=2>I just copied and 
mbox format file with hundreds of spam messages from one MailScanner system to 
another. When I ran sa-learn --spam file, it completed stating that it had 
learned from 1 message.</FONT></SPAN></DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial size=2>Is this because all 
this email was originally accepted from another sytem?</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial 
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=423533917-06092004><FONT face=Arial 
size=2>Max</FONT></SPAN></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 18:53:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: sa-learn question
Message-ID: <mailman.1659.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:44 06/09/2004, you wrote:
>Hello -
>
>I just copied and mbox format file with hundreds of spam messages from one
>MailScanner system to another. When I ran sa-learn --spam file, it
>completed stating that it had learned from 1 message.

Did you tell sa-learn that it was an mbox?
sa-learn --spam --mbox
if I remember rightly.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From max at KIPNESS.COM  Mon Sep  6 19:03:01 2004
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:26:48 2006
Subject: sa-learn question
Message-ID: <mailman.1660.1137101208.24926.mailscanner@lists.mailscanner.info>

>>I just copied and mbox format file with hundreds of spam
>messages from
>>one MailScanner system to another. When I ran sa-learn --spam
>file, it
>>completed stating that it had learned from 1 message.
>
>Did you tell sa-learn that it was an mbox?
>sa-learn --spam --mbox
>if I remember rightly.

Oops, sorry, you're right. It's been a while since I've done this.

Thanks,
Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Mon Sep  6 20:05:33 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:48 2006
Subject: postfix installation
Message-ID: <mailman.1661.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Juan Pablo Abuyeres wrote:
<blockquote cite="mid1094486277.5581.32.camel@blackbird.tecnoera.com"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta name="GENERATOR" content="GtkHTML/3.0.10">
Hi,<br>
  <br>
I've installed Fedora Core 2, and I'm installing Postfix with
MailScanner. The point is, I've followed the directives at <a
 href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml</a>
to perform the installation. But I have a question about point 3, which
says:<br>
  <br>
Make sure you have the chroot jail set up in /var/spool/postfix. You
should be able to see "etc", "usr" and "lib" directories inside
/var/spool/postfix). If you haven't got the chroot jail setup already,
then look in the "examples" directory of the Postfix documentation and
you will find a script in there to set up it up for your operating
system. If you can't find that, then see the "Problems or Errors"
section further down this page.<br>
  <br>
Is it totally necesary to do that? I missed that part, and MailScanner
seems to be working just fine, so I don't know what would happen if I
don't chroot Postfix. Or is it an option to enhance security?<br>
</blockquote>
I once saw a post from Weitse which went a long the lines of most
Postfix installations are not chrooted as they cause 'many' people more
trouble than the solve. Guess he was talking about competency and his
desire to answer chroot questions against the smaller security benefit
of running chroots. I would say it's one of those do it if you wish
things. If Postfix is not chrooted and an attacker gained access
through smtpd (Which is only one process in Postfix) the they would
only have 'Postfix' user privileges, which are minimal and access to
only the SMTP receive daemon. So not too risky really (There is an OT
post in the archive last month about security risks and paranoia <span
 class="moz-smiley-s1"><span> :-) </span></span>). If you are only
testing Postfix, I would set it up with out chroot and look to put it
in a chroot later when you are happy (Makes finding chroot problems
easier) if you so desire.<br>
<br>
Drew<br>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at BARENDSE.TO  Mon Sep  6 21:08:49 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1662.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
OK, I tried it on the box I fdisked friday....

I guess I shouldn't get this?

error: Failed dependencies:
         perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1


On Mon, 6 Sep 2004, Julian Field wrote:

> I have just published a package that will install ClamAV (if you want it
> to), SpamAssassin 3 and all their dependencies, so that you can use the
> "clamavmodule" scanner and the latest release candidate of SpamAssassin 3.
>
> This package contains all of the non-RPM package I published a few days
> ago, together with an equivalent setup for RPM-based systems.
>
> Should help you get going nice and quickly.
>
> It's at
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
> which is mentioned in the "Other stuff" bit of the downloads page on
> www.mailscanner.info.
>
> Let me know if you have any problems with it.
> I have tried it on RedHat, SuSE and Solaris systems.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 21:15:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1663.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:08 06/09/2004, you wrote:
>OK, I tried it on the box I fdisked friday....
>
>I guess I shouldn't get this?
>
>error: Failed dependencies:
>         perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1

Do a
perl -MCPAN -e 'install DBI'
first.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From EGTSWNZXKEEC at SPAMMOTEL.COM  Mon Sep  6 21:23:55 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:48 2006
Subject: process <defunct>
Message-ID: <mailman.1664.1137101208.24926.mailscanner@lists.mailscanner.info>

Hi,

I'm running the following system:

Mailscanner 4.33.3
Linux SUSE 9.1
EXIM 4.4.2
Perl 5.8.3
F-Prot 4.4.4
SpamAssasian not installed yet

Whenever a mail was scanned and deliverd a MailScanner <defunct>
process is added when displaying ps -A. The logs do not show
anything abnormal and everything seems to operate normal.

Does anybody has an idea what could be wrong and how to solve it?

Thank's for your help.
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep  6 21:39:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: process <defunct>
Message-ID: <mailman.1665.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:23 06/09/2004, you wrote:
>Hi,
>
>I'm running the following system:
>
>Mailscanner 4.33.3
>Linux SUSE 9.1
>EXIM 4.4.2
>Perl 5.8.3
>F-Prot 4.4.4
>SpamAssasian not installed yet
>
>Whenever a mail was scanned and deliverd a MailScanner <defunct>
>process is added when displaying ps -A. The logs do not show
>anything abnormal and everything seems to operate normal.
>
>Does anybody has an idea what could be wrong and how to solve it?

Don't worry, this is normal. The <defunct> processes only stay around for a
seond or two. You may find, if you watch them, that the PIDs of the
<defunct> processes keep changing, i.e. they are actually different defunct
processes. This enables MailScanner to run measurably faster than sorting
all the old processes out one at a time.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From egtswnzxkeec at spammotel.com  Mon Sep  6 21:59:28 2004
From: egtswnzxkeec at spammotel.com (No Name)
Date: Thu Jan 12 21:26:48 2006
Subject: process <defunct>
Message-ID: <mailman.1666.1137101208.24926.mailscanner@lists.mailscanner.info>

>>Don't worry, this is normal. The <defunct> processes only stay around for a
>>seond or two. You may find, if you watch them, that the PIDs of the
>><defunct> processes keep changing, i.e. they are actually different defunct
>>processes. This enables MailScanner to run measurably faster than sorting
>>all the old processes out one at a time.

But in my situation the <defunct> processes seem to stay forever.
The system is newly setup and I only sent a few testmessages through it
however there for every message sent a new <defunct> process was
added. I just sent eight testmessages and after that I had 14 Mailscanner
processes and eigth of them were <defunct>.

Sorry for beeing so persistent, but I simply want to get sure that I
will not be faced by any ressource leaks when getting productive.

Thank's again.
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From csweeney at OSUBUCKS.ORG  Mon Sep  6 22:03:10 2004
From: csweeney at OSUBUCKS.ORG (Chris Sweeney)
Date: Thu Jan 12 21:26:48 2006
Subject: process <defunct>
Message-ID: <mailman.1667.1137101208.24926.mailscanner@lists.mailscanner.info>

I've seen this happen when you have your virus scanner settings wrong in the
MailScanner.conf file.  Check to make sure you are refering to the correct
scanner.

--
Thanks
Chris


---------- Original Message -----------
From: No Name <egtswnzxkeec@spammotel.com>
To: MAILSCANNER@JISCMAIL.AC.UK
Sent: Mon, 6 Sep 2004 22:59:28 +0200
Subject: Re: process <defunct>

> >>Don't worry, this is normal. The <defunct> processes only stay around for
a
> >>seond or two. You may find, if you watch them, that the PIDs of the
> >><defunct> processes keep changing, i.e. they are actually different
defunct
> >>processes. This enables MailScanner to run measurably faster than sorting
> >>all the old processes out one at a time.
>
> But in my situation the <defunct> processes seem to stay forever.
> The system is newly setup and I only sent a few testmessages through
> it however there for every message sent a new <defunct> process was
> added. I just sent eight testmessages and after that I had 14 Mailscanner
> processes and eigth of them were <defunct>.
>
> Sorry for beeing so persistent, but I simply want to get sure that I
> will not be faced by any ressource leaks when getting productive.
>
> Thank's again.
> Frank.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
------- End of Original Message -------


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep  6 22:25:30 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1668.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Mon, 6 Sep 2004, Julian Field wrote:

> At 21:08 06/09/2004, you wrote:
>> OK, I tried it on the box I fdisked friday....
>>
>> I guess I shouldn't get this?
>>
>> error: Failed dependencies:
>> perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1
>
> Do a
> perl -MCPAN -e 'install DBI'
> first.

I'm afraid that didn't do the trick. It installed ok but didn't solve
the issue with the modules.

Of all the modules in the package:
perl-DB_File-1.810-1.src.rpm
perl-Digest-1.08-1.src.rpm
perl-Digest-HMAC-1.01-1.src.rpm
perl-Digest-MD5-2.33-1.src.rpm
perl-Digest-SHA1-2.10-1.src.rpm
perl-Inline-0.44-1.src.rpm
perl-Mail-ClamAV-0.11-1.src.rpm
perl-Mail-SpamAssassin-3.0.0-rc3.1.src.rpm
perl-Mail-SPF-Query-1.997-1.src.rpm
perl-Net-CIDR-Lite-0.15-1.src.rpm
perl-Net-DNS-0.48-1.src.rpm
perl-Parse-RecDescent-1.94-1.src.rpm
perl-Sys-Hostname-Long-1.2-1.src.rpm
perl-Test-Harness-2.42-1.src.rpm
perl-Test-Simple-0.47-1.src.rpm
perl-Text-Balanced-1.95-1.src.rpm
perl-URI-1.31-1.src.rpm

These are the only ones that did install, I get loads of errors on
the rest:
perl-DB_File-1.810-1
perl-Digest-SHA1-2.10-1
perl-Inline-0.44-1
perl-Mail-ClamAV-0.11-1
perl-Net-CIDR-0.09-3 (guess this comes standard with RHEL??)
perl-Net-CIDR-Lite-0.15-1
perl-Parse-RecDescent-1.94-1
perl-URI-1.21-7  (guess this should have been updated???)


file /usr/lib/perl5/5.8.0/Digest.pm from install of perl-Digest-1.08-1
conflicts with file from package perl-5.8.0-88.4.TL1

file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm from
install
of perl-Digest-MD5-2.33-1 conflicts with file from package
perl-5.8.0-88.4.TL1

perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1


Some modules did not build at all and others reported that the box was
running perl 5.008 while compiling which is not possible on a newly
installed RHEL 3 box

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rich at MAIL.WVNET.EDU  Tue Sep  7 00:45:38 2004
From: rich at MAIL.WVNET.EDU (Richard Lynch)
Date: Thu Jan 12 21:26:48 2006
Subject: process <defunct>
Message-ID: <mailman.1669.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris Sweeney wrote:

>I've seen this happen when you have your virus scanner settings wrong in the
>MailScanner.conf file.  Check to make sure you are refering to the correct
>scanner.
>
>--
>Thanks
>Chris
>
>
>
Also, check the logs to see if anything obvious shows up there.   When
I've had similar behavior the problem became apparent when I checked my
/var/log/maillog file.  I've not followed every message in this thread
so I apologize if this has already been suggested and checked.

-- Rich

--



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From bovati at MONDADORI.COM  Tue Sep  7 07:37:46 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1670.1137101208.24926.mailscanner@lists.mailscanner.info>

On Monday 06 September 2004 17:46, you wrote:
> At 12:39 06/09/2004, you wrote:
> >I will send the sendmail' s pair to Nai and wait for news.
> >have you got any other hints?
>
> Have you checked that the path to /var/spool/MailScanner/incoming contains
> no symlinks at all? The fact that your qf and df files you are checking

Yes, I checked. No symlinks at all. I moved qf and df only for convenience.
This is the only case I found. All other infected email I try to forward
MailScanner finds a virus. I think if it's a symlinks problem MailScanner
fails with all forward. Is not it?

In this hours I tested the same situation on a fedora core 1
mailscanner-4.32.5-1
uvscan 4.3.20



Mirko Bovati

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Tue Sep  7 08:14:46 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1671.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 7 Sep 2004, Mirko Bovati wrote:

> On Monday 06 September 2004 17:46, you wrote:
>> At 12:39 06/09/2004, you wrote:
>>> I will send the sendmail' s pair to Nai and wait for news.
>>> have you got any other hints?
>>
>> Have you checked that the path to /var/spool/MailScanner/incoming contains
>> no symlinks at all? The fact that your qf and df files you are checking
>
> Yes, I checked. No symlinks at all. I moved qf and df only for convenience.
> This is the only case I found. All other infected email I try to forward
> MailScanner finds a virus. I think if it's a symlinks problem MailScanner
> fails with all forward. Is not it?

No, when I had symlinks on my box *some* (old) virii managed to slip by
while others were detected properly, even in the same batch. I guess you
could say symlinks can cause unexpected/random behaviour of mcafee.

These kind of problems are hard to sort out especially because you cannot
trace if there are any symlinks in places where you would not expect them.

I assume you are using the latest version of mcafee?

Why not install clamav 'on the side', it's free and imho a lot better than
mcafee which is always slow with their updates?



> In this hours I tested the same situation on a fedora core 1
> mailscanner-4.32.5-1
> uvscan 4.3.20

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 08:38:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1672.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 07:37 07/09/2004, you wrote:
>On Monday 06 September 2004 17:46, you wrote:
> > At 12:39 06/09/2004, you wrote:
> > >I will send the sendmail' s pair to Nai and wait for news.
> > >have you got any other hints?
> >
> > Have you checked that the path to /var/spool/MailScanner/incoming contains
> > no symlinks at all? The fact that your qf and df files you are checking
>
>Yes, I checked. No symlinks at all. I moved qf and df only for convenience.
>This is the only case I found. All other infected email I try to forward
>MailScanner finds a virus. I think if it's a symlinks problem MailScanner
>fails with all forward. Is not it?

If it's working once, it should be working all the time.

>In this hours I tested the same situation on a fedora core 1
>mailscanner-4.32.5-1
>uvscan 4.3.20

Sorry, no more great ideas at the moment.
:-(
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 08:41:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1673.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:25 06/09/2004, you wrote:
>On Mon, 6 Sep 2004, Julian Field wrote:
>
>>At 21:08 06/09/2004, you wrote:
>>>OK, I tried it on the box I fdisked friday....
>>>
>>>I guess I shouldn't get this?
>>>
>>>error: Failed dependencies:
>>>perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1
>>
>>Do a
>>perl -MCPAN -e 'install DBI'
>>first.
>
>I'm afraid that didn't do the trick. It installed ok but didn't solve
>the issue with the modules.
>
>
>file /usr/lib/perl5/5.8.0/Digest.pm from install of perl-Digest-1.08-1
>conflicts with file from package perl-5.8.0-88.4.TL1

Ignore Digest.

>file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm from
>install
>of perl-Digest-MD5-2.33-1 conflicts with file from package
>perl-5.8.0-88.4.TL1

Ignore Digest::MD5

>perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1

That shouldn't be stopping you replacing Sys::Hostname::Long.
?

>Some modules did not build at all and others reported that the box was
>running perl 5.008 while compiling which is not possible on a newly
>installed RHEL 3 box

There are 2 different ways of getting the Perl version number, one of which
(the old one) will return 5.008 when it is a 5.8 setup.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From bovati at MONDADORI.COM  Tue Sep  7 08:55:19 2004
From: bovati at MONDADORI.COM (Mirko Bovati)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1674.1137101208.24926.mailscanner@lists.mailscanner.info>

On Tuesday 07 September 2004 09:14, you wrote:
> On Tue, 7 Sep 2004, Mirko Bovati wrote:
> > On Monday 06 September 2004 17:46, you wrote:
> >> At 12:39 06/09/2004, you wrote:
> >>> I will send the sendmail' s pair to Nai and wait for news.
> >>> have you got any other hints?
> >>
> >> Have you checked that the path to /var/spool/MailScanner/incoming
> >> contains no symlinks at all? The fact that your qf and df files you are
> >> checking
> >
> > Yes, I checked. No symlinks at all. I moved qf and df only for
> > convenience. This is the only case I found. All other infected email I
> > try to forward MailScanner finds a virus. I think if it's a symlinks
> > problem MailScanner fails with all forward. Is not it?
>
> No, when I had symlinks on my box *some* (old) virii managed to slip by
> while others were detected properly, even in the same batch. I guess you
> could say symlinks can cause unexpected/random behaviour of mcafee.

I didn't suspect a random behavior like that.

>
> These kind of problems are hard to sort out especially because you cannot
> trace if there are any symlinks in places where you would not expect them.

I'm absolutly sure I didn't make any symlink by hand at all. I only installed
MailScanner by its own installer. Does this prove that there aren't symlinks?


>
> I assume you are using the latest version of mcafee?
Yes the v4.3.20.

>
> Why not install clamav 'on the side', it's free and imho a lot better than
> mcafee which is always slow with their updates?

Yes I will try it.
"on the side" you mean double scan a mail with clamav and uvscan on the
same Mailscanner box?

thanks,
Mirko

>
> > In this hours I tested the same situation on a fedora core 1
> > mailscanner-4.32.5-1
> > uvscan 4.3.20
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 08:59:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:48 2006
Subject: Why mailscanner fails recognizing a forwarded infected.
Message-ID: <mailman.1675.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:55 07/09/2004, you wrote:
>I'm absolutly sure I didn't make any symlink by hand at all. I only installed
>MailScanner by its own installer. Does this prove that there aren't symlinks?

ls -ld / /var /var/spool /var/spool/MailScanner /var/spool/MailScanner/incoming

> > Why not install clamav 'on the side', it's free and imho a lot better than
> > mcafee which is always slow with their updates?
>
>Yes I will try it.
>"on the side" you mean double scan a mail with clamav and uvscan on the
>same Mailscanner box?

Just specify multiple scanners on the "Virus Scanners =" line.
When you have installed ClamAV, check that the entry in
/etc/MailScanner/virus.scanners.conf points to the right place. If you
installed ClamAV from an RPM, you will probably need to change the end of
the line to just say
         /usr

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From egtswnzxkeec at spammotel.com  Tue Sep  7 09:02:01 2004
From: egtswnzxkeec at spammotel.com (No Name)
Date: Thu Jan 12 21:26:48 2006
Subject: Antw: Re: process <defunct>
Message-ID: <mailman.1676.1137101208.24926.mailscanner@lists.mailscanner.info>

>>I've seen this happen when you have your virus scanner settings wrong in the
>>MailScanner.conf file.  Check to make sure you are refering to the correct
>>scanner.

It even happens when I set the virusscanner to None. None of the logfiles
shows anything obvious.

Regards,
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at SKYNET-SRL.COM  Tue Sep  7 09:43:57 2004
From: alex at SKYNET-SRL.COM (Alessandro Bianchi)
Date: Thu Jan 12 21:26:48 2006
Subject: bitdefender seg fault with kernel 2.6.8
Message-ID: <mailman.1677.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi everyone

I've been tracking with bitdefender team a iussue  about seg faults
when scanning using bdc.

I've discovered that bdc works fine with kernel 2.6.6 but fails with
seg fault if using kernel 2.6.8.

If you are using bitdefender please keep this in mind and don't upgrade
your kernel.

The bitdefender team is aware of this now.

They have been very professional in support for a free product, and I
think they will release a patched version.

Hope this may save someone'e else time

Best regards

Alessandro Bianchi

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Tue Sep  7 09:43:57 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1678.1137101208.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 7 Sep 2004, Julian Field wrote:

> At 22:25 06/09/2004, you wrote:
>> On Mon, 6 Sep 2004, Julian Field wrote:
>>
>>> At 21:08 06/09/2004, you wrote:
>>>> OK, I tried it on the box I fdisked friday....
>>>>
>>>> I guess I shouldn't get this?
>>>>
>>>> error: Failed dependencies:
>>>> perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1
>>>
>>> Do a
>>> perl -MCPAN -e 'install DBI'
>>> first.
>>
>> I'm afraid that didn't do the trick. It installed ok but didn't solve
>> the issue with the modules.
>>
>>
>> file /usr/lib/perl5/5.8.0/Digest.pm from install of perl-Digest-1.08-1
>> conflicts with file from package perl-5.8.0-88.4.TL1
>
> Ignore Digest.
>
>> file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm from
>> install
>> of perl-Digest-MD5-2.33-1 conflicts with file from package
>> perl-5.8.0-88.4.TL1
>
> Ignore Digest::MD5
>
>> perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>
> That shouldn't be stopping you replacing Sys::Hostname::Long.
> ?

Meaning I should do a forced or --nodeps install? I don't have any such
rpm on the box now.


This is every perl-* rpm on the box now:
mod_perl-1.99_09-10.ent
newt-perl-1.08-4
perl-5.8.0-88.4.TL1
perl-Archive-Zip-1.13-1
perl-CGI-2.81-88.4.TL1
perl-Compress-Zlib-1.33-2
perl-Convert-BinHex-1.119-2
perl-Convert-TNEF-0.17-1
perl-CPAN-1.61-88.4.TL1
perl-DB_File-1.810-1
perl-DBI-1.32-5
perl-Digest-HMAC-1.01-11.1
perl-Digest-SHA1-2.10-1
perl-Filter-1.29-3
perl-HTML-Parser-3.26-17
perl-HTML-Tagset-3.03-28
perl-Inline-0.44-1
perl-IO-stringy-2.108-1
perl-Mail-ClamAV-0.11-1
perl-Mail-SpamAssassin-3.0.0-rc3.1
perl-MailTools-1.50-1
perl-MIME-tools-5.411-pl4.3
perl-Net-CIDR-0.09-3
perl-Net-CIDR-Lite-0.15-1
perl-Net-DNS-0.31-3.1
perl-Parse-RecDescent-1.94-1
perl-TimeDate-1.1301-3
perl-Time-HiRes-1.38-3
perl-URI-1.21-7




>
>> Some modules did not build at all and others reported that the box was
>> running perl 5.008 while compiling which is not possible on a newly
>> installed RHEL 3 box
>
> There are 2 different ways of getting the Perl version number, one of which
> (the old one) will return 5.008 when it is a 5.8 setup.

OK :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 09:44:04 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1679.1137101209.24926.mailscanner@lists.mailscanner.info>

I tried getting this to install on one of our RedHat 9 systems last night.
Total disaster :)

It refused to install firstly as DAG's clamav DB wasn't present, so I got it
and tried again.
Then it wasn't happy with the version of clamav, so I installed a fresh copy
from source - the rpms didn't make any difference

SA still refused to install, as it was conflicting with the files in
/usr/share/spamassassin

I nuked the entire directory and tried again - no joy.

In the end I grabbed the tarball from the Spam Assassin site and did it
manually

Ah well :)

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From massctrl at SKYNET.BE  Tue Sep  7 09:46:00 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:26:49 2006
Subject: Debugging info Mailscanner/spamassassin
Message-ID: <mailman.1680.1137101209.24926.mailscanner@lists.mailscanner.info>

Hi all,

I recently installed DCC and was wondering if it was really working the way
it should be.  I found in the mailscanner FAQ an entry saying :
How to know MailScanner/SpamAssassin/DCC/Pyzor/Razor are working (Using
debug mode)
After following instructions i still can't see if DCC is actually working.
(nothing extra is shown in the log??)

I was wondering if i do this :

spamassassin -tD <email.eml

In the very extensive report I get I can see that DCC is functioning properly.
Can I safely assume that spamassassin is working like this under mailscanner
too?

Or am I missing something?

Thanks in advance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Tue Sep  7 09:48:39 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:49 2006
Subject: Debugging info Mailscanner/spamassassin
Message-ID: <mailman.1681.1137101209.24926.mailscanner@lists.mailscanner.info>

spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

should do it :-)

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of J
> Sent: 07 September 2004 09:46
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Debugging info Mailscanner/spamassassin
>
> Hi all,
>
> I recently installed DCC and was wondering if it was really
> working the way it should be.  I found in the mailscanner FAQ
> an entry saying :
> How to know MailScanner/SpamAssassin/DCC/Pyzor/Razor are
> working (Using debug mode) After following instructions i
> still can't see if DCC is actually working.
> (nothing extra is shown in the log??)
>
> I was wondering if i do this :
>
> spamassassin -tD <email.eml
>
> In the very extensive report I get I can see that DCC is
> functioning properly.
> Can I safely assume that spamassassin is working like this
> under mailscanner too?
>
> Or am I missing something?
>
> Thanks in advance
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Tue Sep  7 09:53:28 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1682.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 7 Sep 2004, Michele Neylon:: Blacknight Solutions wrote:

> I tried getting this to install on one of our RedHat 9 systems last night.
> Total disaster :)
>
> It refused to install firstly as DAG's clamav DB wasn't present, so I got it
> and tried again.
> Then it wasn't happy with the version of clamav, so I installed a fresh copy
> from source - the rpms didn't make any difference

I guess it would be better for the script to do a rebuild of the SRPM then
instead of using the binary RPMS. clamav DB rpm does appear when the SRPM
is rebuilt.

> SA still refused to install, as it was conflicting with the files in
> /usr/share/spamassassin

Did you have a previous RPM version of SA? I just upgraded the tarball
2.64 version with the RPM and didn't get any errors.

> I nuked the entire directory and tried again - no joy.
>
> In the end I grabbed the tarball from the Spam Assassin site and did it
> manually
>
> Ah well :)
>
> M
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From egtswnzxkeec at spammotel.com  Tue Sep  7 09:55:17 2004
From: egtswnzxkeec at spammotel.com (No Name)
Date: Thu Jan 12 21:26:49 2006
Subject: process <defunct>
Message-ID: <mailman.1683.1137101209.24926.mailscanner@lists.mailscanner.info>

>>I've seen this happen when you have your virus scanner settings wrong in the
>>MailScanner.conf file.  Check to make sure you are refering to the correct
>>scanner.

It even happens when I set the virusscanner to None. None of the logfiles
shows anything obvious.

EDIT: I changed the subject so that it will be displayed in the
correct thread within the archive. Sorry.

Regards,
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 10:01:06 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1684.1137101209.24926.mailscanner@lists.mailscanner.info>

>
> Did you have a previous RPM version of SA? I just upgraded the tarball
> 2.64 version with the RPM and didn't get any errors.
It recognised a 2.5* version of SA, although the most recent version (2.64)
had been installed either from source or from CPAN.

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Tue Sep  7 10:14:56 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1685.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 7 Sep 2004, Michele Neylon:: Blacknight Solutions wrote:

>>
>> Did you have a previous RPM version of SA? I just upgraded the tarball
>> 2.64 version with the RPM and didn't get any errors.
> It recognised a 2.5* version of SA, although the most recent version (2.64)
> had been installed either from source or from CPAN.

That happened to me once too, I had an old RPM version installed, upgraded
with a tarball but forgetting that the previous install was from RPM.

It's still possible to remove the RPM, not sure what the right command for
it is though because rpm will have to ignore several errors. The man page
of rpm helped me out.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 10:20:26 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1686.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:53 07/09/2004, you wrote:
>On Tue, 7 Sep 2004, Michele Neylon:: Blacknight Solutions wrote:
>
>>I tried getting this to install on one of our RedHat 9 systems last night.
>>Total disaster :)
>>
>>It refused to install firstly as DAG's clamav DB wasn't present, so I got it
>>and tried again.
>>Then it wasn't happy with the version of clamav, so I installed a fresh copy
>>from source - the rpms didn't make any difference
>
>I guess it would be better for the script to do a rebuild of the SRPM then
>instead of using the binary RPMS. clamav DB rpm does appear when the SRPM
>is rebuilt.

The problem with doing that is that his SRPM needs bzip2-devel and a very
new sendmail-devel, neither of which you probably have installed.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 10:27:26 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1687.1137101209.24926.mailscanner@lists.mailscanner.info>

> That happened to me once too, I had an old RPM version
> installed, upgraded with a tarball but forgetting that the
> previous install was from RPM.
>
> It's still possible to remove the RPM, not sure what the
> right command for it is though because rpm will have to
> ignore several errors. The man page of rpm helped me out.
I'm not too bothered. The files provided by Julian would be very handy for
an install on a clean system, but I don't have many of them at the moment :)




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Mark.Pottage at SELECTION.CO.UK  Tue Sep  7 11:08:59 2004
From: Mark.Pottage at SELECTION.CO.UK (Mark Pottage)
Date: Thu Jan 12 21:26:49 2006
Subject: Cannot match against destination IP address?
Message-ID: <mailman.1688.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Hi,</DIV>
<DIV>&nbsp;</DIV>
<DIV>Arrived this morning to find these messages...</DIV>
<DIV>&nbsp;</DIV>
<DIV>Sep&nbsp; 7 10:44:50 sam MailScanner[32031]: Cannot match against destination IP address when resolving configuration option "usespamassassin"<BR>Sep&nbsp; 7 10:44:51 sam MailScanner[32014]: New Batch: Found 10 messages waiting<BR>Sep&nbsp; 7 10:44:51 sam MailScanner[32014]: New Batch: Scanning 1 messages, 4750 bytes<BR>Sep&nbsp; 7 10:44:51 sam MailScanner[32014]: Spam Checks: Starting<BR>Sep&nbsp; 7 10:44:51 sam MailScanner[32014]: Cannot match against destination IP address when resolving configuration option "usespamassassin"<BR>Sep&nbsp; 7 10:44:53 sam MailScanner[32099]: SpamAssassin timed out and was killed, failure 1 of 20<BR></DIV>
<DIV>&nbsp;</DIV>
<DIV>Any ideas would be most helpful.</DIV>
<DIV>&nbsp;</DIV>
<DIV>many thanks</DIV>
<DIV>&nbsp;</DIV>
<DIV>Mark Pottage<BR>Systems Administrator<BR>0870 411 7914<BR>07740 578 647<BR><A href="mailto:mark.pottage@selection.co.uk">mark.pottage@selection.co.uk</A></DIV></BODY><br />-- 
<br />This message has been scanned for viruses and
<br />
dangerous content by <a href="http://www.selection.co.uk"><strong>Selection Services MailScanner</strong></a>, and is <br />
believed to be clean.. 
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From davidj at synaq.com  Tue Sep  7 11:28:08 2004
From: davidj at synaq.com (David Jacobson)
Date: Thu Jan 12 21:26:49 2006
Subject: bitdefender seg fault with kernel 2.6.8
Message-ID: <mailman.1689.1137101209.24926.mailscanner@lists.mailscanner.info>

Hi,

I've been sending them e-mails back and fourth regarding this
with core dump outputs/strace outputs ... experiencing the
same problem here.  Good to know they releasing a patch, thanks.

On Tue, 2004-09-07 at 10:43, Alessandro Bianchi wrote:
> Hi everyone
>
> I've been tracking with bitdefender team a iussue  about seg faults
> when scanning using bdc.
>
> I've discovered that bdc works fine with kernel 2.6.6 but fails with
> seg fault if using kernel 2.6.8.
>
> If you are using bitdefender please keep this in mind and don't upgrade
> your kernel.
>
> The bitdefender team is aware of this now.
>
> They have been very professional in support for a free product, and I
> think they will release a patched version.
>
> Hope this may save someone'e else time
>
> Best regards
>
> Alessandro Bianchi
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Regards,

David Jacobson
Technical Director
SYNAQ (PTY) LTD

Tel:    011 290 6388
Cell:   083 235 0760
Mail:   davidj@synaq.com
WWW:    http://www.synaq.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 11:31:17 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: Cannot match against destination IP address?
Message-ID: <mailman.1690.1137101209.24926.mailscanner@lists.mailscanner.info>

Mark Pottage wrote:
> Hi,
> 
> Arrived this morning to find these messages...
> 
> Sep  7 10:44:50 sam MailScanner[32031]: Cannot match against
> destination IP address when resolving configuration option
> "usespamassassin"  
> Sep  7 10:44:51 sam MailScanner[32014]: New Batch: Found 10 messages
> waiting Sep  7 10:44:51 sam MailScanner[32014]: New Batch: Scanning 1
> messages, 4750 bytes Sep  7 10:44:51 sam MailScanner[32014]: Spam
> Checks: Starting Sep  7 10:44:51 sam MailScanner[32014]: Cannot match
> against destination IP address when resolving configuration option
> "usespamassassin" Sep  7 10:44:53 sam MailScanner[32099]:
> SpamAssassin timed out and was killed, failure 1 of 20     
> 
Which versions are you using?
What do you have in your MailScanner.conf at line 1201 ?





Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 11:36:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: Cannot match against destination IP address?
Message-ID: <mailman.1691.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:08 07/09/2004, you wrote:
>Hi,
>
>Arrived this morning to find these messages...
>
>Sep  7 10:44:50 sam MailScanner[32031]: Cannot match against destination
>IP address when resolving configuration option "usespamassassin"
>Sep  7 10:44:51 sam MailScanner[32014]: New Batch: Found 10 messages waiting
>Sep  7 10:44:51 sam MailScanner[32014]: New Batch: Scanning 1 messages,
>4750 bytes
>Sep  7 10:44:51 sam MailScanner[32014]: Spam Checks: Starting
>Sep  7 10:44:51 sam MailScanner[32014]: Cannot match against destination
>IP address when resolving configuration option "usespamassassin"
>Sep  7 10:44:53 sam MailScanner[32099]: SpamAssassin timed out and was
>killed, failure 1 of 20
>
>Any ideas would be most helpful.

You can't match against an IP address in a "To:" or "FromOrTo:" rule. This
is simply because the destination IP address is not known until you have
already delivered the message. By that time it's rather too late to be
useful :-(
The destination IP is calculated by the MTA using lots of configuration
information, and this calculation is done at the start of the message
delivery. Even then, you still don't know if you can deliver to that host
until you have started the delivery as it may be down, causing a whole load
more configuration data to be used to work out an alternative destination.

So you can only use IP addresses in "From:" rules.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 12:20:59 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: Mail::SpamAssassin::Plugin::RelayCountry
Message-ID: <mailman.1692.1137101209.24926.mailscanner@lists.mailscanner.info>

I enabled this plugin for SA3 RC3, but I have absolutely no idea what to do
with it and can't find any documentation on it, apart from the rather
cryptic:
"add message metadata indicating the country code of each relay"

Has anybody explored it any further/ done anything meaningful with it?

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From denis at CROOMBS.ORG  Tue Sep  7 12:33:19 2004
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:26:49 2006
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0
Message-ID: <mailman.1693.1137101209.24926.mailscanner@lists.mailscanner.info>

I am trying to increase the size of the ramdisk on the
Redhat3.0/Whiteboxlinux3.0 system
I have added the following ramdisk_size=256000 to the /etc/grub.conf as
below:-

  kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/ hdc=ide-scsi
ramdisk_size=256000
        initrd /initrd-2.4.20-20.9.img

I am trying to get a ram disk of 256mb IF that is posible ?

Any clues on/off list very welcome

Denis


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Marvin the E-Mail scanner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Tue Sep  7 12:36:18 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:49 2006
Subject: Mail::SpamAssassin::Plugin::RelayCountry
Message-ID: <mailman.1694.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I guess it means that the headers will show through which countries the
mail went?

Useful if you want to investigate how mail is travelling and if you can
find a pattern in it you can start scoring on it too. For example if the
Kingdom of Tonga hardly sends any e-mail but it relays loads of spam you
can add a score to that :)

At least that would be my idea of doing something useful with it.


On Tue, 7 Sep 2004, Michele Neylon :: Blacknight Solutions wrote:

> I enabled this plugin for SA3 RC3, but I have absolutely no idea what to do
> with it and can't find any documentation on it, apart from the rather
> cryptic:
> "add message metadata indicating the country code of each relay"
>
> Has anybody explored it any further/ done anything meaningful with it?
>
> M
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Tue Sep  7 13:05:28 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:49 2006
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0
Message-ID: <mailman.1695.1137101209.24926.mailscanner@lists.mailscanner.info>

I can't see what this has to do with MailScanner but I think this will
only be effective if the initrd is built to use a ramdisk that size.  

I can't think why you would want to do that.


-----Original Message-----
From: Denis Croombs [mailto:denis@CROOMBS.ORG] 
Sent: 07 September 2004 12:33
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0

I am trying to increase the size of the ramdisk on the
Redhat3.0/Whiteboxlinux3.0 system
I have added the following ramdisk_size=256000 to the /etc/grub.conf as
below:-

  kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/ hdc=ide-scsi
ramdisk_size=256000
        initrd /initrd-2.4.20-20.9.img




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Sep  7 13:50:31 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: FW: New beta release of Vispan
Message-ID: <mailman.1696.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ryan Pitt wrote:
> David,
> The new version looks great on your website.
> Having trouble running it here though.  When I try to run
> /usr/local/bin/Vispan it tells me that Vispan.conf is not found, yet
> there it is in /etc.
> Any ideas?

You should use the forum on Vispan's web site for support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From denis at CROOMBS.ORG  Tue Sep  7 13:57:54 2004
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:26:49 2006
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0
Message-ID: <mailman.1697.1137101209.24926.mailscanner@lists.mailscanner.info>

>> I am trying to increase the size of the ramdisk on the
>> Redhat3.0/Whiteboxlinux3.0 system
>> I have added the following ramdisk_size=256000 to the /etc/grub.conf as
>> below:-
> >
> >  kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/ hdc=ide-scsi
> >ramdisk_size=256000
> >        initrd /initrd-2.4.20-20.9.img

> I can't see what this has to do with MailScanner but I think this will
> only be effective if the initrd is built to use a ramdisk that size.
>
> I can't think why you would want to do that.
I am working on a multifunction server Mail/Apache + + and the SCSI 15k rpm
disks are working 100% and I am going to try moving /tmp & other dirs/files
to the ram disk to try and see if that helps. If it does we will take it
further (putting some services on another system is currently NOT an option
but is what needs to be done)
The /tmp is at least 128mb alone so my need for 512mb

Thanks

Denis


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Marvin the E-Mail scanner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Sep  7 14:01:04 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: Disable messages to the recipient
Message-ID: <mailman.1698.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:

>
> Hi all,
>
> I want to disable attachment blocking, virus detection etc to the
> recipient and send them to a specific mailbox.

Set the setting "Silent Viruses" to "All Viruses" and set "Send notices"
to yes.

Set "Notices to" accordingly.

I don't know how to disable attachment blocking messages to recipient,
though.  But I think you wouldn't want to do that.

>
> It's possible?
>
> Thanks a lot.
>
> Idan.
>
>
>
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Sep  7 14:03:25 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: What if - Quarantine Whole message as queue file =no.
Message-ID: <mailman.1699.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:

> Hi all,
>
> If I configure my MS to "Quarantine Whole message as queue file =no."
>
> What is the way to release a message from the Q dir ?

That is written in the MAQ page that you should read.  See the URL below.

>
> Thanks a lot.
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Sep  7 14:05:00 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1700.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:

> How do I disable these messages to the recipient ? And transfer them to
> a specific mailbox ?

Answered in another post.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Sep  7 14:09:50 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: Disable filename.rules - how to ?
Message-ID: <mailman.1701.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:

> Hello,
>
> Somone knows how to disable "filename" checking in MS ?

Please read MailScanner.conf.  It is not that hard.

>
>
> Thanks
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Sep  7 14:12:17 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: updating sendmail
Message-ID: <mailman.1702.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave Filchak wrote:

>  Sorry ... Yes on the surface it might appear my message was off topic.
> However, I wasn't concerned about the actual updating of Sendmail but rather
> how it would effect (if at all) the installation of MS and CAV.
>

Maybe you could tell us from what version to what version, on what OS,
with what version of mailscanner...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 14:17:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0
Message-ID: <mailman.1703.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:57 07/09/2004, you wrote:
> >> I am trying to increase the size of the ramdisk on the
> >> Redhat3.0/Whiteboxlinux3.0 system
> >> I have added the following ramdisk_size=256000 to the /etc/grub.conf as
> >> below:-
> > >
> > >  kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/ hdc=ide-scsi
> > >ramdisk_size=256000
> > >        initrd /initrd-2.4.20-20.9.img
>
> > I can't see what this has to do with MailScanner but I think this will
> > only be effective if the initrd is built to use a ramdisk that size.
> >
> > I can't think why you would want to do that.
>I am working on a multifunction server Mail/Apache + + and the SCSI 15k rpm
>disks are working 100% and I am going to try moving /tmp & other dirs/files
>to the ram disk to try and see if that helps. If it does we will take it
>further (putting some services on another system is currently NOT an option
>but is what needs to be done)
>The /tmp is at least 128mb alone so my need for 512mb

But changing the size of the initrd ram disk won't change the size of /tmp.
What you want to be doing is just using tmpfs for /tmp. This will expand
and contract as needed, without you having to do anything.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Hard2Hold at gmail.com  Tue Sep  7 14:19:10 2004
From: Hard2Hold at gmail.com (Rob)
Date: Thu Jan 12 21:26:49 2006
Subject: Image only spam
Message-ID: <mailman.1704.1137101209.24926.mailscanner@lists.mailscanner.info>

I am starting to get flooded with image only spam.  Subject reads RE:
and a number.

I read through the archive, and added some ideas in there to try and
prevent them from coming through:

FEATURE(`dnsbl', `relays.ordb.org', `"550 Mail from "
$`'&{client_addr} " refused - see http://relays.ordb.org/"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"550 Mail from " $`'&{client_addr}
" refused - see http://spamcop.net/bl.shtml"')dnl


Also added this:

# HTML_IMAGE_AREA - lots of image area (absolute)
body HTML_IMAGE_AREA_04  eval:html_range('image_area','400000','500000')
body HTML_IMAGE_AREA_05  eval:html_range('image_area','500000','600000')
body HTML_IMAGE_AREA_06  eval:html_range('image_area','600000','700000')
body HTML_IMAGE_AREA_07  eval:html_range('image_area','700000','800000')
body HTML_IMAGE_AREA_08  eval:html_range('image_area','800000','900000')
body HTML_IMAGE_AREA_09  eval:html_range('image_area','900000')
describe HTML_IMAGE_AREA_04     HTML has 4-5 kilopixels of images
describe HTML_IMAGE_AREA_05     HTML has 5-6 kilopixels of images
describe HTML_IMAGE_AREA_06     HTML has 6-7 kilopixels of images
describe HTML_IMAGE_AREA_07     HTML has 7-8 kilopixels of images
describe HTML_IMAGE_AREA_08     HTML has 8-9 kilopixels of images
describe HTML_IMAGE_AREA_09     HTML has over 9 kilopixels of images
# HTML_IMAGE_ONLY - not much text with images (absolute)
body HTML_IMAGE_ONLY_02         eval:html_image_only('0000','0200')
body HTML_IMAGE_ONLY_04         eval:html_image_only('0200','0400')
body HTML_IMAGE_ONLY_06         eval:html_image_only('0400','0600')
body HTML_IMAGE_ONLY_08         eval:html_image_only('0600','0800')
body HTML_IMAGE_ONLY_10         eval:html_image_only('0800','1000')
body HTML_IMAGE_ONLY_12         eval:html_image_only('1000','1200')
describe HTML_IMAGE_ONLY_02     HTML: images with 0-200 bytes of words
describe HTML_IMAGE_ONLY_04     HTML: images with 200-400 bytes of words
describe HTML_IMAGE_ONLY_06     HTML: images with 400-600 bytes of words
describe HTML_IMAGE_ONLY_08     HTML: images with 600-800 bytes of words
describe HTML_IMAGE_ONLY_10     HTML: images with 800-1000 bytes of words
describe HTML_IMAGE_ONLY_12     HTML: images with 1000-1200 bytes of words
# HTML_IMAGE_RATIO - more image area than text (ratio)
body HTML_IMAGE_RATIO_02        eval:html_image_ratio('0.000','0.002')
body HTML_IMAGE_RATIO_04        eval:html_image_ratio('0.002','0.004')
body HTML_IMAGE_RATIO_06        eval:html_image_ratio('0.004','0.006')
body HTML_IMAGE_RATIO_08        eval:html_image_ratio('0.006','0.008')
body HTML_IMAGE_RATIO_10        eval:html_image_ratio('0.008','0.010')
body HTML_IMAGE_RATIO_12        eval:html_image_ratio('0.010','0.012')
body HTML_IMAGE_RATIO_14        eval:html_image_ratio('0.012','0.014')
describe HTML_IMAGE_RATIO_02  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_04  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_06  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_08  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_10  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_12  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_14  HTML has a low ratio of text to image area

score HTML_IMAGE_AREA_05 0.283 1.342 1.122 2.199
score HTML_IMAGE_AREA_07 1.615 1.681 1.997 1.022
score HTML_IMAGE_ONLY_02 2.751 2.244 1.472 1.230
score HTML_IMAGE_ONLY_04 1.898 1.527 1.136 1.001
score HTML_IMAGE_ONLY_06 1.531 1.709 0.527 1.439
score HTML_IMAGE_ONLY_08 0.525 0.837 1.472 1.439
score HTML_IMAGE_ONLY_10 0.615 1.138 0.431 0.019
score HTML_IMAGE_ONLY_12 0.787 1.012 0.483 0
score HTML_IMAGE_RATIO_04 0.821 0.892 0.667 1.050
score HTML_IMAGE_RATIO_06 0.935 0.317 0.649 0
score HTML_IMAGE_RATIO_08 0.605 0.408 0.413 0.359
score HTML_IMAGE_RATIO_10 0.535 0.488 0.619 0.315
score HTML_IMAGE_RATIO_12 0.324 0 0 0
score HTML_IMAGE_RATIO_14 0 0.276 0 0
score HTML_IMAGE_AREA_04 0
score HTML_IMAGE_AREA_09 0
score HTML_IMAGE_AREA_08 0
score HTML_IMAGE_RATIO_02 0
score HTML_IMAGE_AREA_06 0

But they are still getting through.

I have spamassassin 2.63 and the latest MailScanner running.  Also
running bayes db.

Is anyone else getting these and have a better resolution to stopping these?

Thanks in advance

Rob

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep  7 14:35:06 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:49 2006
Subject: Image only spam
Message-ID: <mailman.1705.1137101209.24926.mailscanner@lists.mailscanner.info>

Have a look at Rules du jour

M


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From denis at CROOMBS.ORG  Tue Sep  7 14:36:10 2004
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:26:49 2006
Subject: Slightly OT ! Increasing the size of the Ramdisk on Redhat 3.0
Message-ID: <mailman.1706.1137101209.24926.mailscanner@lists.mailscanner.info>

> > >> I am trying to increase the size of the ramdisk on the
> > >> Redhat3.0/Whiteboxlinux3.0 system
> > >> I have added the following ramdisk_size=256000 to the /etc/grub.conf
as
> > >> below:-
> > > >
> > > >  kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/ hdc=ide-scsi
> > > >ramdisk_size=256000
> > > >        initrd /initrd-2.4.20-20.9.img
> >
> > > I can't see what this has to do with MailScanner but I think this will
> > > only be effective if the initrd is built to use a ramdisk that size.
> > >
> > > I can't think why you would want to do that.
> >I am working on a multifunction server Mail/Apache + + and the SCSI 15k
rpm
> >disks are working 100% and I am going to try moving /tmp & other
dirs/files
> >to the ram disk to try and see if that helps. If it does we will take it
> >further (putting some services on another system is currently NOT an
option
> >but is what needs to be done)
> >The /tmp is at least 128mb alone so my need for 512mb
>
> But changing the size of the initrd ram disk won't change the size of
/tmp.
> What you want to be doing is just using tmpfs for /tmp. This will expand
> and contract as needed, without you having to do anything.
Thanks

I will do that now.

Denis


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Marvin the E-Mail scanner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Tue Sep  7 15:44:14 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:49 2006
Subject: updating sendmail
Message-ID: <mailman.1707.1137101209.24926.mailscanner@lists.mailscanner.info>

Hi,

Well it was Sendmail 8.12.11-3 to 8.12.11-4.RHEL3.1 and my MailScanner
Version is 4.32.5 and ClamAV is 0.75.1. I didn't mention the versions
because I didn't think, perhaps wrongfully, that it would make a difference.
Sorry about that.

I have updated Sendmail. I kept the old sendmail.cf because it references
the different spam lists that we are referencing. Seems OK.

Cheers

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Ugo Bellavance
Sent: Tuesday, September 07, 2004 9:12 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: updating sendmail

Dave Filchak wrote:

>  Sorry ... Yes on the surface it might appear my message was off topic.
> However, I wasn't concerned about the actual updating of Sendmail but
> rather how it would effect (if at all) the installation of MS and CAV.
>

Maybe you could tell us from what version to what version, on what OS, with
what version of mailscanner...

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Mark.Pottage at SELECTION.CO.UK  Tue Sep  7 16:03:42 2004
From: Mark.Pottage at SELECTION.CO.UK (Mark Pottage)
Date: Thu Jan 12 21:26:49 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1708.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-html>
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Has anyone any ideas on the below?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Spam Report Timed Out.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Systems are running:</DIV>
<DIV>&nbsp;</DIV>
<DIV>SendMail version:&nbsp; ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6</DIV>
<DIV>ClamAV version:&nbsp; 0.75</DIV>
<DIV>BitDefender version:&nbsp; 7.0 build 2492</DIV>
<DIV>SpamAssassin version: 2.63</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>
<TABLE class=mail width="100%">
<THEAD>
<TR>
<TH colSpan=2>
<DIV align=left>
<TABLE class=maildetail width="100%">
<TBODY>
<TR>
<TD class=heading vAlign=top align=right width=175>Size:</TD>
<TD class=detail>3.3Kb</TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Virus:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Blocked File:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Other Infection:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Report:</TD>
<TD class=detail></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Spam:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN>&nbsp;&nbsp;Action(s): deliver</TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>High Scoring Spam:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Listed in RBL:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Whitelisted:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Blacklisted:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>SpamAssassin Spam:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>SpamAssassin Autolearn:</TD>
<TD class=detail><SPAN class=NO>&nbsp;N&nbsp;</SPAN></TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>SpamAssassin Score:</TD>
<TD class=detail>0.00</TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Spam Report:</TD>
<TD class=detail>timed out</TD></TR>
<TR>
<TD class=heading vAlign=top align=right width=175>Archive:</TD></TR></TBODY></TABLE></DIV>
<DIV align=left>&nbsp;</DIV>
<DIV align=left>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>SpamAssassin Lint</DIV></TH></TR></THEAD><!-- Timer: 1094568595.58, Line Start: 0.386150121689 -->
<TBODY>
<TR>
<TD>debug: Score set 0 chosen.</TD>
<TD class=lint_1>0</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.386559963226 -->
<TR>
<TD>debug: running in taint mode? yes</TD>
<TD class=lint_1>0.00041</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.386657953262 -->
<TR>
<TD>debug: Running in taint mode, removing unsafe env vars, and resetting PATH</TD>
<TD class=lint_1>0.0001</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.386780023575 -->
<TR>
<TD>debug: PATH included '/usr/local/sbin', keeping.</TD>
<TD class=lint_1>0.00012</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.386860132217 -->
<TR>
<TD>debug: PATH included '/sbin', keeping.</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.386939048767 -->
<TR>
<TD>debug: PATH included '/bin', keeping.</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.387065172195 -->
<TR>
<TD>debug: PATH included '/usr/sbin', keeping.</TD>
<TD class=lint_1>0.00013</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.387148141861 -->
<TR>
<TD>debug: PATH included '/usr/bin', keeping.</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.387232065201 -->
<TR>
<TD>debug: Final PATH set to: /usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.390364170074 -->
<TR>
<TD>debug: ignore: using a test message to lint rules</TD>
<TD class=lint_1>0.00313</TD></TR><!-- Timer: 1094568595.58, Line Start: 0.390571117401 -->
<TR>
<TD>debug: using "/usr/share/spamassassin" for default rules dir</TD>
<TD class=lint_1>0.00021</TD></TR><!-- Timer: 1094568595.6, Line Start: 0.411725997925 -->
<TR>
<TD>debug: using "/etc/mail/spamassassin" for site rules dir</TD>
<TD class=lint_1>0.02115</TD></TR><!-- Timer: 1094568595.62, Line Start: 0.428104162216 -->
<TR>
<TD>debug: mkdir //.spamassassin failed: mkdir //.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1279</TD>
<TD class=lint_1>0.01638</TD></TR><!-- Timer: 1094568595.62, Line Start: 0.428295135498 -->
<TR>
<TD>debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file</TD>
<TD class=lint_1>0.00019</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00515818596 -->
<TR>
<TD>debug: mkdir //.spamassassin failed: mkdir //.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1279</TD>
<TD class=lint_2>0.57686</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00537014008 -->
<TR>
<TD>No such file or directory</TD>
<TD class=lint_1>0.00021</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00568413734 -->
<TR>
<TD>debug: bayes: no dbs present, cannot scan: //.spamassassin/bayes_toks</TD>
<TD class=lint_1>0.00031</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00585412979 -->
<TR>
<TD>debug: Score set 1 chosen.</TD>
<TD class=lint_1>0.00017</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00597596169 -->
<TR>
<TD>debug: Initialising learner</TD>
<TD class=lint_1>0.00012</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00776314735 -->
<TR>
<TD>debug: mkdir //.spamassassin failed: mkdir //.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1279</TD>
<TD class=lint_1>0.00179</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.0079240799 -->
<TR>
<TD>No such file or directory</TD>
<TD class=lint_1>0.00016</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00816297531 -->
<TR>
<TD>debug: bayes: no dbs present, cannot scan: //.spamassassin/bayes_toks</TD>
<TD class=lint_1>0.00024</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.00954914093 -->
<TR>
<TD>debug: dns_available set to yes in config file, skipping test</TD>
<TD class=lint_1>0.00139</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.01012802124 -->
<TR>
<TD>debug: is Net::DNS::Resolver available? yes</TD>
<TD class=lint_1>0.00058</TD></TR><!-- Timer: 1094568596.2, Line Start: 1.01224398613 -->
<TR>
<TD>debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org</TD>
<TD class=lint_1>0.00212</TD></TR><!-- Timer: 1094568596.21, Line Start: 1.01553606987 -->
<TR>
<TD>debug: running header regexp tests; score so far=0</TD>
<TD class=lint_1>0.00329</TD></TR><!-- Timer: 1094568596.42, Line Start: 1.23022913933 -->
<TR>
<TD>debug: running body-text per-line regexp tests; score so far=1.27</TD>
<TD class=lint_1>0.21469</TD></TR><!-- Timer: 1094568596.88, Line Start: 1.68710803986 -->
<TR>
<TD>debug: Razor2 is available</TD>
<TD class=lint_1>0.45688</TD></TR><!-- Timer: 1094568596.88, Line Start: 1.68751096725 -->
<TR>
<TD>debug: entering helper-app run mode</TD>
<TD class=lint_1>0.0004</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65805196762 -->
<TR>
<TD>Razor-Log: Computed razorhome from env: /var/lib/wwwrun/.razor</TD>
<TD class=lint_5>5.97054</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.658203125 -->
<TR>
<TD>Razor-Log: Found razorhome: /var/lib/wwwrun/.razor</TD>
<TD class=lint_1>0.00015</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65828514099 -->
<TR>
<TD>Razor-Log: No /var/lib/wwwrun/.razor/razor-agent.conf found, skipping.</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65836215019 -->
<TR>
<TD>Razor-Log: No razor-agent.conf found, using defaults. </TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65844297409 -->
<TR>
<TD>Sep 07 15:49:56.881593 check[27286]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65854001045 -->
<TR>
<TD>Sep 07 15:49:56.882011 check[27286]: [ 5] computed razorhome=/var/lib/wwwrun/.razor, conf=, ident=/var/lib/wwwrun/.razor/identity</TD>
<TD class=lint_1>0.0001</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65862202644 -->
<TR>
<TD>Sep 07 15:49:56.882183 check[27286]: [ 8] Client supported_engines: 4 8</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65870308876 -->
<TR>
<TD>Sep 07 15:49:56.882569 check[27286]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65879201889 -->
<TR>
<TD>Sep 07 15:49:56.882874 check[27286]: [ 5] read_file: 1 items read from /var/lib/wwwrun/.razor/servers.discovery.lst</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65887999535 -->
<TR>
<TD>Sep 07 15:49:56.883084 check[27286]: [ 5] read_file: 2 items read from /var/lib/wwwrun/.razor/servers.nomination.lst</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.6589679718 -->
<TR>
<TD>Sep 07 15:49:56.883279 check[27286]: [ 5] read_file: 2 items read from /var/lib/wwwrun/.razor/servers.catalogue.lst</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65905594826 -->
<TR>
<TD>Sep 07 15:49:56.883540 check[27286]: [ 9] Assigning defaults to folly.cloudmark.com</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65913701057 -->
<TR>
<TD>Sep 07 15:49:56.883665 check[27286]: [ 9] Assigning defaults to joy.cloudmark.com</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65921616554 -->
<TR>
<TD>Sep 07 15:49:56.883789 check[27286]: [ 9] Assigning defaults to pride.cloudmark.com</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65930509567 -->
<TR>
<TD>Sep 07 15:49:56.883908 check[27286]: [ 9] Assigning defaults to thrill.cloudmark.com</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65939998627 -->
<TR>
<TD>Sep 07 15:49:56.884586 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.thrill.cloudmark.com.conf</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65948700905 -->
<TR>
<TD>Sep 07 15:49:56.885050 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.thrill.cloudmark.com.conf</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65957212448 -->
<TR>
<TD>Sep 07 15:49:56.885505 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.pride.cloudmark.com.conf</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65969705582 -->
<TR>
<TD>Sep 07 15:49:56.885958 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.pride.cloudmark.com.conf</TD>
<TD class=lint_1>0.00012</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65977811813 -->
<TR>
<TD>Sep 07 15:49:56.886424 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.wonder.cloudmark.com.conf</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65987205505 -->
<TR>
<TD>Sep 07 15:49:56.886883 check[27286]: [ 5] read_file: 16 items read from /var/lib/wwwrun/.razor/server.wonder.cloudmark.com.conf</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.65995812416 -->
<TR>
<TD>Sep 07 15:49:56.887036 check[27286]: [ 5] 126326 seconds before closest server discovery</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66004610062 -->
<TR>
<TD>Sep 07 15:49:56.887175 check[27286]: [ 6] pride.cloudmark.com is a Catalogue Server srl 5041; computed min_cf=6, Server se: C8</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66012597084 -->
<TR>
<TD>Sep 07 15:49:56.887319 check[27286]: [ 8] Computed supported_engines: 4 8</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.6602101326 -->
<TR>
<TD>Sep 07 15:49:56.887414 check[27286]: [ 8] Using next closest server pride.cloudmark.com:2703, cached info srl 5041</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66029405594 -->
<TR>
<TD>Sep 07 15:49:56.887493 check[27286]: [ 8] mail 1 has no subject</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66037011147 -->
<TR>
<TD>Sep 07 15:49:56.887758 check[27286]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 </TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66044616699 -->
<TR>
<TD>Sep 07 15:49:56.887854 check[27286]: [ 6] computing sigs for mail 1.0, len 1339</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66054916382 -->
<TR>
<TD>Sep 07 15:49:56.889554 check[27286]: [ 6] Engine (8) didn't produce a signature for mail 1.0</TD>
<TD class=lint_1>0.0001</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.6606361866 -->
<TR>
<TD>Sep 07 15:49:56.889725 check[27286]: [ 6] skipping whitelist file (empty?): /var/lib/wwwrun/.razor/razor-whitelist</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66071414948 -->
<TR>
<TD>Sep 07 15:49:56.889833 check[27286]: [ 5] Connecting to pride.cloudmark.com ...</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66079306602 -->
<TR>
<TD>Sep 07 15:50:02.229253 check[27286]: [ 8] Connection established</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66087198257 -->
<TR>
<TD>Sep 07 15:50:02.229369 check[27286]: [ 4] pride.cloudmark.com &gt;&gt; 36 server greeting: sn=C&amp;srl=5041&amp;a=l&amp;a=cg&amp;ep4=7542-10 </TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66094899178 -->
<TR>
<TD>Sep 07 15:50:02.229619 check[27286]: [ 4] pride.cloudmark.com &lt;&lt; 25</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.6610250473 -->
<TR>
<TD>Sep 07 15:50:02.229655 check[27286]: [ 6] cn=razor-agents&amp;cv=2.61 </TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66111207008 -->
<TR>
<TD>Sep 07 15:50:02.229786 check[27286]: [ 6] pride.cloudmark.com is a Catalogue Server srl 5041; computed min_cf=6, Server se: C8</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66119098663 -->
<TR>
<TD>Sep 07 15:50:02.229889 check[27286]: [ 8] Computed supported_engines: 4 8</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66129517555 -->
<TR>
<TD>Sep 07 15:50:02.229977 check[27286]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA</TD>
<TD class=lint_1>0.0001</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66137099266 -->
<TR>
<TD>Sep 07 15:50:02.230048 check[27286]: [ 5] mail 1.0 e8 got no sig</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.661465168 -->
<TR>
<TD>Sep 07 15:50:02.230105 check[27286]: [ 8] preparing 1 queries</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66153907776 -->
<TR>
<TD>Sep 07 15:50:02.230198 check[27286]: [ 8] sending 1 batches</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66161298752 -->
<TR>
<TD>Sep 07 15:50:02.230272 check[27286]: [ 4] pride.cloudmark.com &lt;&lt; 52</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66172814369 -->
<TR>
<TD>Sep 07 15:50:02.230304 check[27286]: [ 6] a=c&amp;e=4&amp;ep4=7542-10&amp;s=xFaZIZUVHk90OQfARnenjx5BZTMA </TD>
<TD class=lint_1>0.00012</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66180801392 -->
<TR>
<TD>Sep 07 15:50:02.849885 check[27286]: [ 4] pride.cloudmark.com &gt;&gt; 5</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66188406944 -->
<TR>
<TD>Sep 07 15:50:02.849957 check[27286]: [ 6] response to sent.2</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66197109222 -->
<TR>
<TD>p=debug: Using results from Razor v2.61</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66204404831 -->
<TR>
<TD>debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66211295128 -->
<TR>
<TD>debug: leaving helper-app run mode</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66218709946 -->
<TR>
<TD>0 </TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66226506233 -->
<TR>
<TD>Sep 07 15:50:02.850323 check[27286]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found.</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66234302521 -->
<TR>
<TD>Sep 07 15:50:02.850413 check[27286]: [ 7] method 4: mail 1.0: no-contention part, spam=0</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66242218018 -->
<TR>
<TD>Sep 07 15:50:02.850473 check[27286]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66249608994 -->
<TR>
<TD>Sep 07 15:50:02.850533 check[27286]: [ 3] mail 1 is not known spam.</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66257405281 -->
<TR>
<TD>Sep 07 15:50:02.850610 check[27286]: [ 5] disconnecting from server pride.cloudmark.com</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66266202927 -->
<TR>
<TD>Sep 07 15:50:02.850743 check[27286]: [ 4] pride.cloudmark.com &lt;&lt; 5</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66273403168 -->
<TR>
<TD>Sep 07 15:50:02.850799 check[27286]: [ 6] a=q </TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66280913353 -->
<TR>
<TD>debug: Razor2 results: spam? 0 highest cf score: 0</TD>
<TD class=lint_1>8E-05</TD></TR><!-- Timer: 1094568602.85, Line Start: 7.66288113594 -->
<TR>
<TD>debug: running raw-body-text per-line regexp tests; score so far=1.27</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568602.89, Line Start: 7.69600009918 -->
<TR>
<TD>debug: running uri tests; score so far=1.27</TD>
<TD class=lint_1>0.03312</TD></TR><!-- Timer: 1094568602.89, Line Start: 7.69649004936 -->
<TR>
<TD>debug: uri tests: Done uriRE</TD>
<TD class=lint_1>0.00049</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70329999924 -->
<TR>
<TD>debug: running full-text regexp tests; score so far=1.27</TD>
<TD class=lint_1>0.00681</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70851516724 -->
<TR>
<TD>debug: Razor2 is available</TD>
<TD class=lint_1>0.00522</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70865416527 -->
<TR>
<TD>debug: Current PATH is: /usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin</TD>
<TD class=lint_1>0.00014</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70891904831 -->
<TR>
<TD>debug: executable for pyzor was found at /usr/bin/pyzor</TD>
<TD class=lint_1>0.00026</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70900797844 -->
<TR>
<TD>debug: Pyzor is available: /usr/bin/pyzor</TD>
<TD class=lint_1>9E-05</TD></TR><!-- Timer: 1094568602.9, Line Start: 7.70907998085 -->
<TR>
<TD>debug: entering helper-app run mode</TD>
<TD class=lint_1>7E-05</TD></TR><!-- Timer: 1094568603.06, Line Start: 7.86694216728 -->
<TR>
<TD>debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0</TD>
<TD class=lint_1>0.15786</TD></TR><!-- Timer: 1094568603.06, Line Start: 7.86712503433 -->
<TR>
<TD>debug: leaving helper-app run mode</TD>
<TD class=lint_1>0.00018</TD></TR><!-- Timer: 1094568603.06, Line Start: 7.86750912666 -->
<TR>
<TD>debug: DCCifd is not available: no r/w dccifd socket found.</TD>
<TD class=lint_1>0.00038</TD></TR><!-- Timer: 1094568603.06, Line Start: 7.86760497093 -->
<TR>
<TD>debug: DCC is available: /usr/local/bin/dccproc</TD>
<TD class=lint_1>0.0001</TD></TR><!-- Timer: 1094568603.06, Line Start: 7.86780810356 -->
<TR>
<TD>debug: entering helper-app run mode</TD>
<TD class=lint_1>0.0002</TD></TR><!-- Timer: 1094568603.2, Line Start: 8.01151609421 -->
<TR>
<TD>debug: DCC: got response: X-DCC-SdV-Metrics: sam 1179; Body=15466 Fuz1=569708 Fuz2=570363</TD>
<TD class=lint_1>0.14371</TD></TR><!-- Timer: 1094568603.2, Line Start: 8.01169395447 -->
<TR>
<TD>debug: leaving helper-app run mode</TD>
<TD class=lint_1>0.00018</TD></TR><!-- Timer: 1094568603.21, Line Start: 8.01381516457 -->
<TR>
<TD>debug: all '*To' addrs: </TD>
<TD class=lint_1>0.00212</TD></TR><!-- Timer: 1094568616.34, Line Start: 21.1451060772 -->
<TR>
<TD>debug: RBL: success for 0 of 1 queries</TD>
<TD class=lint_5>13.13129</TD></TR><!-- Timer: 1094568616.34, Line Start: 21.1452929974 -->
<TR>
<TD>debug: RBL: timeout for rfci-dsn after 20 seconds</TD>
<TD class=lint_1>0.00019</TD></TR><!-- Timer: 1094568616.34, Line Start: 21.1455161572 -->
<TR>
<TD>debug: running meta tests; score so far=1.27</TD>
<TD class=lint_1>0.00022</TD></TR><!-- Timer: 1094568616.36, Line Start: 21.1713020802 -->
<TR>
<TD>debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME</TD>
<TD class=lint_1>0.02579</TD></TR>
<TR>
<TD><B>Finish - Total Time<B></B></B></TD>
<TD align=right><B>21.20114</B></TD></TR></TBODY></TABLE></DIV>
<DIV>&nbsp;</DIV>
<DIV>many thanks</DIV>
<DIV>&nbsp;</DIV>
<DIV>Mark Pottage<BR>Systems Administrator<BR>0870 411 7914<BR>07740 578 647<BR><A href="mailto:mark.pottage@selection.co.uk">mark.pottage@selection.co.uk</A></DIV></BODY><br />-- 
<br />This message has been scanned for viruses and
<br />
dangerous content by <a href="http://www.selection.co.uk"><strong>Selection Services MailScanner</strong></a>, and is <br />
believed to be clean.. 
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep  7 16:12:19 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:49 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1709.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mark

  had a couple this morning around 10.30 (BST)

normally relates to RBL's timing out for me..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Mark Pottage wrote:
> Has anyone any ideas on the below?
>
> Spam Report Timed Out.
>
> Systems are running:
>
> SendMail version:  ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6
> ClamAV version:  0.75
> BitDefender version:  7.0 build 2492
> SpamAssassin version: 2.63
>
>
> Size:         3.3Kb
> Virus:         N
> Blocked File:          N
> Other Infection:       N
> Report:
> Spam:          N   Action(s): deliver
> High Scoring Spam:     N
> Listed in RBL:         N
> Whitelisted:   N
> Blacklisted:   N
> SpamAssassin Spam:     N
> SpamAssassin Autolearn:        N
> SpamAssassin Score:   0.00
> Spam Report:  timed out
> Archive:

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 16:33:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1710.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please could a few people test this for me?

It's a new release of the MIME-tools and is available at
http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz

Note that you must upgrade to MIME::Base64 version 3.01 or newer, before
you attempt to install this new version of MIME-tools.

Please can you let me know of any problems.

If everything works, this will be shipped as part of the next release, and
will be a compulsory upgrade as I will remove the work-arounds that I have
added into MailScanner, to handle the bugs in the previous 5.411 version.

Thanks folks!
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Tue Sep  7 16:46:59 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:49 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1711.1137101209.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Tuesday, September 07, 2004 11:12 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SPAM Report - Timed out
>
> Mark
>
>   had a couple this morning around 10.30 (BST)
>
> normally relates to RBL's timing out for me..
>
>

I'm working with Mark on this problem and it appears that there were three
problems - which always makes it a bit difficult to solve.

1. As Julian suggested there was a ruleset which contained the line:
        To:     <IP_Address>    no

2. Running The MailWatch SpamAssassin lint test showed that
        debug: RBL: success for 0 of 1 queries                  13.12644
        debug: RBL: timeout for rfci-dsn after 20 seconds        0.00019

So find the rule that's timing out:
        # cd /usr/share/spamassassin
        # grep -i rfci-dsn *
         20_dnsbl_tests.cf:header DNS_FROM_RFCI_DSN
eval:check_rbl_from_host('rfci-dsn', 'dsn.rfc-ignorant.org.')


vi /etc/MailScanner/spam.assassin.prefs.conf to add the line:

        score DNS_FROM_RFCI_DSN         0.0

And reload MailScanner and:

        time spamassassin -D \
        -p /etc/MailScanner/spam.assassin.prefs.cond --lint

Dropped from around 20 seconds to about 8 seconds.

3. It also looked like razor was running a bit slow so we turned off razor
checks and time to run spamassassin --lint tests dropped to around 2
seconds.

Is anyone else seeing these same or similar problems?

Thanks,

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

 --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Mark Pottage wrote:
> > Has anyone any ideas on the below?
> >
> > Spam Report Timed Out.
> >
> > Systems are running:
> >
> > SendMail version:  ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6
> > ClamAV version:  0.75
> > BitDefender version:  7.0 build 2492
> > SpamAssassin version: 2.63
> >
> >
> > Size:         3.3Kb
> > Virus:         N
> > Blocked File:          N
> > Other Infection:       N
> > Report:
> > Spam:          N   Action(s): deliver
> > High Scoring Spam:     N
> > Listed in RBL:         N
> > Whitelisted:   N
> > Blacklisted:   N
> > SpamAssassin Spam:     N
> > SpamAssassin Autolearn:        N
> > SpamAssassin Score:   0.00
> > Spam Report:  timed out
> > Archive:
>
> **********************************************************************



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Christo at IT4AFRICA.CO.ZA  Tue Sep  7 17:00:36 2004
From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate {Virus Scanned}
Message-ID: <mailman.1712.1137101209.24926.mailscanner@lists.mailscanner.info>

I installed and upgraded MIME::Base64 from CPAN. MailSCanner complained
about MIME::Decoder must be a newer version. I installed from CPAN and all
is OK.

Running FC1 latest sendmail and latest MS



> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Tuesday, September 07, 2004 5:33 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MIME-tools 5.412 Release Candidate {Virus Scanned}
>
> Please could a few people test this for me?
>
> It's a new release of the MIME-tools and is available at
> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>
> Note that you must upgrade to MIME::Base64 version 3.01 or
> newer, before you attempt to install this new version of MIME-tools.
>
> Please can you let me know of any problems.
>
> If everything works, this will be shipped as part of the next
> release, and will be a compulsory upgrade as I will remove
> the work-arounds that I have added into MailScanner, to
> handle the bugs in the previous 5.411 version.
>
> Thanks folks!
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> MailScanner thanks transtec Computers for their support.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Sep  7 17:01:26 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1713.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Please could a few people test this for me?
>
> It's a new release of the MIME-tools and is available at
> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>
> Note that you must upgrade to MIME::Base64 version 3.01 or newer, before
> you attempt to install this new version of MIME-tools.
>
> Please can you let me know of any problems.
>
> If everything works, this will be shipped as part of the next release, and
> will be a compulsory upgrade as I will remove the work-arounds that I have
> added into MailScanner, to handle the bugs in the previous 5.411 version.

I had some problems at the install, but now it looks ok.  I upgraded
MIME::Base64 and then installed MIME-tools from the package and I got that:

Shutting down MailScanner daemons:
          MailScanner:                                      [  OK  ]
          incoming sendmail:                                [  OK  ]
          outgoing sendmail:                                [  OK  ]
Starting MailScanner daemons:
          incoming sendmail:                                [  OK  ]
          outgoing sendmail:                                [  OK  ]
          MailScanner:       FATAL: Newer MIME-tools module needed: 1.3
  is only MIME::Words -- 5.404 required at /usr/sbin/MailScanner line 839
                                                            [  OK  ]
[root@mta1 MIME-tools-5.412-RC1]# MailScanner -v
This is Perl version 5.008003
This is MailScanner version 4.32.4
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.35    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.122   IO::Pipe
1.3     MIME::Decoder
1.1     MIME::Decoder::UU
1.3     MIME::Head
1.6     MIME::Parser
5.412   MIME::Tools
0.10    Net::CIDR
1.07    POSIX
1.76    Socket
0.04    Sys::Syslog
1.02    Time::localtime

Then, I upgraded MIME::Words from CPAN, but I had to force it, and now
it seems to be working.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Tue Sep  7 17:19:52 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1714.1137101209.24926.mailscanner@lists.mailscanner.info>

No problems on two systems.

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: Tuesday, September 07, 2004 11:33 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MIME-tools 5.412 Release Candidate
>
> Please could a few people test this for me?
>
> It's a new release of the MIME-tools and is available at
> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>
> Note that you must upgrade to MIME::Base64 version 3.01 or newer, before
> you attempt to install this new version of MIME-tools.
>
> Please can you let me know of any problems.
>
> If everything works, this will be shipped as part of the next release, and
> will be a compulsory upgrade as I will remove the work-arounds that I have
> added into MailScanner, to handle the bugs in the previous 5.411 version.
>
> Thanks folks!
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rabellino at DI.UNITO.IT  Tue Sep  7 17:36:34 2004
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1715.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> Please could a few people test this for me?
>
> It's a new release of the MIME-tools and is available at
> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>
> Note that you must upgrade to MIME::Base64 version 3.01 or newer, before
> you attempt to install this new version of MIME-tools.
>
> Please can you let me know of any problems.
>
> If everything works, this will be shipped as part of the next release, and
> will be a compulsory upgrade as I will remove the work-arounds that I have
> added into MailScanner, to handle the bugs in the previous 5.411 version.
>
> Thanks folks!
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
The installation of MIME-tools was straight, but then MailScanner won't start complaining about incorrect versions in
the MIME-tools.
I've changed (after 7 tries...) all the new module version presented by MailScanner in the error log. Now all is running
fine (it seems...)

Changes in MailScanner startup file:

   my %mime_required = (
                        Parser     => "1.6",
                        Entity     => "1.3",
                        Tools      => "5.410",
                        Words      => "1.3",
                        Head       => "1.3",
                        Decoder    => "1.3",
                        Body       => "1.2",
   );

Bye.
--
Dott. Sergio Rabellino

  Technical Staff
  Department of Computer Science
  University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Tue Sep  7 17:39:03 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1716.1137101209.24926.mailscanner@lists.mailscanner.info>

On Tue, 7 Sep 2004 12:01:26 -0400, Ugo Bellavance <ugob@camo-route.com> wrote:

> I had some problems at the install, but now it looks ok.  I upgraded
> MIME::Base64 and then installed MIME-tools from the package and I got that:
>
> Shutting down MailScanner daemons:
>           MailScanner:                                      [  OK  ]
>           incoming sendmail:                                [  OK  ]
>           outgoing sendmail:                                [  OK  ]
> Starting MailScanner daemons:
>           incoming sendmail:                                [  OK  ]
>           outgoing sendmail:                                [  OK  ]
>           MailScanner:       FATAL: Newer MIME-tools module needed: 1.3
>   is only MIME::Words -- 5.404 required at /usr/sbin/MailScanner line 839
>                                                             [  OK  ]

Exactly the same problem here, with RedHat 9

> Then, I upgraded MIME::Words from CPAN, but I had to force it, and now
> it seems to be working.

Had to do the same here, as tests failed.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Tue Sep  7 17:40:12 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1717.1137101209.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Julian Field wrote:
>
>> Please could a few people test this for me?
>>
>> It's a new release of the MIME-tools and is available at
>> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>>
>> Note that you must upgrade to MIME::Base64 version 3.01 or newer,
>> before you attempt to install this new version of MIME-tools.
>>
>> Please can you let me know of any problems.
>>
>> If everything works, this will be shipped as part of the next
>> release, and will be a compulsory upgrade as I will remove the
>> work-arounds that I have added into MailScanner, to handle the bugs
>> in the previous 5.411 version.
>
> I had some problems at the install, but now it looks ok.  I upgraded
> MIME::Base64 and then installed MIME-tools from the package
> and I got that:
>
> Shutting down MailScanner daemons:
>           MailScanner:                                      [  OK  ]
>           incoming sendmail:                                [  OK  ]
>           outgoing sendmail:                                [  OK  ]
>           Starting MailScanner daemons: incoming sendmail:
>           [  OK  ] outgoing sendmail:
>           [  OK  ] MailScanner:       FATAL: Newer MIME-tools module
> needed: 1.3
>   is only MIME::Words -- 5.404 required at
> /usr/sbin/MailScanner line 839
>                                                             [  OK  ]
> [root@mta1 MIME-tools-5.412-RC1]# MailScanner -v This is Perl
> version 5.008003 This is MailScanner version 4.32.4 Module
> versions are:
> 1.00    AnyDBM_File
> 1.12    Archive::Zip
> 1.01    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.72    File::Basename
> 2.07    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.14    File::Temp
> 1.27    HTML::Entities
> 3.35    HTML::Parser
> 2.28    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.122   IO::Pipe
> 1.3     MIME::Decoder
> 1.1     MIME::Decoder::UU
> 1.3     MIME::Head
> 1.6     MIME::Parser
> 5.412   MIME::Tools
> 0.10    Net::CIDR
> 1.07    POSIX
> 1.76    Socket
> 0.04    Sys::Syslog
> 1.02    Time::localtime
>
> Then, I upgraded MIME::Words from CPAN, but I had to force
> it, and now it seems to be working.

Same problem and workaround here on Fedora Core 1.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rabellino at DI.UNITO.IT  Tue Sep  7 17:45:03 2004
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1718.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Randal, Phil wrote:
> MailScanner mailing list wrote:
>
>>Julian Field wrote:
>>
>>
>>>Please could a few people test this for me?
>>>
>>>It's a new release of the MIME-tools and is available at
>>>http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>>>
>>>Note that you must upgrade to MIME::Base64 version 3.01 or newer,
>>>before you attempt to install this new version of MIME-tools.
>>>
>>>Please can you let me know of any problems.
>>>
>>>If everything works, this will be shipped as part of the next
>>>release, and will be a compulsory upgrade as I will remove the
>>>work-arounds that I have added into MailScanner, to handle the bugs
>>>in the previous 5.411 version.
>>
>>I had some problems at the install, but now it looks ok.  I upgraded
>>MIME::Base64 and then installed MIME-tools from the package
>>and I got that:
>>
>>Shutting down MailScanner daemons:
>>          MailScanner:                                      [  OK  ]
>>          incoming sendmail:                                [  OK  ]
>>          outgoing sendmail:                                [  OK  ]
>>          Starting MailScanner daemons: incoming sendmail:
>>          [  OK  ] outgoing sendmail:
>>          [  OK  ] MailScanner:       FATAL: Newer MIME-tools module
>>needed: 1.3
>>  is only MIME::Words -- 5.404 required at
>>/usr/sbin/MailScanner line 839
>>                                                            [  OK  ]
>>[root@mta1 MIME-tools-5.412-RC1]# MailScanner -v This is Perl
>>version 5.008003 This is MailScanner version 4.32.4 Module
>>versions are:
>>1.00    AnyDBM_File
>>1.12    Archive::Zip
>>1.01    Carp
>>1.119   Convert::BinHex
>>1.00    DirHandle
>>1.05    Fcntl
>>2.72    File::Basename
>>2.07    File::Copy
>>2.01    FileHandle
>>1.06    File::Path
>>0.14    File::Temp
>>1.27    HTML::Entities
>>3.35    HTML::Parser
>>2.28    HTML::TokeParser
>>1.21    IO
>>1.10    IO::File
>>1.122   IO::Pipe
>>1.3     MIME::Decoder
>>1.1     MIME::Decoder::UU
>>1.3     MIME::Head
>>1.6     MIME::Parser
>>5.412   MIME::Tools
>>0.10    Net::CIDR
>>1.07    POSIX
>>1.76    Socket
>>0.04    Sys::Syslog
>>1.02    Time::localtime
>>
>>Then, I upgraded MIME::Words from CPAN, but I had to force
>>it, and now it seems to be working.
>
>
> Same problem and workaround here on Fedora Core 1.
>
> Phil

But doing the install MIME::Words from cpan, you got a reinstallation of MIME-tools 5.411, so a jump back in the release
of all the package... or I'm wrong ?

Ps. I'm using MS 4.32.5 on solaris 9 sparc.
--
Dott. Sergio Rabellino

  Technical Staff
  Department of Computer Science
  University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From prandal at HEREFORDSHIRE.GOV.UK  Tue Sep  7 17:49:14 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1719.1137101209.24926.mailscanner@lists.mailscanner.info>

> But doing the install MIME::Words from cpan, you got a
> reinstallation of MIME-tools 5.411, so a jump back in the
> release of all the package... or I'm wrong ?
>
> Ps. I'm using MS 4.32.5 on solaris 9 sparc.
> --
> Dott. Sergio Rabellino

Yes, but at least it is working.  Good catch...

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 17:55:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1720.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:49 07/09/2004, you wrote:
> > But doing the install MIME::Words from cpan, you got a
> > reinstallation of MIME-tools 5.411, so a jump back in the
> > release of all the package... or I'm wrong ?
> >
> > Ps. I'm using MS 4.32.5 on solaris 9 sparc.
> > --
> > Dott. Sergio Rabellino
>
>Yes, but at least it is working.  Good catch...

In which case you must reinstall the patched version of MIME-tools so that
you get all the security patches. Vanilla 5.411 is dangerous.

Thanks for trying guys. I have found a major bug in it myself, and punted
it all back to the maintainer. Hopefully rc2 will be better. I have also
made a change to /usr/sbin/MailScanner to remove most of the version number
checks as they fail with this new version.

When I point you to rc2, I will also give you a patch for MailScanner so
that the version number checks work.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Tue Sep  7 17:58:52 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:49 2006
Subject: MIME-tools 5.412 Release Candidate
Message-ID: <mailman.1721.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> It's a new release of the MIME-tools and is available at
>> http://www.mimedefang.org/static/MIME-tools-5.412-RC1.tar.gz
>>
>> Note that you must upgrade to MIME::Base64 version 3.01 or newer, before
>> you attempt to install this new version of MIME-tools.

It broke a install on my FC1 machine, had to install several updates of
perl modules to get things going again...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From housey at TALK21.COM  Tue Sep  7 19:34:40 2004
From: housey at TALK21.COM (Paul Houselander)
Date: Thu Jan 12 21:26:49 2006
Subject: dbf file corruption?
Message-ID: <mailman.1722.1137101209.24926.mailscanner@lists.mailscanner.info>

Hi

Im hoping someone can give a few pointers as to what
maybe going wrong here.

I have a customer who uses an application called
freight force, this application generates a dbf file
that gets sent via email to a user who imports it into
an accounting application (I think Sage).

This works fine unless it passes through MailScanner.

Both the users have local accounts on my mail server,
if they send/receive this file (using Outlook)
something becomes corrupted, when they do the import
into Sage the data is not readable.

If the user sends the file from his hotmail account to
the local account, its ok? even though it passes
through MailScanner.

If the user sends the file from his local account to a
hotmail account, again the file is ok? again even
though it passes through MailScanner.

So in summary if the users both use there local
accounts, the dbf file gets scanned by MailScanner but
when delivered it becomes unreadable.

I can recreate at will, and can give a copy
(off-list)of the dbf file to anyone interested.

I compared a scanned and unscanned version of the file
using UltraEdit 32, and the hex values of the files
are different.

Its causing me a real headache and any guidance would
be appreciated.

Thanks

Paul Houselander





___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun!  http://uk.messenger.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Tue Sep  7 20:26:39 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:49 2006
Subject: BAYES_99 5.40 - and I didn't configure MailScanner to work with
    BAYES
Message-ID: <mailman.1723.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6388.0">
<TITLE>BAYES_99 5.40 - and I didn&#8217;t configure MailScanner to work with BAYES</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Hello,</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">I have a strange phenomena, just email that come from a web based mail server like hotmail ,yahoo etc&#8230; get the score BAYES_99 5.40 </FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">Even if they are not spam and don&#8217;t contain nothing special.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT SIZE=2 FACE="Arial">I am using mailscanner-4.32.5-1 and spamassassin-2.64 without using BAYES,</FONT> <FONT FACE="Times New Roman">Razor, DCC or Pyzor.</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Times New Roman">Anybody?</FONT></SPAN></P>

<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Times New Roman">Thanks a lot.</FONT></SPAN></P>
<BR>
<BR>
<BR>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ugob at CAMO-ROUTE.COM  Tue Sep  7 20:37:37 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: BAYES_99 5.40 - and I didn't configure MailScanner to work
    with BAYES
Message-ID: <mailman.1724.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Idan Plotnik wrote:

> Hello,
> 
> I have a strange phenomena, just email that come from a web based mail 
> server like hotmail ,yahoo etc^Å get the score BAYES_99 5.40
> 
> Even if they are not spam and don^Òt contain nothing special.
> 
> I am using mailscanner-4.32.5-1 and spamassassin-2.64 without using 
> BAYES, Razor, DCC or Pyzor.

How and where did you disable bayes?

> 
> Anybody?
> 
> Thanks a lot.
> 
> 
> 
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From martelm at QUARK.VSC.EDU  Tue Sep  7 20:53:37 2004
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:26:49 2006
Subject: Using Rules to sign Clean Messages
Message-ID: <mailman.1725.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
hello!

I'm trying to implement the Sign Clean Messages as a Ruleset in the latest
release of MailScanner (See below for versions).

In my MailScanner.conf dile I've got this.

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
#Sign Clean Messages = yes
Sign Clean Messages = /opt/VSC-MailScanner/rules/signing.rules

My signing.rules looks like this :

From:           *@hemlock.vsc.edu       yes
FromOrTo:       default                 no

Which I _thought_ that my reading of the examples would sign clean messages
from my server, but not sign any other clean messages.

I'm sure it's something stupid that I'm missing.

Thanks for any help!


[root@hemlock rules]# /opt/MailScanner/bin/MailScanner -v
Running on
Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003
i686 unknown
This is Red Hat Linux release 7.3 (Valhalla)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.33.3
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
2.20    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.64    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV
0.48    Net::DNS


Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   martelm@quark.vsc.edu          | Vermont State Colleges
   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 21:07:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: Using Rules to sign Clean Messages
Message-ID: <mailman.1726.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:53 07/09/2004, you wrote:
>hello!
>
>I'm trying to implement the Sign Clean Messages as a Ruleset in the latest
>release of MailScanner (See below for versions).
>
>In my MailScanner.conf dile I've got this.
>
># Add the "Inline HTML Signature" or "Inline Text Signature" to the end
># of uninfected messages?
># This can also be the filename of a ruleset.
>#Sign Clean Messages = yes
>Sign Clean Messages = /opt/VSC-MailScanner/rules/signing.rules
>
>My signing.rules looks like this :
>
>From:           *@hemlock.vsc.edu       yes
>FromOrTo:       default                 no
>
>Which I _thought_ that my reading of the examples would sign clean messages
>from my server, but not sign any other clean messages.

Try adding the Envelope From header (it's in MailScanner.conf) to check
that the envelope sender is actually what you think it is. Remember it's
the envelope address that matters, not the "From:" in the headers of the
message.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martelm at QUARK.VSC.EDU  Tue Sep  7 21:13:07 2004
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:26:49 2006
Subject: Using Rules to sign Clean Messages
Message-ID: <mailman.1727.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--On Tuesday, September 7, 2004 9:07 PM +0100 Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

> Try adding the Envelope From header (it's in MailScanner.conf) to check
> that the envelope sender is actually what you think it is. Remember it's
> the envelope address that matters, not the "From:" in the headers of the
> message.

That is set, but dummy me configured my Mail Client to send as
michael.martel@vsc.edu instead of user@hemlock.vsc.edu . Now it works fine.

Is it more correct to use the rule like this :

From:           *@hemlock.vsc.edu       yes
From:           default                 no

As opposed to FromOrTo: since I don't care whom it's to ?

Thanks for your help, I knew it was soemthing I was doing wrong!

Michael

--

  --------------------------------o---------------------------------
   Michael H. Martel              | Systems Administrator
   martelm@quark.vsc.edu          | Vermont State Colleges
   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep  7 21:22:31 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: Using Rules to sign Clean Messages
Message-ID: <mailman.1728.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:13 07/09/2004, you wrote:
>That is set, but dummy me configured my Mail Client to send as
>michael.martel@vsc.edu instead of user@hemlock.vsc.edu . Now it works fine.
>
>Is it more correct to use the rule like this :
>
>From:           *@hemlock.vsc.edu       yes
>From:           default                 no
>
>As opposed to FromOrTo: since I don't care whom it's to ?

Better to specify the default as FromOrTo: or else you aren't explicitly
setting the default for all possible cases. It doesn't make any difference
really, but it's better to put it in.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Wed Sep  8 00:01:32 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:49 2006
Subject: MajorSophos
Message-ID: <mailman.1729.1137101209.24926.mailscanner@lists.mailscanner.info>

(not sure if the author wants this sent to the mailscanner list, or to
him directly, sorry if this was the wrong choice)


MajorSophos uses mktemp for the TMPDIR initialization, but mktemp isn't
very portable (at least not to Solaris 8).  Here's what I did:

around line 99-101, I changed:

          TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`

to:

          TMPDIR="/tmp/$BASE.$$"
          mkdir -m 700 $TMPDIR


($$ is "unique enough", considering the directory is short-lived, and
process numbers are unique)


Also, for the opening variables, it might be nice to have standard
alternate variables in comments.  Like this (though, for your std.
distribution, you might want to reverse which ones I have commented vs
uncommented):

# Program to run to install Sophos after downloading it.
# This is the script provided with MailScanner,
# not the script provided with Sophos.
#INSTALL=/usr/sbin/Sophos.install
INSTALL=/opt/MailScanner/bin/Sophos.install


# --------Sophos version reporting--------------------------------
# Set the location of the MailScanner wrapper for Sophos sweep.
# This is only used to report the Sophos version.  If it is wrong,
# it won't prevent the successful download or installation.
#WRAP=/usr/lib/MailScanner/sophos-wrapper
WRAP=/opt/MailScanner/lib/sophos-wrapper

# Set the directory name where Sophos is installed. This is only
# used for version reporting, it doesn't affect where the new
# version will be installed.
#SOPHOSDIR=/usr/local/Sophos
SOPHOSDIR=/opt/sophos



Otherwise, great script!  Thank you!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Wed Sep  8 01:39:36 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:49 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1730.1137101209.24926.mailscanner@lists.mailscanner.info>

I have an email address that is forwarded from another server to an
email account that I host, and mail coming from this particular server
never triggers the spam filter.  Is there a way to have mailscanner drop
a known server from the headers to allow the spam filter to work more
accurately?

Regards,

Matt Bullock
Network Administrator
Troika Networks, Inc.
805.367.2728
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From listas at VIRUSATTACK.COM.AR  Wed Sep  8 05:21:52 2004
From: listas at VIRUSATTACK.COM.AR (Ignacio M. Sbampato)
Date: Thu Jan 12 21:26:49 2006
Subject: MailScanner 4.33.3-1 & NOD32 2.04-1
Message-ID: <mailman.1731.1137101209.24926.mailscanner@lists.mailscanner.info>

Guys,

i'm having some troubles with latest version of NOD32 & MailScanner (fresh
install). MailScanner is running and processing emails (according to logs
and emails headers) and it's running NOD32 (according to nod32.log - i
modified nod32-wrapper to write in the log with param --log) but the virus
aren't detected (subjet isn't being modified with {VIRUS?}text) or deleted
from messages.

I'm using NOD32 2.04-1 (latest), so i configured MailScanner.conf to use
nod32-1.99 as Virus Scanner. Virus Scanning is turned on.

I noted some differences between current nod32.log and the one was generated
by previous versions of NOD32 (like the first 1.99). Now, NOD32 is
generating log file as following:

--------> cut <---------

Signatures database module, version 1.864 (20040907).
Archives support module, version 1.019 (20040823).
Advanced heuristics module, version 1.010 (20040902).

Command line: --log --arch --all

Scanning started on 09-08-2004, 06:09:29
object="file",
name="/var/spool/MailScanner/incoming/2699/BB75C1B819A/your_letter.pif",
virus="Win32/Netsky.D worm", action="", info="", lines=0

Scanning finished at 06:09:29, total time: 0 sec (0:00:00)
Total files:    3
Infected files: 1
Cleaned files:  0

--------> cut <---------

Could be this the problem?

According to 'man nod32' command, the return codes of NOD32 on-demmand
scanner (/usr/sbin/nod32) are the following:

--------> cut <---------

       0   - Everything ok, no viruses found.
       1   - All viruses were cleaned.
       10  - At least one virus was found.
       100 - Internal error occurred, no scanning performed.
       101 - Error occurred during archives unpacking, no scanning
performed.

--------> cut <---------

Are those the return codes expected by MailScanner?

The following is some information extracted from 'maillog' related to
previous message NOD32 scanning result:

--------> cut <---------

Sep  8 06:09:28 melkart MailScanner[2699]: New Batch: Scanning 1 messages,
26347 bytes
Sep  8 06:09:29 melkart MailScanner[2699]: Virus and Content Scanning:
Starting
Sep  8 06:09:29 melkart postfix/smtpd[4111]: connect from
unknown[192.168.0.18]
Sep  8 06:09:29 melkart MailScanner[2699]: Requeue: BB75C1B819A to
D5A311B819D
Sep  8 06:09:29 melkart postfix/qmgr[2648]: D5A311B819D:
from=<email@domain.com>, size=25914, nrcpt=4 (queue active)
Sep  8 06:09:29 melkart MailScanner[2699]: Uninfected: Delivered 1 messages
Sep  8 06:09:29 melkart postfix/smtpd[4111]: 6C3411B819A:
client=unknown[192.168.0.18]
Sep  8 06:09:29 melkart postfix/local[4123]: D5A311B819D:
to=<email@domain.com>, relay=local, delay=1, status=sent (delivered to
command: /usr/local/bin/maildrop)

--------> cut <---------

If anyone can help, it'll great =)

Regards,

Ignacio

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From carinus.carelse at MRC.AC.ZA  Wed Sep  8 06:12:00 2004
From: carinus.carelse at MRC.AC.ZA (Carinus Carelse)
Date: Thu Jan 12 21:26:49 2006
Subject: DB_File Error
Message-ID: <mailman.1732.1137101209.24926.mailscanner@lists.mailscanner.info>

Hi,

I am getting the error message below I wonder if anyone can help me.


debug: bayes: 23364 tie-ing to DB file R/O
/var/spool/MailScanner/spamassassin/bayes_toks
Use of uninitialized value in numeric gt (>) at
/usr/local/lib/perl5/5.8.3/sun4-solaris/DB_File.pm line 271.
Deep recursion on subroutine "DB_File::AUTOLOAD" at
/usr/local/lib/perl5/5.8.3/sun4-solaris/DB_File.pm line 234.

Carinus

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From idan at SECURENET.CO.IL  Wed Sep  8 07:16:24 2004
From: idan at SECURENET.CO.IL (Idan Plotnik)
Date: Thu Jan 12 21:26:49 2006
Subject: BAYES_99 5.40 - and I didn't configure MailScanner to work
    with BAYES
Message-ID: <mailman.1733.1137101209.24926.mailscanner@lists.mailscanner.info>

The BAYES is not configure in the local.cf file.

Thanks


-----Original Message-----
From: Ugo Bellavance [mailto:ugob@CAMO-ROUTE.COM] 
Sent: Tuesday, September 07, 2004 9:38 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: BAYES_99 5.40 - and I didn't configure MailScanner to work
with BAYES

Idan Plotnik wrote:

> Hello,
> 
> I have a strange phenomena, just email that come from a web based mail

> server like hotmail ,yahoo etc... get the score BAYES_99 5.40
> 
> Even if they are not spam and don't contain nothing special.
> 
> I am using mailscanner-4.32.5-1 and spamassassin-2.64 without using 
> BAYES, Razor, DCC or Pyzor.

How and where did you disable bayes?

> 
> Anybody?
> 
> Thanks a lot.
> 
> 
> 
> 
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Wed Sep  8 07:50:08 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:49 2006
Subject: BAYES_99 5.40 - and I didn't configure MailScanner to work
    with BAYES
Message-ID: <mailman.1734.1137101209.24926.mailscanner@lists.mailscanner.info>

On Wed, 8 Sep 2004 09:16:24 +0300, Idan Plotnik <idan@securenet.co.il> wrote:
> The BAYES is not configure in the local.cf file.

That's great, why are you unable to
a)  read the instructions that come with MailScanner?
b)  search the archives?

a) reading the instructions would tell you this:

In MailScanner.conf around line 1235, there's these 4 lines:

# Set the location of the SpamAssassin user_prefs file. If you want to
# stop SpamAssassin doing all the RBL checks again, then you can add
# "skip_rbl_checks = 1" to this prefs file.
SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf

in spam.assassin.prefs.conf on about line 141:

# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0

b) searching the archive for disable bayes would have returned this
email on the first page of results:

http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0308&L=mailscanner&P=R55835&I=-1

Stop being so lazy.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  8 07:52:29 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:49 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1735.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Given all the dependency errors I think I am going to try and install the
tarball version.

Is there any way of verifying that the packages from tarball did / did not
install correctly? Perl+CPAN still seems like a form of black magic to me

Thanks!


On Tue, 7 Sep 2004, Julian Field wrote:

> At 23:12 06/09/2004, you wrote:
>> OK, I'll include some more errors:
>
> Boy, you sure got a lot of errors. I think you are going to have to install
> by hand. If you try to install Mail-SPF-Query and Mail-SpamAssassin, how many
> failed dependencies do you get? Not many, I suspect.
>
> Mail-SPF-Query is optional for SpamAssassin, but it won't do SPF checks
> without it.
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  8 09:35:16 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:49 2006
Subject: Using Rules to sign Clean Messages
Message-ID: <mailman.1736.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michael

I use the 'From:' rule being an ip-address range . in my case it's

From:   10.1.1  yes
FromOrTo:       default                 no

stops spam with 'from' etc being faked...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Michael H. Martel wrote:
> hello!
>
> I'm trying to implement the Sign Clean Messages as a Ruleset in the latest
> release of MailScanner (See below for versions).
>
> In my MailScanner.conf dile I've got this.
>
> # Add the "Inline HTML Signature" or "Inline Text Signature" to the end
> # of uninfected messages?
> # This can also be the filename of a ruleset.
> #Sign Clean Messages = yes
> Sign Clean Messages = /opt/VSC-MailScanner/rules/signing.rules
>
> My signing.rules looks like this :
>
> From:           *@hemlock.vsc.edu       yes
> FromOrTo:       default                 no
>
> Which I _thought_ that my reading of the examples would sign clean messages
> from my server, but not sign any other clean messages.
>
> I'm sure it's something stupid that I'm missing.
>
> Thanks for any help!
>
>
> [root@hemlock rules]# /opt/MailScanner/bin/MailScanner -v
> Running on
> Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003
> i686 unknown
> This is Red Hat Linux release 7.3 (Valhalla)
> This is Perl version 5.008005 (5.8.5)
> This is MailScanner version 4.33.3
> Module versions are:
> 1.00    AnyDBM_File
> 1.13    Archive::Zip
> 1.03    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.73    File::Basename
> 2.08    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.14    File::Temp
> 1.27    HTML::Entities
> 3.36    HTML::Parser
> 2.28    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.123   IO::Pipe
> 2.20    MIME::Base64
> 5.403   MIME::Decoder
> 5.403   MIME::Decoder::UU
> 5.403   MIME::Head
> 5.406   MIME::Parser
> 5.411   MIME::Tools
> 0.09    Net::CIDR
> 1.08    POSIX
> 1.77    Socket
> 0.05    Sys::Syslog
> 1.02    Time::localtime
> Optional module versions are:
> 2.64    Mail::SpamAssassin
> missing Net::LDAP
> missing SAVI
> missing Mail::ClamAV
> 0.48    Net::DNS
>
>
> Michael
>
> --
>
>  --------------------------------o---------------------------------
>   Michael H. Martel              | Systems Administrator
>   martelm@quark.vsc.edu          | Vermont State Colleges
>   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Wed Sep  8 09:59:39 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:49 2006
Subject: MajorSophos
Message-ID: <mailman.1737.1137101209.24926.mailscanner@lists.mailscanner.info>

>MajorSophos uses mktemp for the TMPDIR initialization, but mktemp isn't
>very portable (at least not to Solaris 8).  Here's what I did:
>around line 99-101, I changed:
>         TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`
>to:
>          TMPDIR="/tmp/$BASE.$$"
>          mkdir -m 700 $TMPDIR
>($$ is "unique enough", considering the directory is short-lived, and
>process numbers are unique)

Process numbers may be unique but they are predictable, therefore should
not be used for creating temporary files and directories.
Perhaps a better solution may be...

TMPDIR= `perl -e "use File::Temp tempdir; print (tempdir( 'BASE.XXXXXX',
TMPDIR => 1))"`

(excuse the wrapping of the line)

File::Temp is a standard perl module so this should work on any system
with perl - which is kinda necessary for MailScanner ;)




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 10:13:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: dbf file corruption?
Message-ID: <mailman.1738.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This may be a quoted-printable encoding problem, due to a bug in Outlook
which causes it to break qp-encoded files in a few situations. We are
working on a workaround for this, hopefully we will have something ready soon.

The most common case by far is windows-generated pdf files sent from
Outlook. It incorrectly qp encodes these files which breaks them as it gets
the qp encoding wrong :-(

At 19:34 07/09/2004, you wrote:
>Hi
>
>Im hoping someone can give a few pointers as to what
>maybe going wrong here.
>
>I have a customer who uses an application called
>freight force, this application generates a dbf file
>that gets sent via email to a user who imports it into
>an accounting application (I think Sage).
>
>This works fine unless it passes through MailScanner.
>
>Both the users have local accounts on my mail server,
>if they send/receive this file (using Outlook)
>something becomes corrupted, when they do the import
>into Sage the data is not readable.
>
>If the user sends the file from his hotmail account to
>the local account, its ok? even though it passes
>through MailScanner.
>
>If the user sends the file from his local account to a
>hotmail account, again the file is ok? again even
>though it passes through MailScanner.
>
>So in summary if the users both use there local
>accounts, the dbf file gets scanned by MailScanner but
>when delivered it becomes unreadable.
>
>I can recreate at will, and can give a copy
>(off-list)of the dbf file to anyone interested.
>
>I compared a scanned and unscanned version of the file
>using UltraEdit 32, and the hex values of the files
>are different.
>
>Its causing me a real headache and any guidance would
>be appreciated.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Wed Sep  8 10:39:05 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:49 2006
Subject: MajorSophos
Message-ID: <mailman.1739.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sep 8, 2004, at 1:59 AM, Spicer, Kevin wrote:

>> MajorSophos uses mktemp for the TMPDIR initialization, but mktemp
>> isn't
>> very portable (at least not to Solaris 8).  Here's what I did:
>> around line 99-101, I changed:
>>         TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`
>> to:
>>          TMPDIR="/tmp/$BASE.$$"
>>          mkdir -m 700 $TMPDIR
>> ($$ is "unique enough", considering the directory is short-lived, and
>> process numbers are unique)
>
> Process numbers may be unique but they are predictable, therefore
> should
> not be used for creating temporary files and directories.
>

Can you please explain the logic there?

Unless you're dealing with something where you're worried about someone
being able to access the resulting temp file/directory, I don't see why
predictable is a bad thing.  For one, MajorSophos tempfiles are also
predictable (no matter which method you use), because they're named
"/tmp/MajorSophos.sh.*".  It just doesn't seem to matter that the *
might be a process ID.  Since you're only likely to have one
MajorSophos process running at one time, it's not like having the
process ID in the tmp file is going to give anything away because it'll
be the only MajorSophos in the ps listing (nor is knowing the process
ID from ps going to make it easier to find the tmp directory: if
MajorSophos hasn't been failing, you'll only have one such directory in
/tmp).

For kerberos ticket caches, where the file is both sensitive and will
be around for at least 8-10 hours, I can see wanting to avoid
predictability ... but for the MajorSophos download directory?  Which
is short lived, and already highly predictable?  I don't see your
point.  Unique is _all_ you need.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mail-lists at KARAN.ORG  Wed Sep  8 10:42:01 2004
From: mail-lists at KARAN.ORG (Karanbir Singh)
Date: Thu Jan 12 21:26:49 2006
Subject: dbf file corruption?
Message-ID: <mailman.1740.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
hey Paul,

Paul Houselander wrote:
> Both the users have local accounts on my mail server,
> if they send/receive this file (using Outlook)
> something becomes corrupted, when they do the import
> into Sage the data is not readable.

Compress the file before sending it out - seems to resolve this issue.

- Karan

--
Karanbir Singh   : http://www.karan.org/
GnuPG Public Key : http://www.karan.org/publickey.asc

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From davidj at synaq.com  Wed Sep  8 10:45:01 2004
From: davidj at synaq.com (David Jacobson)
Date: Thu Jan 12 21:26:49 2006
Subject: bitdefender seg fault with kernel 2.6.8
Message-ID: <mailman.1741.1137101209.24926.mailscanner@lists.mailscanner.info>

Remove SELinux support and it works...

On Tue, 2004-09-07 at 12:28, David Jacobson wrote:
> Hi,
>
> I've been sending them e-mails back and fourth regarding this
> with core dump outputs/strace outputs ... experiencing the
> same problem here.  Good to know they releasing a patch, thanks.
>
> On Tue, 2004-09-07 at 10:43, Alessandro Bianchi wrote:
> > Hi everyone
> >
> > I've been tracking with bitdefender team a iussue  about seg faults
> > when scanning using bdc.
> >
> > I've discovered that bdc works fine with kernel 2.6.6 but fails with
> > seg fault if using kernel 2.6.8.
> >
> > If you are using bitdefender please keep this in mind and don't upgrade
> > your kernel.
> >
> > The bitdefender team is aware of this now.
> >
> > They have been very professional in support for a free product, and I
> > think they will release a patched version.
> >
> > Hope this may save someone'e else time
> >
> > Best regards
> >
> > Alessandro Bianchi
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> --
> Regards,
>
> David Jacobson
> Technical Director
> SYNAQ (PTY) LTD
>
> Tel:    011 290 6388
> Cell:   083 235 0760
> Mail:   davidj@synaq.com
> WWW:    http://www.synaq.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Regards,

David Jacobson
Technical Director
SYNAQ (PTY) LTD

Tel:    011 290 6388
Cell:   083 235 0760
Mail:   davidj@synaq.com
WWW:    http://www.synaq.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mail-lists at KARAN.ORG  Wed Sep  8 10:45:49 2004
From: mail-lists at KARAN.ORG (Karanbir Singh)
Date: Thu Jan 12 21:26:49 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1742.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
hey Matt,

Matt Bullock wrote:
> I have an email address that is forwarded from another server to an
> email account that I host, and mail coming from this particular server
> never triggers the spam filter.  Is there a way to have mailscanner drop

Unless you have a whitelist entry in place preventing this - every email
should go through the spam filters.

Run SA with SURBL, will catch most of your spam using the URI in the
spam itself.

- Karan

--
Karanbir Singh   : http://www.karan.org/
GnuPG Public Key : http://www.karan.org/publickey.asc

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From egtswnzxkeec at spammotel.com  Wed Sep  8 10:56:49 2004
From: egtswnzxkeec at spammotel.com (No Name)
Date: Thu Jan 12 21:26:49 2006
Subject: dbf file corruption?
Message-ID: <mailman.1743.1137101209.24926.mailscanner@lists.mailscanner.info>

>>This may be a quoted-printable encoding problem, due to a bug in Outlook
>>which causes it to break qp-encoded files in a few situations. We are
>>working on a workaround for this, hopefully we will have something ready soon.

>>The most common case by far is windows-generated pdf files sent from
>>Outlook. It incorrectly qp encodes these files which breaks them as it gets
>>the qp encoding wrong :-(

Foregive me to jump in here, but I am quite new to MailScanner and
interrested how this could happen.

In the doks it is stated:

"To minimise any chance of message corruption, any messages that are found to be entirely
clean and uninfected are moved directly between the two queues; no attempt is made to
rebuild them from their constituent MIME entities. A message is only rebuilt from its MIME
entities if an infection or dangerous filename was found, causing the replacement of the
attachment with a text message. "

So how could this happen ?
If I read this correct the whole message should have been passed to the output queue
untouched ?

Sorry if I missed anything obious here.

Frank

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Wed Sep  8 11:03:07 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:49 2006
Subject: MajorSophos
Message-ID: <mailman.1744.1137101209.24926.mailscanner@lists.mailscanner.info>

>>> MajorSophos uses mktemp for the TMPDIR initialization, but mktemp
>>> isn't
>>> very portable (at least not to Solaris 8).  Here's what I did:
>>> around line 99-101, I changed:
>>>         TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`
>>> to:
>>>          TMPDIR="/tmp/$BASE.$$"
>>>          mkdir -m 700 $TMPDIR
>>> ($$ is "unique enough", considering the directory is short-lived,
and
>>> process numbers are unique)
>>
>> Process numbers may be unique but they are predictable, therefore
>> should
>> not be used for creating temporary files and directories.
>>

> Can you please explain the logic there?

It was really just a general observation that creating predictable tmp
dirs is not best practice.  I take your point that it probably doesn't
really matter with majorSophos, that only unique is probably okay.  The
chances of an attacker (with shell access) messing up your Sophos
installation by predicting the temp directory name and using that to
mess with your sophos installation are minimal (I don't know what
majorSophos uses the temp dir for as I don't use it - so I couldn't say
what the impact of that might me).
One could argue that as the script only runs once per month you could
just create a directory with a static name as two instances of the
script are highly unlikely to run at the same time (not that I think
that's a good idea) - but the author chose not to do that, he also chose
not to use the process ID.  My suggestion replicates the original
behavior whereas yours (whilst probably adequate) does not.  

Regards

Kevin





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 11:57:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: dbf file corruption?
Message-ID: <mailman.1745.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:56 08/09/2004, you wrote:
> >>This may be a quoted-printable encoding problem, due to a bug in Outlook
> >>which causes it to break qp-encoded files in a few situations. We are
> >>working on a workaround for this, hopefully we will have something
> ready soon.
>
> >>The most common case by far is windows-generated pdf files sent from
> >>Outlook. It incorrectly qp encodes these files which breaks them as it gets
> >>the qp encoding wrong :-(
>
>Foregive me to jump in here, but I am quite new to MailScanner and
>interrested how this could happen.
>
>In the doks it is stated:
>
>"To minimise any chance of message corruption, any messages that are found
>to be entirely
>clean and uninfected are moved directly between the two queues; no attempt
>is made to
>rebuild them from their constituent MIME entities. A message is only
>rebuilt from its MIME
>entities if an infection or dangerous filename was found, causing the
>replacement of the
>attachment with a text message. "
>
>So how could this happen ?
>If I read this correct the whole message should have been passed to the
>output queue
>untouched ?
>
>Sorry if I missed anything obious here.

If you sign the message (Sign Clean Messages = yes) then it also has to
rebuild the message. Basically any change to the message body will force a
rebuild.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From torontodss at HOTMAIL.COM  Wed Sep  8 14:41:54 2004
From: torontodss at HOTMAIL.COM (Steve Cole)
Date: Thu Jan 12 21:26:49 2006
Subject: All mail is Spam
Message-ID: <mailman.1746.1137101209.24926.mailscanner@lists.mailscanner.info>

Alright I'm new at MS, and have tried SA in the past and that worked fine
with my setup. I decided to try MS and can't seem to get it going correctly.
My setup is that I'm fetchmailing a few ISP POP accounts. Works no problems.
The problem now is that MS marks ALL emails as {spam?}.

I'm running Fetchmail/Sendmail/

In advanced thanks for the replies.

Below you will find abit of info, hopefully give you guys an idea as to the
problem. also the blacklist file is blank, expect one line:

/etc/MailScanner/rules/spam.blacklist.rules
                     FromOrTo:       default         no

-----------------------------------------------------------------
Example email header:

From ugob at CAMO-ROUTE.COM  Wed Sep  8 14:50:55 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:49 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1747.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Bullock wrote:

> I have an email address that is forwarded from another server to an
> email account that I host, and mail coming from this particular server
> never triggers the spam filter.  Is there a way to have mailscanner drop
> a known server from the headers to allow the spam filter to work more
> accurately?

What do you use for spam filtering?  That won't work if you only use
DNSBL.  Spamassassin should look at all the headers.

>
> Regards,
>
> Matt Bullock
> Network Administrator
> Troika Networks, Inc.
> 805.367.2728
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 15:04:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:49 2006
Subject: All mail is Spam
Message-ID: <mailman.1748.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:41 08/09/2004, you wrote:
>Alright I'm new at MS, and have tried SA in the past and that worked fine
>with my setup. I decided to try MS and can't seem to get it going correctly.
>My setup is that I'm fetchmailing a few ISP POP accounts. Works no problems.
>The problem now is that MS marks ALL emails as {spam?}.

What do the spam reports in the header say?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  8 15:04:19 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:49 2006
Subject: All mail is Spam
Message-ID: <mailman.1749.1137101209.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve

what's the  MailScanner.conf file look like ??



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Steve Cole wrote:
> Alright I'm new at MS, and have tried SA in the past and that worked fine
> with my setup. I decided to try MS and can't seem to get it going correctly.
> My setup is that I'm fetchmailing a few ISP POP accounts. Works no problems.
> The problem now is that MS marks ALL emails as {spam?}.
>
> I'm running Fetchmail/Sendmail/
>
> In advanced thanks for the replies.
>
> Below you will find abit of info, hopefully give you guys an idea as to the
> problem. also the blacklist file is blank, expect one line:
>
> /etc/MailScanner/rules/spam.blacklist.rules
>                      FromOrTo:       default         no
>
> -----------------------------------------------------------------
> Example email header:
> From - Wed Sep 08 01:24:11 2004
> X-UIDL: 413e96e900000002
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <digii@gmail.com>
> Received: from localhost (localhost.localdomain [127.0.0.1])
>  by gateway.clarkconnect.lan (8.12.8/8.12.8) with ESMTP id i8851vvb009094
>  for <spammenow@localhost>; Wed, 8 Sep 2004 01:02:11 -0400
> X-Apparently-To: spammenow@rogers.com via 206.190.37.189; Tue, 07 Sep 2004
> 21:39:35 -0700
> X-Originating-IP: [64.233.170.205]
> Received: from pop1.rog.mail.vip.re2.yahoo.com [206.190.36.250]
>  by localhost with POP3 (fetchmail-6.2.0)
>  for spammenow@localhost (single-drop); Wed, 08 Sep 2004 01:02:11 -0400 (EDT)
> Received: from 64.233.170.205  (EHLO mproxy.gmail.com) (64.233.170.205)
>   by mta102.rog.mail.re2.yahoo.com with SMTP; Tue, 07 Sep 2004 21:39:35 -0700
> Received: by mproxy.gmail.com with SMTP id 73so377381rnl
>         for <spammenow@rogers.com>; Tue, 07 Sep 2004 21:39:32 -0700 (PDT)
> Received: by 10.38.59.62 with SMTP id h62mr150355rna;
>         Tue, 07 Sep 2004 21:39:32 -0700 (PDT)
> Received: by 10.38.181.34 with HTTP; Tue, 7 Sep 2004 21:39:32 -0700 (PDT)
> Message-ID: <a6afa0ee04090721395e92684c@mail.gmail.com>
> Date: Wed, 8 Sep 2004 00:39:32 -0400
> From: Digii <digii@gmail.com>
> Reply-To: Digii <digii@gmail.com>
> To: spammenow@rogers.com
> Subject: {Spam?} hey buz
> Mime-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> X-yoursite-MailScanner-Information: Please contact the ISP for more information
> X-yoursite-MailScanner: Found to be clean
> X-yoursite-MailScanner-SpamCheck: spam (blacklisted)
> X-MailScanner-From: digii@gmail.com
> Status:
>
> me tonight
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> -----------------------------------------------------------
>
> From my maillog file:
>
> ************
>
> Sep  8 01:01:52 gateway fetchmail[3977]: 2 messages for spammenow@rogers.com
> at pop1.rog.mail.vip.re2.yahoo.com (1929 octets).
> Sep  8 01:01:52 gateway fetchmail[3977]: reading message
> spammenow@rogers.com@pop1.rog.mail.vip.re2.yahoo.com:1 of 2 (965 octets)
> Sep  8 01:02:11 gateway sendmail[9094]: i8851vvb009094:
> from=<digii@gmail.com>, size=1094, class=0, nrcpts=1,
> msgid=<a6afa0ee04090721395e92
> 684c@mail.gmail.com>, bodytype=7BIT, proto=ESMTP, daemon=MTA,
> relay=localhost.localdomain [127.0.0.1]
> Sep  8 01:02:12 gateway fetchmail[3977]:  flushed
> Sep  8 01:02:13 gateway fetchmail[3977]: reading message
> spammenow@rogers.com@pop1.rog.mail.vip.re2.yahoo.com:2 of 2 (964 octets)
> Sep  8 01:02:13 gateway sendmail[9094]: i8851vvc009094:
> from=<digii@gmail.com>, size=1093, class=0, nrcpts=1,
> msgid=<a6afa0ee04090721594078
> 017c@mail.gmail.com>, bodytype=7BIT, proto=ESMTP, daemon=MTA,
> relay=localhost.localdomain [127.0.0.1]
> Sep  8 01:02:14 gateway fetchmail[3977]:  flushed
>
>
> Sep  8 01:11:14 gateway MailScanner[9807]: Spam Checks: Starting
> Sep  8 01:11:37 gateway MailScanner[9807]: Message i8851vvc009094 from
> 127.0.0.1 (digii@gmail.com) to localhost is spam (blacklisted)
> Sep  8 01:11:40 gateway MailScanner[9807]: Message i8851vvb009094 from
> 127.0.0.1 (digii@gmail.com) to localhost is spam (blacklisted)
> Sep  8 01:11:41 gateway MailScanner[9807]: Spam Checks: Found 2 spam messages
> Sep  8 01:11:43 gateway MailScanner[9807]: Spam Actions: message
> i8851vvc009094 actions are deliver
> Sep  8 01:11:45 gateway MailScanner[9807]: Spam Actions: message
> i8851vvb009094 actions are deliver
> Sep  8 01:11:51 gateway MailScanner[9807]: Spam Checks completed at 87 bytes
> per second
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From faraz.khan at inboxbiz.com  Wed Sep  8 15:31:33 2004
From: faraz.khan at inboxbiz.com (Faraz Khan)
Date: Thu Jan 12 21:26:49 2006
Subject: PDF problems with 4.33.3-1
Message-ID: <mailman.1750.1137101209.24926.mailscanner@lists.mailscanner.info>

I read the lists regarding PDF issues that were happening in May 2004. I am
using 4.33.3-1 with ClamAV ad PDF problems are STILL happening. Corruption of
pdf files happens if i enable virus scanning through ClamAV and enable
signing of messages.

Trying it out without the signing.. lets see if that works.

--
Faraz Khan
Busines Development Manager
Enterprise Solutions
Inbox Business Technologies (Pvt.) Ltd.
111-551-551
faraz.khan@inboxbiz.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From torontodss at HOTMAIL.COM  Wed Sep  8 15:33:20 2004
From: torontodss at HOTMAIL.COM (Steve Cole)
Date: Thu Jan 12 21:26:50 2006
Subject: All mail is Spam
Message-ID: <mailman.1751.1137101209.24926.mailscanner@lists.mailscanner.info>

I have lost connection (of course) to my machine at home, so until it comes
back up, I can't post the .conf file details.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Wed Sep  8 15:49:12 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1752.1137101210.24926.mailscanner@lists.mailscanner.info>

Thanks for the replies, Karanbir and Ugo.

I am running SA with RBL's, URI's etc. and these others:

99_FVGT_Tripwire.cf  bigevil.cf                bogus-virus-warnings.cf
random.current.cf  spamcop_uri.cf
antidrug.cf          bigevil.cf.20040902-0008  evilnumbers.cf 


Regards,

Matt Bullock
Troika Networks, Inc.
Network Administrator
805.367.2728

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Ugo Bellavance
Sent: Wednesday, September 08, 2004 6:51 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

Matt Bullock wrote:

> I have an email address that is forwarded from another server to an 
> email account that I host, and mail coming from this particular server

> never triggers the spam filter.  Is there a way to have mailscanner 
> drop a known server from the headers to allow the spam filter to work 
> more accurately?

What do you use for spam filtering?  That won't work if you only use
DNSBL.  Spamassassin should look at all the headers.

>
> Regards,
>
> Matt Bullock
> Network Administrator
> Troika Networks, Inc.
> 805.367.2728
>
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  8 16:01:06 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1753.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

don't use bigevil.cf, its absolutely huge (go on look at the size:-)

do use the surbl.org an spamcop_uri plugin which uses the same
data..which you say you are using, so take out he bigevil rules..it's
duplicating work.

I'd also look at drip feeding in the SARE rules from
www.rulesemporium.com, one at time and see how that helps.


as your original question have you looked at creating a ruleset for

Spam Checks = %rules-dir%/spam.rules



which in my case doesn't scan email the come from my LAN.


you should be able to pop in a rule that doesn't scan from this
particular host.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> Thanks for the replies, Karanbir and Ugo.
>
> I am running SA with RBL's, URI's etc. and these others:
>
> 99_FVGT_Tripwire.cf  bigevil.cf                bogus-virus-warnings.cf
> random.current.cf  spamcop_uri.cf
> antidrug.cf          bigevil.cf.20040902-0008  evilnumbers.cf
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ugo Bellavance
> Sent: Wednesday, September 08, 2004 6:51 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
> Matt Bullock wrote:
>
>
>>I have an email address that is forwarded from another server to an
>>email account that I host, and mail coming from this particular server
>
>
>>never triggers the spam filter.  Is there a way to have mailscanner
>>drop a known server from the headers to allow the spam filter to work
>>more accurately?
>
>
> What do you use for spam filtering?  That won't work if you only use
> DNSBL.  Spamassassin should look at all the headers.
>
>
>>Regards,
>>
>>Matt Bullock
>>Network Administrator
>>Troika Networks, Inc.
>>805.367.2728
>>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 16:08:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: PDF problems with 4.33.3-1
Message-ID: <mailman.1754.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Some work on that is going on right now, and I hope to have news and a beta
available within the next week.

In the mean time, if you don't sign the messages, they should be copied
directly from the input message with no re-encoding happening at all.

At 15:31 08/09/2004, you wrote:
>I read the lists regarding PDF issues that were happening in May 2004. I am
>using 4.33.3-1 with ClamAV ad PDF problems are STILL happening. Corruption of
>pdf files happens if i enable virus scanning through ClamAV and enable
>signing of messages.
>
>Trying it out without the signing.. lets see if that works.
>
>--
>Faraz Khan
>Busines Development Manager
>Enterprise Solutions
>Inbox Business Technologies (Pvt.) Ltd.
>111-551-551
>faraz.khan@inboxbiz.com
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From faraz.khan at inboxbiz.com  Wed Sep  8 16:25:16 2004
From: faraz.khan at inboxbiz.com (Faraz Khan)
Date: Thu Jan 12 21:26:50 2006
Subject: PDF problems with 4.33.3-1
Message-ID: <mailman.1755.1137101210.24926.mailscanner@lists.mailscanner.info>

Thanks a lot for the quick reply. I'm not signing the messages currently.
Mailscanner is great though- Freaking Outlook!!! I swear if everybody just
used Kmail life would be soooooo simple :)

Whats with quoted-printable anyways!! why why does outlook need to do that?


On Wed 8/09/'04 8:08 pm, Julian Field wrote:
> Some work on that is going on right now, and I hope to have news and a beta
> available within the next week.
>
> In the mean time, if you don't sign the messages, they should be copied
> directly from the input message with no re-encoding happening at all.
>
> At 15:31 08/09/2004, you wrote:
> >I read the lists regarding PDF issues that were happening in May 2004. I
> > am using 4.33.3-1 with ClamAV ad PDF problems are STILL happening.
> > Corruption of pdf files happens if i enable virus scanning through ClamAV
> > and enable signing of messages.
> >
> >Trying it out without the signing.. lets see if that works.
> >
> >--
> >Faraz Khan
> >Busines Development Manager
> >Enterprise Solutions
> >Inbox Business Technologies (Pvt.) Ltd.
> >111-551-551
> >faraz.khan@inboxbiz.com
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Faraz Khan
Busines Development Manager
Enterprise Solutions
Inbox Business Technologies (Pvt.) Ltd.
111-551-551
faraz.khan@inboxbiz.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Wed Sep  8 16:59:20 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1756.1137101210.24926.mailscanner@lists.mailscanner.info>

Thanks, I have been advised before to take bigevil out, so I guess I
should try that route now.  

Right now SA is catching about 98% of the spam received, it just doesn't
tag anything that is forwarded from one particular server.


Regards,

Matt Bullock
Troika Networks, Inc.
Network Administrator
805.367.2728

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Wednesday, September 08, 2004 8:01 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

Matt

don't use bigevil.cf, its absolutely huge (go on look at the size:-)

do use the surbl.org an spamcop_uri plugin which uses the same
data..which you say you are using, so take out he bigevil rules..it's
duplicating work.

I'd also look at drip feeding in the SARE rules from
www.rulesemporium.com, one at time and see how that helps.


as your original question have you looked at creating a ruleset for

Spam Checks = %rules-dir%/spam.rules



which in my case doesn't scan email the come from my LAN.


you should be able to pop in a rule that doesn't scan from this
particular host.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> Thanks for the replies, Karanbir and Ugo.
>
> I am running SA with RBL's, URI's etc. and these others:
>
> 99_FVGT_Tripwire.cf  bigevil.cf                bogus-virus-warnings.cf
> random.current.cf  spamcop_uri.cf
> antidrug.cf          bigevil.cf.20040902-0008  evilnumbers.cf
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Ugo Bellavance
> Sent: Wednesday, September 08, 2004 6:51 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
> Matt Bullock wrote:
>
>
>>I have an email address that is forwarded from another server to an 
>>email account that I host, and mail coming from this particular server
>
>
>>never triggers the spam filter.  Is there a way to have mailscanner 
>>drop a known server from the headers to allow the spam filter to work 
>>more accurately?
>
>
> What do you use for spam filtering?  That won't work if you only use 
> DNSBL.  Spamassassin should look at all the headers.
>
>
>>Regards,
>>
>>Matt Bullock
>>Network Administrator
>>Troika Networks, Inc.
>>805.367.2728
>>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
system manager.

This footnote confirms that this email message has been swept for the
presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep  8 17:13:03 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1757.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

oh sorry mis-read it.


there's how to add a domain to the ws.surbl.org list (via Bill Stearns
sa-blacklist.cf)...

http://www.stearns.org/sa-blacklist/README.submissions.html
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> Thanks, I have been advised before to take bigevil out, so I guess I
> should try that route now.
>
> Right now SA is catching about 98% of the spam received, it just doesn't
> tag anything that is forwarded from one particular server.
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Wednesday, September 08, 2004 8:01 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
> Matt
>
> don't use bigevil.cf, its absolutely huge (go on look at the size:-)
>
> do use the surbl.org an spamcop_uri plugin which uses the same
> data..which you say you are using, so take out he bigevil rules..it's
> duplicating work.
>
> I'd also look at drip feeding in the SARE rules from
> www.rulesemporium.com, one at time and see how that helps.
>
>
> as your original question have you looked at creating a ruleset for
>
> Spam Checks = %rules-dir%/spam.rules
>
>
>
> which in my case doesn't scan email the come from my LAN.
>
>
> you should be able to pop in a rule that doesn't scan from this
> particular host.
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Matt Bullock wrote:
>
>>Thanks for the replies, Karanbir and Ugo.
>>
>>I am running SA with RBL's, URI's etc. and these others:
>>
>>99_FVGT_Tripwire.cf  bigevil.cf                bogus-virus-warnings.cf
>>random.current.cf  spamcop_uri.cf
>>antidrug.cf          bigevil.cf.20040902-0008  evilnumbers.cf
>>
>>
>>Regards,
>>
>>Matt Bullock
>>Troika Networks, Inc.
>>Network Administrator
>>805.367.2728
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Ugo Bellavance
>>Sent: Wednesday, September 08, 2004 6:51 AM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Forwarded mail lets spam through
>>
>>Matt Bullock wrote:
>>
>>
>>
>>>I have an email address that is forwarded from another server to an
>>>email account that I host, and mail coming from this particular server
>>
>>
>>>never triggers the spam filter.  Is there a way to have mailscanner
>>>drop a known server from the headers to allow the spam filter to work
>>>more accurately?
>>
>>
>>What do you use for spam filtering?  That won't work if you only use
>>DNSBL.  Spamassassin should look at all the headers.
>>
>>
>>
>>>Regards,
>>>
>>>Matt Bullock
>>>Network Administrator
>>>Troika Networks, Inc.
>>>805.367.2728
>>>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this email in error please notify the
> system manager.
>
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Wed Sep  8 17:16:42 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1758.1137101210.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Bullock
> Sent: Wednesday, September 08, 2004 11:59 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>

Snip
>
> Right now SA is catching about 98% of the spam received, it just doesn't
>
> tag anything that is forwarded from one particular server.
>
Snip

Only possible explanation I can think of is that this Server is some how
white listed. What rule sets have you modified?

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Wed Sep  8 18:11:43 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:50 2006
Subject: MajorSophos
Message-ID: <mailman.1759.1137101210.24926.mailscanner@lists.mailscanner.info>

On 8 Sep 2004 at 2:39, John Rudd wrote:

> On Sep 8, 2004, at 1:59 AM, Spicer, Kevin wrote:
>
> >> MajorSophos uses mktemp for the TMPDIR initialization, but mktemp
> >> isn't
> >> very portable (at least not to Solaris 8).  Here's what I did:
> >> around line 99-101, I changed:
> >>         TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`
> >> to:
> >>          TMPDIR="/tmp/$BASE.$$"
> >>          mkdir -m 700 $TMPDIR
> >> ($$ is "unique enough", considering the directory is short-lived, and
> >> process numbers are unique)
> >
> > Process numbers may be unique but they are predictable, therefore
> > should
> > not be used for creating temporary files and directories.
> >
>
> Can you please explain the logic there?

In theory, if someone with write access to the /tmp directory can predict that root will
run a program in /tmp or even write to a file in /tmp, then he or she could substitute a
malicious program or a symlink to a real system utility or whatnot.  It sounds hard,
but I guess it happens.

mktmp solves the problem, so I used it in MajorSophos.  I didn't know that it isn't very
portable. I'll add a check for the existense of mktemp and fall back to a different
method if it isn't there.  Look for a revised version in a few days.
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Sep  8 19:01:19 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:50 2006
Subject: Block ZIP file when I configure not blocking.
Message-ID: <mailman.1760.1137101210.24926.mailscanner@lists.mailscanner.info>

Idan Plotnik wrote:
> How do I disable these messages to the recipient ? And transfer them
> to
> a specific mailbox ?
>

Hi Idan,

In MailScanner.conf, look at the "Notifications back to the blocked sender"
section for the parameters to turn off sender notification.  To send the
notices to a specific mailbox, in the "Notices to System Administrators"
section do:

Send notices = yes
Notices To = whomever@yourdomain.com

Hope this helps...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at bithose.com  Wed Sep  8 19:13:43 2004
From: mailscanner at bithose.com (Jameel Akari)
Date: Thu Jan 12 21:26:50 2006
Subject: Matching on Subject: line
Message-ID: <mailman.1761.1137101210.24926.mailscanner@lists.mailscanner.info>

I'm getting a request from my management to be able to reject outbound
mail sent through MailScanner matching a certain string the in the
Subject: field.  Ideally they'd like to bounce the message with a notice
( like "You aren't allowed to send that outside the company").

I'm not sure exactly where to start - could add it as a SpamAssassin rule
and have the message treated as _outbound_ spam (bad) or somehow get the
Mailscanner AV/content scanner to do the work as though the message was
infected with something.

Any hints?


--
#!/jameel/akari
sleep 4800;
make clean && make breakfast

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From massctrl at SKYNET.BE  Wed Sep  8 19:28:35 2004
From: massctrl at SKYNET.BE (No Name)
Date: Thu Jan 12 21:26:50 2006
Subject: Debugging info Mailscanner/spamassassin
Message-ID: <mailman.1762.1137101210.24926.mailscanner@lists.mailscanner.info>

spamassassin -D --lint -p whatever

gives me the information i need, but this is under the context of the user
(root) which invokes this command.

Is there a way to get the SAME output(somewhere written in a log) when
mailscanner invokes spamassassin? (this is done with postfix user
privileges?).

Thanks in advance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 19:39:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: Matching on Subject: line
Message-ID: <mailman.1763.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
That's what MCP is designed to do. Read
www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
and it should tell you a bit of what to do.

MCP is a special copy of SpamAssassin designed specifically for keyword
spotting and the like. You can easily configure the MCP Actions to block
the message.

At 19:13 08/09/2004, you wrote:
>I'm getting a request from my management to be able to reject outbound
>mail sent through MailScanner matching a certain string the in the
>Subject: field.  Ideally they'd like to bounce the message with a notice
>( like "You aren't allowed to send that outside the company").
>
>I'm not sure exactly where to start - could add it as a SpamAssassin rule
>and have the message treated as _outbound_ spam (bad) or somehow get the
>Mailscanner AV/content scanner to do the work as though the message was
>infected with something.
>
>Any hints?
>
>
>--
>#!/jameel/akari
>sleep 4800;
>make clean && make breakfast
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Wed Sep  8 19:47:20 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:50 2006
Subject: Debugging info Mailscanner/spamassassin
Message-ID: <mailman.1764.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, 8 Sep 2004 19:28:35 +0100, No Name <massctrl@skynet.be> wrote:
> spamassassin -D --lint -p whatever
>
> gives me the information i need, but this is under the context of the user
> (root) which invokes this command.
>
> Is there a way to get the SAME output(somewhere written in a log) when
> mailscanner invokes spamassassin? (this is done with postfix user
> privileges?).

su postfix -c 'spamassassin -D -lint -p
/etc/MailScanner/spam.assassin.prefs.conf'

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Wed Sep  8 20:25:30 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:50 2006
Subject: Matching on Subject: line
Message-ID: <mailman.1765.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jameel Akari wrote:

> I'm getting a request from my management to be able to reject outbound
> mail sent through MailScanner matching a certain string the in the
> Subject: field.  Ideally they'd like to bounce the message with a notice
> ( like "You aren't allowed to send that outside the company").
>
> I'm not sure exactly where to start - could add it as a SpamAssassin rule
> and have the message treated as _outbound_ spam (bad) or somehow get the
> Mailscanner AV/content scanner to do the work as though the message was
> infected with something.

You can use MCP to do that, or a special rule in spamassassin.

Mcp: http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/

SA: http://wiki.apache.org/spamassassin/WritingRules

>
> Any hints?
>
>
> --
> #!/jameel/akari
> sleep 4800;
> make clean && make breakfast
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Wed Sep  8 20:26:28 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1766.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 08, 2004 at 07:39:59PM +0100, Julian Field wrote:
> That's what MCP is designed to do. Read
> www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
> and it should tell you a bit of what to do.
>
> MCP is a special copy of SpamAssassin designed specifically for keyword
> spotting and the like. You can easily configure the MCP Actions to block
> the message.

Could MCP be used in reverse? I'm thinking of using it to rank mailing
list messages (not just this list) and sort them into high, mid and low
relevance/priority mboxes. It seems like this should be doable using MCP
to tag and procmail to filter based on the scores in those tags. Would
it matter much if it was used to give high scores to highly relevant
messages instead of sticking with the usual spamassassin paradigm of
high scoring being least desirable?

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  8 20:38:55 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1767.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Why would you want to do that?

I guess it would be easier to create a sort rule in your MUA or create
different mailboxes and subscribe to each mailinglist with a different
e-mail address. I use several mailboxes, especially high volume lists are
extremely annoying to have between your regular mail.

On Wed, 8 Sep 2004, Eric Dantan Rzewnicki wrote:

> On Wed, Sep 08, 2004 at 07:39:59PM +0100, Julian Field wrote:
>> That's what MCP is designed to do. Read
>> www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/
>> and it should tell you a bit of what to do.
>>
>> MCP is a special copy of SpamAssassin designed specifically for keyword
>> spotting and the like. You can easily configure the MCP Actions to block
>> the message.
>
> Could MCP be used in reverse? I'm thinking of using it to rank mailing
> list messages (not just this list) and sort them into high, mid and low
> relevance/priority mboxes. It seems like this should be doable using MCP
> to tag and procmail to filter based on the scores in those tags. Would
> it matter much if it was used to give high scores to highly relevant
> messages instead of sticking with the usual spamassassin paradigm of
> high scoring being least desirable?
>
> -Eric Rz.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 20:42:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1768.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:26 08/09/2004, you wrote:
>Could MCP be used in reverse? I'm thinking of using it to rank mailing
>list messages (not just this list) and sort them into high, mid and low
>relevance/priority mboxes. It seems like this should be doable using MCP
>to tag and procmail to filter based on the scores in those tags. Would
>it matter much if it was used to give high scores to highly relevant
>messages instead of sticking with the usual spamassassin paradigm of
>high scoring being least desirable?

Shouldn't be any problem at all. Good idea, hadn't ever thought of that.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at bithose.com  Wed Sep  8 20:55:15 2004
From: mailscanner at bithose.com (Jameel Akari)
Date: Thu Jan 12 21:26:50 2006
Subject: Matching on Subject: line
Message-ID: <mailman.1769.1137101210.24926.mailscanner@lists.mailscanner.info>

I'll experiment a bit with MCP then.  Never had occaision to use it so I
forgot that it existed. ;)

Thanks to those who replied.

--
#!/jameel/akari
sleep 4800;
make clean && make breakfast

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wright at CYBERVALE.COM  Wed Sep  8 21:14:19 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1770.1137101210.24926.mailscanner@lists.mailscanner.info>

what's the difference between:

install.rpm-fns.sh  and INSTALL-rpm.sh

install.tar-fns.sh and INSTALL-tar.sh


----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, September 06, 2004 11:57 AM
Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3


> At 16:44 06/09/2004, you wrote:
> >Is this to be used as an update tool as well or specifically for new
> >installs?
>
> Mostly just for new installs, but there's no reason it wouldn't work as an
> updater.
>
> I just wrote it because Mail::ClamAV, and particularly SpamAssassin 3,
have
> a huge list of dependencies. This makes them a real pain to install by
> hand, especially when CPAN decides it's going to update your entire Perl
> installation half way through.
>
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf
> >Of Julian Field
> >Sent: Monday, September 06, 2004 11:20 AM
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: RPM-based install package for ClamAV and SpamAssassin 3
> >
> >At 15:58 06/09/2004, you wrote:
> > >Just want to make sure will this work to upgrade a system already
> > >running MailScanner, ClamAV and Spamassassin 2.6x ?
> >
> >That's the idea, yes. If you already have ClamAV installed, then use
> >          ./INSTALL-rpm.sh --noclam
> >and it will skip that bit. It will still install the Mail::ClamAV perl
> >module for use by the "clamavmodule" scanner setting in MailScanner.conf.
> >
> > >---------- Original Message -----------
> > >From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> > >To: MAILSCANNER@JISCMAIL.AC.UK
> > >Sent: Mon, 6 Sep 2004 15:31:04 +0100
> > >Subject: RPM-based install package for ClamAV and SpamAssassin 3
> > >
> > > > I have just published a package that will install ClamAV (if you
> > > > want it to), SpamAssassin 3 and all their dependencies, so that you
> > > > can use the "clamavmodule" scanner and the latest release candidate
> > > > of SpamAssassin 3.
> > > >
> > > > This package contains all of the non-RPM package I published a few
> > > > days ago, together with an equivalent setup for RPM-based systems.
> > > >
> > > > Should help you get going nice and quickly.
> > > >
> > > > It's at
> > > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.t
> > > > ar.gz which is mentioned in the "Other stuff" bit of the downloads
> > > > page on www.mailscanner.info.
> > > >
> > > > Let me know if you have any problems with it.
> > > > I have tried it on RedHat, SuSE and Solaris systems.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Wed Sep  8 21:24:59 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1771.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 08, 2004 at 09:38:55PM +0200, Remco Barendse wrote:
> Why would you want to do that?
>
> I guess it would be easier to create a sort rule in your MUA or create
> different mailboxes and subscribe to each mailinglist with a different
> e-mail address. I use several mailboxes, especially high volume lists are
> extremely annoying to have between your regular mail.

Oh, of course that would be very annoying. I already use procmail to
filter each list to it's own box, usually based on the List-id: header
or equivalent.

My interest is in weeding out everything that isn't relevant to me. For
instance, and purely for example, if I were subscribed to an extremely
high volume list like the linux kernel mailing list I could settup MCP
rules and scores for various keywords or phrases of interest to me:
specific drivers, filesystems, netfilter changes, etc. Messages with
lots of keywords or phrases pertinent to me would score high and
messages lacking pertinence would score low. Then I could define ranges
of scores in procmailrc to get prioritized mboxes.

Julian, does the MCP SA include bayes support? If so it could be trained
to recognized the probability of pertinence. :)

-Eric Rz.

PS sorry for hi-jacking the thread ... I meant to delete the In-Reply-To
header. :-\ I'll leave it now, though, since there are already further
replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 21:44:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1772.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:24 08/09/2004, you wrote:
>On Wed, Sep 08, 2004 at 09:38:55PM +0200, Remco Barendse wrote:
> > Why would you want to do that?
> >
> > I guess it would be easier to create a sort rule in your MUA or create
> > different mailboxes and subscribe to each mailinglist with a different
> > e-mail address. I use several mailboxes, especially high volume lists are
> > extremely annoying to have between your regular mail.
>
>Oh, of course that would be very annoying. I already use procmail to
>filter each list to it's own box, usually based on the List-id: header
>or equivalent.
>
>My interest is in weeding out everything that isn't relevant to me. For
>instance, and purely for example, if I were subscribed to an extremely
>high volume list like the linux kernel mailing list I could settup MCP
>rules and scores for various keywords or phrases of interest to me:
>specific drivers, filesystems, netfilter changes, etc. Messages with
>lots of keywords or phrases pertinent to me would score high and
>messages lacking pertinence would score low. Then I could define ranges
>of scores in procmailrc to get prioritized mboxes.
>
>Julian, does the MCP SA include bayes support? If so it could be trained
>to recognized the probability of pertinence. :)

No, fraid not. But I think if you configured it correctly, you should be
able to force it to put the bayes db files in a different directory, at
which point you would be able to do it.
Just never tried it myself...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Wed Sep  8 21:51:31 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1773.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 08, 2004 at 09:44:50PM +0100, Julian Field wrote:
> At 21:24 08/09/2004, you wrote:
> >On Wed, Sep 08, 2004 at 09:38:55PM +0200, Remco Barendse wrote:
> >> Why would you want to do that?
> >> I guess it would be easier to create a sort rule in your MUA or create
> >> different mailboxes and subscribe to each mailinglist with a different
> >> e-mail address. I use several mailboxes, especially high volume lists are
> >> extremely annoying to have between your regular mail.
> >Oh, of course that would be very annoying. I already use procmail to
> >filter each list to it's own box, usually based on the List-id: header
> >or equivalent.
> >My interest is in weeding out everything that isn't relevant to me. For
> >instance, and purely for example, if I were subscribed to an extremely
> >high volume list like the linux kernel mailing list I could settup MCP
> >rules and scores for various keywords or phrases of interest to me:
> >specific drivers, filesystems, netfilter changes, etc. Messages with
> >lots of keywords or phrases pertinent to me would score high and
> >messages lacking pertinence would score low. Then I could define ranges
> >of scores in procmailrc to get prioritized mboxes.
> >Julian, does the MCP SA include bayes support? If so it could be trained
> >to recognized the probability of pertinence. :)
> No, fraid not. But I think if you configured it correctly, you should be
> able to force it to put the bayes db files in a different directory, at
> which point you would be able to do it.
> Just never tried it myself...

Ok, thanks. This is just food-for-thought. I'll try it out on my home
system once I get it running, hopefully within the next month.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  8 21:55:11 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1774.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 8 Sep 2004, Julian Field wrote:

> At 21:24 08/09/2004, you wrote:
>> On Wed, Sep 08, 2004 at 09:38:55PM +0200, Remco Barendse wrote:
>>> Why would you want to do that?
>>>
>>> I guess it would be easier to create a sort rule in your MUA or create
>>> different mailboxes and subscribe to each mailinglist with a different
>>> e-mail address. I use several mailboxes, especially high volume lists are
>>> extremely annoying to have between your regular mail.
>>
>> Oh, of course that would be very annoying. I already use procmail to
>> filter each list to it's own box, usually based on the List-id: header
>> or equivalent.
>>
>> My interest is in weeding out everything that isn't relevant to me. For
>> instance, and purely for example, if I were subscribed to an extremely
>> high volume list like the linux kernel mailing list I could settup MCP
>> rules and scores for various keywords or phrases of interest to me:
>> specific drivers, filesystems, netfilter changes, etc. Messages with
>> lots of keywords or phrases pertinent to me would score high and
>> messages lacking pertinence would score low. Then I could define ranges
>> of scores in procmailrc to get prioritized mboxes.
>>
>> Julian, does the MCP SA include bayes support? If so it could be trained
>> to recognized the probability of pertinence. :)
>
> No, fraid not. But I think if you configured it correctly, you should be
> able to force it to put the bayes db files in a different directory, at
> which point you would be able to do it.
> Just never tried it myself...

Would bayes be the suitable tool for that? If you are interested in
kernel+scsi stuff this month but next month you decide that sata stuff is
more interesting you end up with mails about scsi stuff stil scoring high.

I very much like the idea of this but guess that statically assigned rules
will be better? Unless your favourite topics never change ofcourse. :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Wed Sep  8 22:04:44 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:50 2006
Subject: reverse MCP
Message-ID: <mailman.1775.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 08, 2004 at 10:55:11PM +0200, Remco Barendse wrote:
> On Wed, 8 Sep 2004, Julian Field wrote:
> >At 21:24 08/09/2004, you wrote:
> >>On Wed, Sep 08, 2004 at 09:38:55PM +0200, Remco Barendse wrote:
> >>>Why would you want to do that?
>
> Would bayes be the suitable tool for that? If you are interested in
> kernel+scsi stuff this month but next month you decide that sata stuff is
> more interesting you end up with mails about scsi stuff stil scoring high.

That's true, I guess. Hadn't considered that. Good point.

> I very much like the idea of this but guess that statically assigned rules
> will be better? Unless your favourite topics never change ofcourse. :)

Well, I guess over time with training, you would sort of be punished for
your changing interests by a lag in bayes response. :) probably static
rules would be best, as you suggest.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep  8 22:35:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1776.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:14 08/09/2004, you wrote:
>what's the difference between:
>
>install.rpm-fns.sh  and INSTALL-rpm.sh

INSTALL-rpm.sh is designed for RPM-based installations and consists solely
of RPM packages.

>install.tar-fns.sh and INSTALL-tar.sh

INSTALL-tar.sh is designed for non-RPM systems and builds everything from
source, not using RPMs at all.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Wed Sep  8 22:42:31 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1777.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 08, 2004 at 10:35:50PM +0100, Julian Field wrote:
> At 21:14 08/09/2004, you wrote:
> >what's the difference between:
> >install.rpm-fns.sh  and INSTALL-rpm.sh
> INSTALL-rpm.sh is designed for RPM-based installations and consists solely
> of RPM packages.
> >install.tar-fns.sh and INSTALL-tar.sh
> INSTALL-tar.sh is designed for non-RPM systems and builds everything from
> source, not using RPMs at all.

but, I think the OP was asking what's the difference between the -fns
versions and the others.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  8 22:43:11 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1778.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 8 Sep 2004, Julian Field wrote:

> At 21:14 08/09/2004, you wrote:
>> what's the difference between:
>>
>> install.rpm-fns.sh  and INSTALL-rpm.sh
>
> INSTALL-rpm.sh is designed for RPM-based installations and consists solely
> of RPM packages.
>
>> install.tar-fns.sh and INSTALL-tar.sh
>
> INSTALL-tar.sh is designed for non-RPM systems and builds everything from
> source, not using RPMs at all.

Is there any way of verifying that the packages from tarball did / did not
install correctly and to see which version nrs. are installed?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From m.althoff at BROMBERG.XS4ALL.NL  Wed Sep  8 22:47:00 2004
From: m.althoff at BROMBERG.XS4ALL.NL (Matthijs Althoff)
Date: Thu Jan 12 21:26:50 2006
Subject: install postfix
Message-ID: <mailman.1779.1137101210.24926.mailscanner@lists.mailscanner.info>

On Sun, 5 Sep 2004 18:48:35 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

First of all thank you for having a look at my configuration. Nothing seems
strange that makes it even complexer.

>chkconfig sendmail off
>service sendmail stop
>chkconfig MailScanner on
>service MailScanner start
>haven't you? I just want to ensure that your original sendmail processes
>aren't also running the queues...

This is something I start after I install a new mailscanner version.I have
done a clean postfix installation without mailscanner and even then this
happends from time to time. So I returned to sendmail with mailscanner.
Strange is if I use the webmail client from my provider and write a message
to a email address which is handled by bsmtp. I can see it going wrong,
instead of seeing the message being send the message gets stuck in the
inbox from the providers webmail client and while taking a look
at /var/spool/user I see the double mesage. After doing a service
mailscanner restart the problems is sometimes) solved for a little while.
I'm not 100% sure yet but if I send a message right after doing a service
mailscanner restart it may double up I will have to take a closer look into
this.  Strange enough neather of the users who receive there email from a
pop3 server by fetchmail seem to have this problem. The same goes for a
message send from my workstation handled by my mta and returned, neather
seems to double up.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep  8 22:50:03 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1780.1137101210.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-08 at 23:43 +0200, Remco Barendse wrote:
> Is there any way of verifying that the packages from tarball did / did not
> install correctly and to see which version nrs. are installed?

MailScanner -v
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep  8 23:05:18 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1781.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 8 Sep 2004, Michele Neylon : Blacknight Solutions wrote:

> On Wed, 2004-09-08 at 23:43 +0200, Remco Barendse wrote:
>> Is there any way of verifying that the packages from tarball did / did not
>> install correctly and to see which version nrs. are installed?
>
> MailScanner -v

Thanks! Still useful but not what I needed.

I am trying to solve all the dependencies for SpamAss 3 and having major
trouble with it.

How can I check which versions of the perl modules in the
install-Clam-SA.tar.gz are installed?

The perl modules from this archive do not show up when doing MailScanner
-v

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mbullock at TROIKANETWORKS.COM  Wed Sep  8 23:53:20 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1782.1137101210.24926.mailscanner@lists.mailscanner.info>

The server isnt whitelisted, and the spam coming through are usually
tagged with a couple points, but not enough to trigger anything.  I just
forwarded one of the emails through the server and it was marked as
spam.


Regards,

Matt Bullock
Troika Networks, Inc.
Network Administrator
805.367.2728

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Steve Swaney
Sent: Wednesday, September 08, 2004 9:17 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On 
> Behalf Of Matt Bullock
> Sent: Wednesday, September 08, 2004 11:59 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>

Snip
>
> Right now SA is catching about 98% of the spam received, it just 
> doesn't
>
> tag anything that is forwarded from one particular server.
>
Snip

Only possible explanation I can think of is that this Server is some how
white listed. What rule sets have you modified?

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Thu Sep  9 06:50:58 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1783.1137101210.24926.mailscanner@lists.mailscanner.info>

Maybe it's just our site, but was there a reason Windows Media files were left
out when Quicktime/MPEG/etc were included for denial?

For the archives, here's what we have in our (modified) rules:

<<< filename.rules.conf >>>
# Deny Windows Media etc
deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media Files
deny  \.w[av]x      Windows Media Format    No Windows media metafile links
deny  \.as[fx]      Windows Media Format    We don't allow Windows Media Files

<<< filetype.rules.conf >>>
deny  ASF           No Windows Media        No Windows Media files allowed

As always, fields are separated by *TABS*.

After files have been modified, restart MailScanner.  Voila - bye-bye Windows
media :)  BTW, I realise I could probably write a nice funky regex to combine
all the various incantations of wma/wmd/.../wvx but I figured three rules
wouldn't drastically hit the performance.

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Thu Sep  9 08:12:50 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1784.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have received such a mail this morning

I am block all chinese stuff based on language encoding, still a forward
slipped through this morning. Micro$loth OutLook did show Chinese encoding
for the e-mail but spamass only reported undesirable language for the mail
header not the body.

The mail was screwed up however, it was all garbled with visible html
garbage

Weird stuff...

On Wed, 8 Sep 2004, Matt Bullock wrote:

> The server isnt whitelisted, and the spam coming through are usually
> tagged with a couple points, but not enough to trigger anything.  I just
> forwarded one of the emails through the server and it was marked as
> spam.
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Swaney
> Sent: Wednesday, September 08, 2004 9:17 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Matt Bullock
>> Sent: Wednesday, September 08, 2004 11:59 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Forwarded mail lets spam through
>>
>
> Snip
>>
>> Right now SA is catching about 98% of the spam received, it just
>> doesn't
>>
>> tag anything that is forwarded from one particular server.
>>
> Snip
>
> Only possible explanation I can think of is that this Server is some how
> white listed. What rule sets have you modified?
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney@fsl.com
>
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep  9 08:18:04 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1785.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks for the heads up! I completely forgot to block those too.

Shouldn't there be a $ at the end of the \.wm[adsvz]$ stuff however?

Cheers!
Remco

On Thu, 9 Sep 2004, James Gray wrote:

> Maybe it's just our site, but was there a reason Windows Media files were left
> out when Quicktime/MPEG/etc were included for denial?
>
> For the archives, here's what we have in our (modified) rules:
>
> <<< filename.rules.conf >>>
> # Deny Windows Media etc
> deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media Files
> deny  \.w[av]x      Windows Media Format    No Windows media metafile links
> deny  \.as[fx]      Windows Media Format    We don't allow Windows Media Files
>
> <<< filetype.rules.conf >>>
> deny  ASF           No Windows Media        No Windows Media files allowed
>
> As always, fields are separated by *TABS*.
>
> After files have been modified, restart MailScanner.  Voila - bye-bye Windows
> media :)  BTW, I realise I could probably write a nice funky regex to combine
> all the various incantations of wma/wmd/.../wvx but I figured three rules
> wouldn't drastically hit the performance.
>
> Cheers,
>
> James
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 08:28:41 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1786.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 23:05 08/09/2004, you wrote:
>How can I check which versions of the perl modules in the
>install-Clam-SA.tar.gz are installed?

perl -Mmodule::name -e 'print $module::name::VERSION'
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  9 09:37:07 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:50 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1787.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

have you got the full raw email that you can post on a web/ftp site???

We can then run it through our systems to see what rules it fires and
give scores?

It could be a specific rule is needed to catch this stuff and one of us
may have it already installed.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> The server isnt whitelisted, and the spam coming through are usually
> tagged with a couple points, but not enough to trigger anything.  I just
> forwarded one of the emails through the server and it was marked as
> spam.
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Swaney
> Sent: Wednesday, September 08, 2004 9:17 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Matt Bullock
>>Sent: Wednesday, September 08, 2004 11:59 AM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Forwarded mail lets spam through
>>
>
>
> Snip
>
>>Right now SA is catching about 98% of the spam received, it just
>>doesn't
>>
>>tag anything that is forwarded from one particular server.
>>
>
> Snip
>
> Only possible explanation I can think of is that this Server is some how
> white listed. What rule sets have you modified?
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney@fsl.com
>
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james at GRAYONLINE.ID.AU  Thu Sep  9 10:25:52 2004
From: james at GRAYONLINE.ID.AU (James Gray)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1788.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 05:18 pm, Remco Barendse wrote:
> Thanks for the heads up! I completely forgot to block those too.
>
> Shouldn't there be a $ at the end of the \.wm[adsvz]$ stuff however?
>
> Cheers!
> Remco

Hmmm - NFI. The rules we have seem to be working :-/  Julian, any input on
this one?

James
--
I gave up Smoking, Drinking and Sex.  It was the most *horrifying* 20
minutes of my life!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james at grayonline.id.au  Thu Sep  9 10:30:34 2004
From: james at grayonline.id.au (James Gray)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1789.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 05:18 pm, Remco Barendse wrote:
> Thanks for the heads up! I completely forgot to block those too.
>
> Shouldn't there be a $ at the end of the \.wm[adsvz]$ stuff however?
>
> Cheers!
> Remco

Brain fart - the trailing "$" anchors the string so that it's the end.  IOW:

\.wma  will match "foo.wma" and "bar.wmaybe" as well, BUT
\.wma$ will match "foo.wma" but NOT "bar.maybe", because it's anchored.

See this is what a second shiraz will do to your brain when consumed
10minutes after the first! :P

James
--
I fell asleep reading a dull book, and I dreamt that I was reading on,
so I woke up from sheer boredom.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  9 10:37:07 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:50 2006
Subject: razor servers
Message-ID: <mailman.1790.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
All

 From memory some people where reporting issues with timeouts on SA.

There was conversion on the sa-users list last night (around midnight
GMT) that some of the razor servers where down, but now seems to be fixed

I dunno if people who experienced problems on SA timeouts are now seeing
  things working again, but this may have been the cause...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 11:29:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1791.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:18 09/09/2004, you wrote:
>On Thu, 9 Sep 2004, James Gray wrote:
>
>>Maybe it's just our site, but was there a reason Windows Media files were
>>left
>>out when Quicktime/MPEG/etc were included for denial?
>>
>>For the archives, here's what we have in our (modified) rules:
>>
>><<< filename.rules.conf >>>
>># Deny Windows Media etc
>>deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
>>Files
>>deny  \.w[av]x      Windows Media Format    No Windows media metafile links
>>deny  \.as[fx]      Windows Media Format    We don't allow Windows Media
>>Files
>>
>><<< filetype.rules.conf >>>
>>deny  ASF           No Windows Media        No Windows Media files allowed

I have added the filetype.rules.conf one, but not the filename.rules.conf
ones. I don't want my standard ruleset to be too restrictive. Only a very
small percentage of you ever edit the files at all, and I don't want to
annoy everybody more than I have to.
Do we really need to ban all media files at all? Banning the movies is
probably good as they tend to be huge and illegal/worthless. But all the
audio files as well?

Also, does anyone know of any attacks done involving media metafile links?
Hopefully these are small and harmless.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep  9 13:01:07 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1792.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Some time ago a friend of mine send me some .wma files that contained
scripts. The wma file started IE and opened some website.

I guess that would qualify it as dangerous :)

On Thu, 9 Sep 2004, Julian Field wrote:

> At 08:18 09/09/2004, you wrote:
>> On Thu, 9 Sep 2004, James Gray wrote:
>>
>>> Maybe it's just our site, but was there a reason Windows Media files were
>>> left
>>> out when Quicktime/MPEG/etc were included for denial?
>>>
>>> For the archives, here's what we have in our (modified) rules:
>>>
>>> <<< filename.rules.conf >>>
>>> # Deny Windows Media etc
>>> deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
>>> Files
>>> deny  \.w[av]x      Windows Media Format    No Windows media metafile
>>> links
>>> deny  \.as[fx]      Windows Media Format    We don't allow Windows Media
>>> Files
>>>
>>> <<< filetype.rules.conf >>>
>>> deny  ASF           No Windows Media        No Windows Media files allowed
>
> I have added the filetype.rules.conf one, but not the filename.rules.conf
> ones. I don't want my standard ruleset to be too restrictive. Only a very
> small percentage of you ever edit the files at all, and I don't want to
> annoy everybody more than I have to.
> Do we really need to ban all media files at all? Banning the movies is
> probably good as they tend to be huge and illegal/worthless. But all the
> audio files as well?
>
> Also, does anyone know of any attacks done involving media metafile links?
> Hopefully these are small and harmless.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at ocs.com  Thu Sep  9 13:08:01 2004
From: james_gray at ocs.com (James Gray)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1793.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 08:29 pm, Julian Field wrote:
> At 08:18 09/09/2004, you wrote:
> >On Thu, 9 Sep 2004, James Gray wrote:
> >>Maybe it's just our site, but was there a reason Windows Media files were
> >>left
> >>out when Quicktime/MPEG/etc were included for denial?
> >>
> >>For the archives, here's what we have in our (modified) rules:
> >>
> >><<< filename.rules.conf >>>
> >># Deny Windows Media etc
> >>deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
> >>Files
> >>deny  \.w[av]x      Windows Media Format    No Windows media metafile
> >> links deny  \.as[fx]      Windows Media Format    We don't allow Windows
> >> Media Files
> >>
> >><<< filetype.rules.conf >>>
> >>deny  ASF           No Windows Media        No Windows Media files
> >> allowed
>
> I have added the filetype.rules.conf one, but not the filename.rules.conf
> ones. I don't want my standard ruleset to be too restrictive. Only a very
> small percentage of you ever edit the files at all, and I don't want to
> annoy everybody more than I have to.
> Do we really need to ban all media files at all? Banning the movies is
> probably good as they tend to be huge and illegal/worthless. But all the
> audio files as well?
>
> Also, does anyone know of any attacks done involving media metafile links?
> Hopefully these are small and harmless.
> --
> Julian Field

We block all media files (audio/video) mainly due to the many security holes 
in Windows and as a secondary reason, the acceptable use policy.  I'm not 
aware of any "in the wild" attacks using metafile links, but given 
Microsoft's track record with their "zone aware" components (IE, Outlook, OE, 
Windows Media PLayer etc), we don't take chances either.  Every other day 
someone posts sample exploit code to break the zone-based security features 
in Windows to Bugtraq! It really is like shooting fish in a barrel :P

I agree with your sentiments though; best not to make things too restrictive 
by default.  At least my original message will be in the archives for anyone 
who wants to know to lock things down tighter than the default.

FWIW, the string "ASF" only occurs once in all the magic files I've parsed 
(Solaris 9, FreeBSD and Linux) and in all cases specifically identifies 
Windows Media - I doubt it would score any false positives from the filetype 
rules using that string.

Regards,

James

From james_gray at OCS.COM  Thu Sep  9 13:08:01 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1794.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 08:29 pm, Julian Field wrote:
> At 08:18 09/09/2004, you wrote:
> >On Thu, 9 Sep 2004, James Gray wrote:
> >>Maybe it's just our site, but was there a reason Windows Media files were
> >>left
> >>out when Quicktime/MPEG/etc were included for denial?
> >>
> >>For the archives, here's what we have in our (modified) rules:
> >>
> >><<< filename.rules.conf >>>
> >># Deny Windows Media etc
> >>deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
> >>Files
> >>deny  \.w[av]x      Windows Media Format    No Windows media metafile
> >> links deny  \.as[fx]      Windows Media Format    We don't allow Windows
> >> Media Files
> >>
> >><<< filetype.rules.conf >>>
> >>deny  ASF           No Windows Media        No Windows Media files
> >> allowed
>
> I have added the filetype.rules.conf one, but not the filename.rules.conf
> ones. I don't want my standard ruleset to be too restrictive. Only a very
> small percentage of you ever edit the files at all, and I don't want to
> annoy everybody more than I have to.
> Do we really need to ban all media files at all? Banning the movies is
> probably good as they tend to be huge and illegal/worthless. But all the
> audio files as well?
>
> Also, does anyone know of any attacks done involving media metafile links?
> Hopefully these are small and harmless.
> --
> Julian Field

We block all media files (audio/video) mainly due to the many security holes
in Windows and as a secondary reason, the acceptable use policy.  I'm not
aware of any "in the wild" attacks using metafile links, but given
Microsoft's track record with their "zone aware" components (IE, Outlook, OE,
Windows Media PLayer etc), we don't take chances either.  Every other day
someone posts sample exploit code to break the zone-based security features
in Windows to Bugtraq! It really is like shooting fish in a barrel :P

I agree with your sentiments though; best not to make things too restrictive
by default.  At least my original message will be in the archives for anyone
who wants to know to lock things down tighter than the default.

FWIW, the string "ASF" only occurs once in all the magic files I've parsed
(Solaris 9, FreeBSD and Linux) and in all cases specifically identifies
Windows Media - I doubt it would score any false positives from the filetype
rules using that string.

Regards,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wright at CYBERVALE.COM  Thu Sep  9 13:15:26 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:26:50 2006
Subject: Fw: Install-ClamAV-SA3 failed
Message-ID: <mailman.1795.1137101210.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 
I sent this yesterday but I don't see it on list.
----- Original Message ----- From: Terran Wright
To: MailScanner mailing list
Sent: Wednesday, September 08, 2004 6:10 PM
Subject: Install-ClamAV-SA3 failed

Hey Guys,
 
I'm preparing a box to be used as a mail gateway. I've installed redHat
9, postfix-2.1.4, MailScanner-4.33.3-1 all were working fine. Then I
tried the Install-Clam-SA by doing './INSTALL-rpm.sh' and got the error
below:
 
 
Starting "make" Stage
make[1]: Entering directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.8.0/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
ClamAV.xsc ClamAV.c
gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/include
-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -march=i386 -mcpu=i686
-g   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"   ClamAV.c
ClamAV.xs:11:20: clamav.h: No such file or directory
ClamAV.xs:19: field `limits' has incomplete type
ClamAV.xs:20: field `st' has incomplete type
ClamAV.xs:24: confused by earlier errors, bailing out
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
 
 
 
A problem was encountered while attempting to compile and install your
Inline
C code. The command that failed was:
  make
 
The build directory was:
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV
 
To debug the problem, cd to the build directory, and inspect the output
files.
 
 at /usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line
159
BEGIN failed--compilation aborted at
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 447.
Compilation failed in require.
BEGIN failed--compilation aborted.
make: *** [ClamAV.inl] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.73585 (%build)
 

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.73585 (%build)
 
 
 
Missing file
/usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.
Maybe it did not build correctly?
*
* This Could Be A Problem. Press Ctrl-S Now!!
 
what should I look for in the build directory? I have also attached the
output of the installation from as far back as the session would allow.
 
 
 
MailScanner -v output:
 
This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.33.3
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
2.12    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
missing Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV
missing Net::DNS
 
 
So as to not include too much info let me await a reply.
 
Any deas where the problem lies?
 
Thanks Guys
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/PLAIN (Name: "install-Clam-SA-output.txt")  299 lines. ]
    [ Unable to print this part. ]


From tonioli at K2SISTEMAS.COM.BR  Thu Sep  9 15:17:34 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:50 2006
Subject: Fw: Install-ClamAV-SA3 failed
Message-ID: <mailman.1796.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=369271614-09092004><FONT face=Arial color=#0000ff size=2>You 
need to install clamav-devel</FONT></SPAN></DIV>
<DIV><SPAN class=369271614-09092004></SPAN><FONT face=Tahoma><FONT size=2><SPAN 
class=369271614-09092004><FONT face=Arial 
color=#0000ff></FONT></SPAN></FONT></FONT>&nbsp;</DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN class=369271614-09092004><FONT 
face=Arial color=#0000ff>Felipe Tonioli</FONT>&nbsp;</SPAN></FONT></FONT></DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN 
class=369271614-09092004></SPAN></FONT></FONT>&nbsp;</DIV>
<DIV><FONT face=Tahoma><FONT size=2><SPAN 
class=369271614-09092004>&nbsp;</SPAN>-----Original Message-----<BR><B>From:</B> 
MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]<B>On Behalf Of 
</B>Terran Wright<BR><B>Sent:</B> Thursday, September 09, 2004 9:15 
AM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> [MAILSCANNER] Fw: 
Install-ClamAV-SA3 failed<BR><BR></DIV></FONT></FONT>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid">
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I sent this yesterday but I don't see it on 
  list.</FONT></DIV>
  <DIV style="FONT: 10pt arial">----- Original Message ----- 
  <DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A 
  title=wright@cybervale.com href="mailto:wright@cybervale.com">Terran 
  Wright</A> </DIV>
  <DIV><B>To:</B> <A title=MAILSCANNER@JISCMAIL.AC.UK 
  href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MailScanner mailing list</A> </DIV>
  <DIV><B>Sent:</B> Wednesday, September 08, 2004 6:10 PM</DIV>
  <DIV><B>Subject:</B> Install-ClamAV-SA3 failed</DIV></DIV>
  <DIV><BR></DIV>
  <DIV><FONT face=Arial size=2>
  <DIV><FONT face=Arial size=2>Hey Guys,</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I'm preparing a box to be used as a mail gateway. 
  I've installed redHat 9, postfix-2.1.4, MailScanner-4.33.3-1 all were working 
  fine. Then I tried the Install-Clam-SA by doing './INSTALL-rpm.sh' and got the 
  error below:</FONT></DIV>
  <DIV></FONT><FONT face=Arial size=2></FONT>&nbsp;</DIV></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Starting "make" Stage<BR>make[1]: Entering 
  directory 
  `/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'<BR>/usr/bin/perl 
  /usr/lib/perl5/5.8.0/ExtUtils/xsubpp&nbsp; -typemap 
  /usr/lib/perl5/5.8.0/ExtUtils/typemap&nbsp;&nbsp; ClamAV.xs &gt; ClamAV.xsc 
  &amp;&amp; mv ClamAV.xsc ClamAV.c<BR>gcc -c&nbsp; 
  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/include -D_REENTRANT 
  -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing 
  -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
  -I/usr/include/gdbm -O2 -march=i386 -mcpu=i686 -g&nbsp;&nbsp; 
  -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC 
  "-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"&nbsp;&nbsp; 
  ClamAV.c<BR>ClamAV.xs:11:20: clamav.h: No such file or 
  directory<BR>ClamAV.xs:19: field `limits' has incomplete type<BR>ClamAV.xs:20: 
  field `st' has incomplete type<BR>ClamAV.xs:24: confused by earlier errors, 
  bailing out<BR>make[1]: *** [ClamAV.o] Error 1<BR>make[1]: Leaving directory 
  `/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>A problem was encountered while attempting to 
  compile and install your Inline<BR>C code. The command that failed 
  was:<BR>&nbsp; make</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>The build directory 
  was:<BR>/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>To debug the problem, cd to the build directory, 
  and inspect the output files.</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>&nbsp;at 
  /usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 
  159<BR>BEGIN failed--compilation aborted at 
  /usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 
  447.<BR>Compilation failed in require.<BR>BEGIN failed--compilation 
  aborted.<BR>make: *** [ClamAV.inl] Error 2<BR>error: Bad exit status from 
  /var/tmp/rpm-tmp.73585 (%build)</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV><FONT face=Arial size=2>
  <DIV><BR>RPM build errors:<BR>&nbsp;&nbsp;&nbsp; Bad exit status from 
  /var/tmp/rpm-tmp.73585 (%build)</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Missing file 
  /usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.<BR>Maybe it 
  did not build correctly?<BR>*<BR>* This Could Be A Problem. Press Ctrl-S 
  Now!!<BR></DIV>
  <DIV>&nbsp;</DIV>
  <DIV>what should I look for in the build directory? I have also attached the 
  output of the installation from as far back as the session would allow.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>MailScanner -v output:</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>This is Red Hat Linux release 9 (Shrike)<BR>This is Perl version 5.008000 
  (5.8.0)<BR>This is MailScanner version 4.33.3<BR>Module versions 
  are:<BR>1.00&nbsp;&nbsp;&nbsp; AnyDBM_File<BR>1.13&nbsp;&nbsp;&nbsp; 
  Archive::Zip<BR>1.01&nbsp;&nbsp;&nbsp; Carp<BR>1.119&nbsp;&nbsp; 
  Convert::BinHex<BR>1.00&nbsp;&nbsp;&nbsp; DirHandle<BR>1.04&nbsp;&nbsp;&nbsp; 
  Fcntl<BR>2.71&nbsp;&nbsp;&nbsp; File::Basename<BR>2.05&nbsp;&nbsp;&nbsp; 
  File::Copy<BR>2.01&nbsp;&nbsp;&nbsp; FileHandle<BR>1.05&nbsp;&nbsp;&nbsp; 
  File::Path<BR>0.13&nbsp;&nbsp;&nbsp; File::Temp<BR>1.23&nbsp;&nbsp;&nbsp; 
  HTML::Entities<BR>3.26&nbsp;&nbsp;&nbsp; 
  HTML::Parser<BR>2.24&nbsp;&nbsp;&nbsp; 
  HTML::TokeParser<BR>1.20&nbsp;&nbsp;&nbsp; IO<BR>1.09&nbsp;&nbsp;&nbsp; 
  IO::File<BR>1.122&nbsp;&nbsp; IO::Pipe<BR>2.12&nbsp;&nbsp;&nbsp; 
  MIME::Base64<BR>5.403&nbsp;&nbsp; MIME::Decoder<BR>5.403&nbsp;&nbsp; 
  MIME::Decoder::UU<BR>5.403&nbsp;&nbsp; MIME::Head<BR>5.406&nbsp;&nbsp; 
  MIME::Parser<BR>5.411&nbsp;&nbsp; MIME::Tools<BR>0.09&nbsp;&nbsp;&nbsp; 
  Net::CIDR<BR>1.05&nbsp;&nbsp;&nbsp; POSIX<BR>1.75&nbsp;&nbsp;&nbsp; 
  Socket<BR>0.03&nbsp;&nbsp;&nbsp; Sys::Syslog<BR>1.02&nbsp;&nbsp;&nbsp; 
  Time::localtime<BR>Optional module versions are:<BR>missing 
  Mail::SpamAssassin<BR>missing Net::LDAP<BR>missing SAVI<BR>missing 
  Mail::ClamAV<BR>missing Net::DNS<BR></DIV>
  <DIV>&nbsp;</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>So as to not include too much info let me await a reply.</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Any deas where the problem lies?</DIV>
  <DIV>&nbsp;</DIV>
  <DIV>Thanks Guys</DIV></FONT>------------------------ MailScanner list 
  ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ree at THUNDERSTAR.NET  Thu Sep  9 15:19:34 2004
From: ree at THUNDERSTAR.NET (Ron E.)
Date: Thu Jan 12 21:26:50 2006
Subject: MCP Checks
Message-ID: <mailman.1797.1137101210.24926.mailscanner@lists.mailscanner.info>

Dear All,

I've recently upgraded to the latest stable MailScanner and I've disabled
MCP checks and yet I am getting entries in the maillog like these:

MCP Checks completed at xxxxx bytes per second

Anyone know if this indicates MCP checks are actually happening anyway?

When I first put this machine online it was having trouble keeping up so
I'm interested in disabling anything I don't need at the moment.

Regards,

Ron

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From EGTSWNZXKEEC at SPAMMOTEL.COM  Thu Sep  9 15:49:33 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:50 2006
Subject: Razor Servers - Connection refused
Message-ID: <mailman.1798.1137101210.24926.mailscanner@lists.mailscanner.info>

When checking Razor with razor-check -d I see that the connection
is refused from all razor servers. Do others have similar problems ?

Thank's
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Thu Sep  9 16:13:21 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1799.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

   Could you post your revised file to the list, so we can put the
"Julian approved" rules into action now?

Jeff Earickson

On Thu, 9 Sep 2004, Remco Barendse wrote:

> Date: Thu, 9 Sep 2004 14:01:07 +0200
> From: Remco Barendse <mailscanner@BARENDSE.TO>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Suggested addition to default filename and filetype rules
>
> Some time ago a friend of mine send me some .wma files that contained
> scripts. The wma file started IE and opened some website.
>
> I guess that would qualify it as dangerous :)
>
> On Thu, 9 Sep 2004, Julian Field wrote:
>
>> At 08:18 09/09/2004, you wrote:
>>> On Thu, 9 Sep 2004, James Gray wrote:
>>>
>>>> Maybe it's just our site, but was there a reason Windows Media files were
>>>> left
>>>> out when Quicktime/MPEG/etc were included for denial?
>>>>
>>>> For the archives, here's what we have in our (modified) rules:
>>>>
>>>> <<< filename.rules.conf >>>
>>>> # Deny Windows Media etc
>>>> deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
>>>> Files
>>>> deny  \.w[av]x      Windows Media Format    No Windows media metafile
>>>> links
>>>> deny  \.as[fx]      Windows Media Format    We don't allow Windows Media
>>>> Files
>>>>
>>>> <<< filetype.rules.conf >>>
>>>> deny  ASF           No Windows Media        No Windows Media files
>>>> allowed
>>
>> I have added the filetype.rules.conf one, but not the filename.rules.conf
>> ones. I don't want my standard ruleset to be too restrictive. Only a very
>> small percentage of you ever edit the files at all, and I don't want to
>> annoy everybody more than I have to.
>> Do we really need to ban all media files at all? Banning the movies is
>> probably good as they tend to be huge and illegal/worthless. But all the
>> audio files as well?
>>
>> Also, does anyone know of any attacks done involving media metafile links?
>> Hopefully these are small and harmless.
>> --
>> Julian Field
>> www.MailScanner.info
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep  9 16:17:12 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:50 2006
Subject: Razor Servers - Connection refused
Message-ID: <mailman.1800.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Frank

see my earlier email - should have been sorted, info from the sa-users
list..

http://issues.apache.org/eyebrowse/BrowseList?listName=users@spamassassin.apache.org&by=thread&from=879573


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Frank wrote:
> When checking Razor with razor-check -d I see that the connection
> is refused from all razor servers. Do others have similar problems ?
>
> Thank's
> Frank.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hburbano at NOVADEVICES.COM  Thu Sep  9 16:24:41 2004
From: hburbano at NOVADEVICES.COM (Henry Burbano)
Date: Thu Jan 12 21:26:50 2006
Subject: test virus problem
Message-ID: <mailman.1801.1137101210.24926.mailscanner@lists.mailscanner.info>

Hello,
I tested my server with www.testvirus.org, I have problems with test#23,
maybe I need to configure something else in my configuration files.

Test#23 is:

This test message contains: Test #23: Eicar virus within zip file hidden
using the "Empty MIME Boundary Vulnerability" (attachment can be opened by
all versions of Microsoft Outlook and Outlook Express)

All advices or clues are welcome....

Thanks


*******************************************
This message has been scanned for viruses and
dangerous content by Kypus Server Appliance E-Mail
Protection Service, and is believed to be clean.
*******************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Thu Sep  9 16:27:47 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:50 2006
Subject: Suggested addition to default filename and filetype rules
Message-ID: <mailman.1802.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Thu, 9 Sep 2004, Julian Field wrote:

> At 08:18 09/09/2004, you wrote:
>> On Thu, 9 Sep 2004, James Gray wrote:
>>
>>> Maybe it's just our site, but was there a reason Windows Media files were
>>> left
>>> out when Quicktime/MPEG/etc were included for denial?
>>>
>>> For the archives, here's what we have in our (modified) rules:
>>>
>>> <<< filename.rules.conf >>>
>>> # Deny Windows Media etc
>>> deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
>>> Files
>>> deny  \.w[av]x      Windows Media Format    No Windows media metafile
>>> links
>>> deny  \.as[fx]      Windows Media Format    We don't allow Windows Media
>>> Files
>>>
>>> <<< filetype.rules.conf >>>
>>> deny  ASF           No Windows Media        No Windows Media files allowed
>
> I have added the filetype.rules.conf one, but not the filename.rules.conf
> ones. I don't want my standard ruleset to be too restrictive. Only a very
> small percentage of you ever edit the files at all, and I don't want to
> annoy everybody more than I have to.
> Do we really need to ban all media files at all? Banning the movies is
> probably good as they tend to be huge and illegal/worthless. But all the
> audio files as well?
>
> Also, does anyone know of any attacks done involving media metafile links?
> Hopefully these are small and harmless.

Why not include them in the file but comment them out by default?

I don't want people in our domain to send/receive such files anyway but it
is helpful as a reminder :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 16:29:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: MCP Checks
Message-ID: <mailman.1803.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The MCP checks are not working as you have disabled them. It just happens
to still output a bit of the logging info. Don't worry about it.

At 15:19 09/09/2004, you wrote:
>Dear All,
>
>I've recently upgraded to the latest stable MailScanner and I've disabled
>MCP checks and yet I am getting entries in the maillog like these:
>
>MCP Checks completed at xxxxx bytes per second
>
>Anyone know if this indicates MCP checks are actually happening anyway?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From worker at MOMPOPMEDIA.COM  Thu Sep  9 16:41:09 2004
From: worker at MOMPOPMEDIA.COM (Michael Caplan)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1804.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

I'm pretty new to MailScanner and its wonderful ways.  I hope this
question is not a tired one:

I need to configure MailScanner so that it will check the contents of
all archives against filename.rules.conf (as it does by default), except
I need to make an exception for zip file contents.  In
filename.rules.conf I have .exe files banned.  I want to allow them to
pass in .zip files, provided that they pass my virus scanner (ClamAV).
For the time being I set Maximum Archive Depth = 0 in order to avoid
filename checks in Zips outright (a bad temp solution).  How would one
go about such a setup (if it is possible)?

I searched through the List and FAQ to see if my question has already
been answered with no luck.

Thanks!

Michael

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 16:42:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.1805.1137101210.24926.mailscanner@lists.mailscanner.info>

Microsoft have apparently expanded their list of "High-risk file types"
with the release of Windows XP SP2. The new list of high-risk dangerous
attachments they have added are:
.ade
.adp
.app
.asp
.bas
.bat
.cer
.chm
.cmd
.com
.cpl
.crt
.csh
.exe
.fxp
.hlp
.hta
.inf
.ins
.isp
.its
.js
.jse
.ksh
.lnk
.mad
.maf
.mag
.mam
.maq
.mar
.mas
.mat
.mau
.mav
.maw
.mda
.mdb
.mde
.mdt
.mdw
.mdz
.msc
.msi
.msp
.mst
.ops
.pcd
.pif
.prf
.prg
.pst
.reg
.scf
.scr
.sct
.shb
.shs
.tmp
.url
.vb
.vbe
.vbs
.vsmacros
.vss
.vst
.vsw
.ws
.wsc
.wsf
.wsh

I have added what are apparently the worst of these to the default
filename.rules.conf file.
The new file is attached.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "filename.rules.conf")  ]
    [ 8.2KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From ugob at CAMO-ROUTE.COM  Thu Sep  9 16:51:40 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:50 2006
Subject: test virus problem
Message-ID: <mailman.1806.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Henry Burbano wrote:

> Hello,
> I tested my server with www.testvirus.org, I have problems with test#23,
> maybe I need to configure something else in my configuration files.
>
> Test#23 is:
>
> This test message contains: Test #23: Eicar virus within zip file hidden
> using the "Empty MIME Boundary Vulnerability" (attachment can be opened by
> all versions of Microsoft Outlook and Outlook Express)
>
> All advices or clues are welcome....

Search the mailing list archives for "testvirus.org".  The answer is there.

>
> Thanks
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 17:06:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: test virus problem
Message-ID: <mailman.1807.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please search the mailing list archives for "testvirus", this has been
discussed plenty of times before.

At 16:24 09/09/2004, you wrote:
>Hello,
>I tested my server with www.testvirus.org, I have problems with test#23,
>maybe I need to configure something else in my configuration files.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Thu Sep  9 17:10:27 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:50 2006
Subject: test virus problem
Message-ID: <mailman.1808.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 10:24:41 -0500, Henry Burbano
<hburbano@novadevices.com> wrote:
> All advices or clues are welcome....

Hello, this list has an archive, the address is at the bottom of every
message, and is linked to on the page with the sign up details, you
should try and use it before you post.

A search would have told you that there have been plenty posts about
testvirus.org. Try this post, although it does appear that they've
changed the numbering of their tests.

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R141186&I=-1

A search for testvirus will return more information if you need it.

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep  9 17:11:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1809.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:41 09/09/2004, you wrote:
>Hi,
>
>I'm pretty new to MailScanner and its wonderful ways.  I hope this
>question is not a tired one:
>
>I need to configure MailScanner so that it will check the contents of
>all archives against filename.rules.conf (as it does by default), except
>I need to make an exception for zip file contents.  In
>filename.rules.conf I have .exe files banned.  I want to allow them to
>pass in .zip files, provided that they pass my virus scanner (ClamAV).
>For the time being I set Maximum Archive Depth = 0 in order to avoid
>filename checks in Zips outright (a bad temp solution).  How would one
>go about such a setup (if it is possible)?

Sorry, the "Maximum Archive Depth=0" is the best solution. I contemplated
adding a second entire set of filename and filetype rules, for checking
against archive contents. However, it was agreed at the time that so few
people would actually want to be able to do this that it would just add
confusion without adding much extra useful functionality.

I want to make MailScanner flexible, but if I add too much configuration
then people just don't understand how to use it and the extra flexibility
is never used. How many people know how to change the font used it "Ok"
buttons in Xt applications? Yes, you can do it, someone may need to, but
no-one ever does use the fine-grained configuration in X applications
because it is too darned hard and no-one understands how it works.

Also, more configuration options = more code to execute = slower :-(
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chris at SCHWEEB.ORG  Thu Sep  9 17:29:50 2004
From: chris at SCHWEEB.ORG (Chris Scheib)
Date: Thu Jan 12 21:26:50 2006
Subject: Problems with attachments on forwarded emails
Message-ID: <mailman.1810.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I am having problems with attachments contained in forwarded emails sent
through mailscanner.

For example, I have a fax server that sends an email to the user with
the fax attached as a TIF file.  Some of my users may forward this
message to another user in the company.  Their client, which is either
Mozilla Thunderbird or Microsoft Outlook, is set to forward this email
w/ the TIF, as an attachment.

When the recpient goes to read this forwarded email, the message they
receive shows the body with whatever comments the forwardee may have
added, and the attachment containing the original message.  When you
double click the attached original email, you see the entirety of the
original email, but you see it raw.  Headers, body, and attachment, all raw.

When the user's client is set to forward messages Inline, the message
goes through fine, albeit with the body of the old message inline, and
the TIF attached to the main email.

The best guess I can come up with is that MailScanner is somehow
mangling the MIME boundaries somewhere along the process.  I have tried
this process numerous times on mail servers not filtering using
MailScanner, and forwarding attached messages works perfectly.

Software Info:
        Debian Linux Sarge/Testing
        MailScanner 4.33.3-1
        Postfix 2.1.3-1
        Procmail 3.22-9
        SpamAssassin 2.64-1
        F-Prot Virus Scanner

I can attach some sample emails if necessary, although I'll have to put
them in an archive of some sort so that they don't get mangled further.

Thanks,
   Chris Scheib
   chris@schweeb.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From worker at MOMPOPMEDIA.COM  Thu Sep  9 18:00:45 2004
From: worker at MOMPOPMEDIA.COM (Michael Caplan)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1811.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian,

Thanks for the prompt answer.  While I agree with your interested in
avoiding unnecessary code bloat I'd like to try and bounce an argument
(sorry if it is a tried argument) of why such a feature is an important
one that benefits consideration.

With the servers I run, and I am sure this scenario plays out with many
other environments other than my own, it is important to deny certain
filenames in one scenario (a plain .exe attachment), bot not another (an
.exe zipped up).  It is agreed that an executable file is dangerous as a
plain attachment, but rolled into a zip, an .exe does not pose the same
threat.  Also, it comes up on many occasions that a client needs to
transmit an otherwise denied file as a legitimate attachment.

One option is deliberately renaming a file extension as a means to get
around this, but this creates a level of complexity for the user, and
also MailScanner attempts (as far as I understand) to isolate improperly
named files using the "file" command anyhow (invalidating this
approach).  This leaves no other solution other than turning off archive
filename checks with Maximum Archive Depth = 0.  This is not such a good
solution as it then opens up an insecure door (how many of you are
getting zips with malicious .pifs throughout the day?)

All said, I see two equally important scenarios in which different rule
sets should be applied to attachments and attached archives.

Or, perhaps I am looking at the problem wrong....?

Thanks,

Michael


Julian Field wrote:

> At 16:41 09/09/2004, you wrote:
>
>> Hi,
>>
>> I'm pretty new to MailScanner and its wonderful ways.  I hope this
>> question is not a tired one:
>>
>> I need to configure MailScanner so that it will check the contents of
>> all archives against filename.rules.conf (as it does by default), except
>> I need to make an exception for zip file contents.  In
>> filename.rules.conf I have .exe files banned.  I want to allow them to
>> pass in .zip files, provided that they pass my virus scanner (ClamAV).
>> For the time being I set Maximum Archive Depth = 0 in order to avoid
>> filename checks in Zips outright (a bad temp solution).  How would one
>> go about such a setup (if it is possible)?
>
>
> Sorry, the "Maximum Archive Depth=0" is the best solution. I contemplated
> adding a second entire set of filename and filetype rules, for checking
> against archive contents. However, it was agreed at the time that so few
> people would actually want to be able to do this that it would just add
> confusion without adding much extra useful functionality.
>
> I want to make MailScanner flexible, but if I add too much configuration
> then people just don't understand how to use it and the extra flexibility
> is never used. How many people know how to change the font used it "Ok"
> buttons in Xt applications? Yes, you can do it, someone may need to, but
> no-one ever does use the fine-grained configuration in X applications
> because it is too darned hard and no-one understands how it works.
>
> Also, more configuration options = more code to execute = slower :-(
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jeff at IMAGE-SRC.COM  Thu Sep  9 19:14:43 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1812.1137101210.24926.mailscanner@lists.mailscanner.info>

Wow, I think you were reading my mind. I just ran into the same issue
this morning and was looking at options to work around it. I agree that
we don't want to bloat the code but to me, this seems like a glaringly
obvious feature that people would use. I don't see how you wouldn't need
it??? Rather than making an entire separate ruleset for checking
archives, how about an on/off toggle for archive filename/filetype
checking (this will keep the virus checking for archives).

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Michael Caplan
Sent: Thursday, September 09, 2004 1:01 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: filename rules inside of an archive


Hi Julian,

Thanks for the prompt answer.  While I agree with your interested in
avoiding unnecessary code bloat I'd like to try and bounce an argument
(sorry if it is a tried argument) of why such a feature is an important
one that benefits consideration.

With the servers I run, and I am sure this scenario plays out with many
other environments other than my own, it is important to deny certain
filenames in one scenario (a plain .exe attachment), bot not another (an
.exe zipped up).  It is agreed that an executable file is dangerous as a
plain attachment, but rolled into a zip, an .exe does not pose the same
threat.  Also, it comes up on many occasions that a client needs to
transmit an otherwise denied file as a legitimate attachment.

One option is deliberately renaming a file extension as a means to get
around this, but this creates a level of complexity for the user, and
also MailScanner attempts (as far as I understand) to isolate improperly
named files using the "file" command anyhow (invalidating this
approach).  This leaves no other solution other than turning off archive
filename checks with Maximum Archive Depth = 0.  This is not such a good
solution as it then opens up an insecure door (how many of you are
getting zips with malicious .pifs throughout the day?)

All said, I see two equally important scenarios in which different rule
sets should be applied to attachments and attached archives.

Or, perhaps I am looking at the problem wrong....?

Thanks,

Michael


Julian Field wrote:

> At 16:41 09/09/2004, you wrote:
>
>> Hi,
>>
>> I'm pretty new to MailScanner and its wonderful ways.  I hope this
>> question is not a tired one:
>>
>> I need to configure MailScanner so that it will check the contents of
>> all archives against filename.rules.conf (as it does by default),
except
>> I need to make an exception for zip file contents.  In
>> filename.rules.conf I have .exe files banned.  I want to allow them
to
>> pass in .zip files, provided that they pass my virus scanner
(ClamAV).
>> For the time being I set Maximum Archive Depth = 0 in order to avoid
>> filename checks in Zips outright (a bad temp solution).  How would
one
>> go about such a setup (if it is possible)?
>
>
> Sorry, the "Maximum Archive Depth=0" is the best solution. I
contemplated
> adding a second entire set of filename and filetype rules, for
checking
> against archive contents. However, it was agreed at the time that so
few
> people would actually want to be able to do this that it would just
add
> confusion without adding much extra useful functionality.
>
> I want to make MailScanner flexible, but if I add too much
configuration
> then people just don't understand how to use it and the extra
flexibility
> is never used. How many people know how to change the font used it
"Ok"
> buttons in Xt applications? Yes, you can do it, someone may need to,
but
> no-one ever does use the fine-grained configuration in X applications
> because it is too darned hard and no-one understands how it works.
>
> Also, more configuration options = more code to execute = slower :-(
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From worker at MOMPOPMEDIA.COM  Thu Sep  9 19:23:50 2004
From: worker at MOMPOPMEDIA.COM (Michael Caplan)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1813.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Jeff,


>it??? Rather than making an entire separate ruleset for checking
>archives, how about an on/off toggle for archive filename/filetype
>checking (this will keep the virus checking for archives).
>
>
>
Isn't this what Maximum Archive Depth = 0 does already?  I think what I
ma getting at is a separate ruleset for archives.



Michael



>Jeff Graves, MCSA
>Customer Support Engineer
>Image Source, Inc.
>10 Mill Street
>Bellingham, MA 02019
>
>508.966.5200 - Phone
>508.966.5170 - Fax
>jeff@image-src.com - Email
>www.image-src.com
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Michael Caplan
>Sent: Thursday, September 09, 2004 1:01 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: filename rules inside of an archive
>
>
>Hi Julian,
>
>Thanks for the prompt answer.  While I agree with your interested in
>avoiding unnecessary code bloat I'd like to try and bounce an argument
>(sorry if it is a tried argument) of why such a feature is an important
>one that benefits consideration.
>
>With the servers I run, and I am sure this scenario plays out with many
>other environments other than my own, it is important to deny certain
>filenames in one scenario (a plain .exe attachment), bot not another (an
>.exe zipped up).  It is agreed that an executable file is dangerous as a
>plain attachment, but rolled into a zip, an .exe does not pose the same
>threat.  Also, it comes up on many occasions that a client needs to
>transmit an otherwise denied file as a legitimate attachment.
>
>One option is deliberately renaming a file extension as a means to get
>around this, but this creates a level of complexity for the user, and
>also MailScanner attempts (as far as I understand) to isolate improperly
>named files using the "file" command anyhow (invalidating this
>approach).  This leaves no other solution other than turning off archive
>filename checks with Maximum Archive Depth = 0.  This is not such a good
>solution as it then opens up an insecure door (how many of you are
>getting zips with malicious .pifs throughout the day?)
>
>All said, I see two equally important scenarios in which different rule
>sets should be applied to attachments and attached archives.
>
>Or, perhaps I am looking at the problem wrong....?
>
>Thanks,
>
>Michael
>
>
>Julian Field wrote:
>
>
>
>>At 16:41 09/09/2004, you wrote:
>>
>>
>>
>>>Hi,
>>>
>>>I'm pretty new to MailScanner and its wonderful ways.  I hope this
>>>question is not a tired one:
>>>
>>>I need to configure MailScanner so that it will check the contents of
>>>all archives against filename.rules.conf (as it does by default),
>>>
>>>
>except
>
>
>>>I need to make an exception for zip file contents.  In
>>>filename.rules.conf I have .exe files banned.  I want to allow them
>>>
>>>
>to
>
>
>>>pass in .zip files, provided that they pass my virus scanner
>>>
>>>
>(ClamAV).
>
>
>>>For the time being I set Maximum Archive Depth = 0 in order to avoid
>>>filename checks in Zips outright (a bad temp solution).  How would
>>>
>>>
>one
>
>
>>>go about such a setup (if it is possible)?
>>>
>>>
>>Sorry, the "Maximum Archive Depth=0" is the best solution. I
>>
>>
>contemplated
>
>
>>adding a second entire set of filename and filetype rules, for
>>
>>
>checking
>
>
>>against archive contents. However, it was agreed at the time that so
>>
>>
>few
>
>
>>people would actually want to be able to do this that it would just
>>
>>
>add
>
>
>>confusion without adding much extra useful functionality.
>>
>>I want to make MailScanner flexible, but if I add too much
>>
>>
>configuration
>
>
>>then people just don't understand how to use it and the extra
>>
>>
>flexibility
>
>
>>is never used. How many people know how to change the font used it
>>
>>
>"Ok"
>
>
>>buttons in Xt applications? Yes, you can do it, someone may need to,
>>
>>
>but
>
>
>>no-one ever does use the fine-grained configuration in X applications
>>because it is too darned hard and no-one understands how it works.
>>
>>Also, more configuration options = more code to execute = slower :-(
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jeff at IMAGE-SRC.COM  Thu Sep  9 19:33:04 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1814.1137101210.24926.mailscanner@lists.mailscanner.info>

I thought that setting it to 0 would also turn off virus checking...

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Michael Caplan
Sent: Thursday, September 09, 2004 2:24 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: filename rules inside of an archive


Hi Jeff,


>it??? Rather than making an entire separate ruleset for checking
>archives, how about an on/off toggle for archive filename/filetype
>checking (this will keep the virus checking for archives).
>
>
>
Isn't this what Maximum Archive Depth = 0 does already?  I think what I
ma getting at is a separate ruleset for archives.



Michael



>Jeff Graves, MCSA
>Customer Support Engineer
>Image Source, Inc.
>10 Mill Street
>Bellingham, MA 02019
>
>508.966.5200 - Phone
>508.966.5170 - Fax
>jeff@image-src.com - Email
>www.image-src.com
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Michael Caplan
>Sent: Thursday, September 09, 2004 1:01 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: filename rules inside of an archive
>
>
>Hi Julian,
>
>Thanks for the prompt answer.  While I agree with your interested in
>avoiding unnecessary code bloat I'd like to try and bounce an argument
>(sorry if it is a tried argument) of why such a feature is an important
>one that benefits consideration.
>
>With the servers I run, and I am sure this scenario plays out with many
>other environments other than my own, it is important to deny certain
>filenames in one scenario (a plain .exe attachment), bot not another
(an
>.exe zipped up).  It is agreed that an executable file is dangerous as
a
>plain attachment, but rolled into a zip, an .exe does not pose the same
>threat.  Also, it comes up on many occasions that a client needs to
>transmit an otherwise denied file as a legitimate attachment.
>
>One option is deliberately renaming a file extension as a means to get
>around this, but this creates a level of complexity for the user, and
>also MailScanner attempts (as far as I understand) to isolate
improperly
>named files using the "file" command anyhow (invalidating this
>approach).  This leaves no other solution other than turning off
archive
>filename checks with Maximum Archive Depth = 0.  This is not such a
good
>solution as it then opens up an insecure door (how many of you are
>getting zips with malicious .pifs throughout the day?)
>
>All said, I see two equally important scenarios in which different rule
>sets should be applied to attachments and attached archives.
>
>Or, perhaps I am looking at the problem wrong....?
>
>Thanks,
>
>Michael
>
>
>Julian Field wrote:
>
>
>
>>At 16:41 09/09/2004, you wrote:
>>
>>
>>
>>>Hi,
>>>
>>>I'm pretty new to MailScanner and its wonderful ways.  I hope this
>>>question is not a tired one:
>>>
>>>I need to configure MailScanner so that it will check the contents of
>>>all archives against filename.rules.conf (as it does by default),
>>>
>>>
>except
>
>
>>>I need to make an exception for zip file contents.  In
>>>filename.rules.conf I have .exe files banned.  I want to allow them
>>>
>>>
>to
>
>
>>>pass in .zip files, provided that they pass my virus scanner
>>>
>>>
>(ClamAV).
>
>
>>>For the time being I set Maximum Archive Depth = 0 in order to avoid
>>>filename checks in Zips outright (a bad temp solution).  How would
>>>
>>>
>one
>
>
>>>go about such a setup (if it is possible)?
>>>
>>>
>>Sorry, the "Maximum Archive Depth=0" is the best solution. I
>>
>>
>contemplated
>
>
>>adding a second entire set of filename and filetype rules, for
>>
>>
>checking
>
>
>>against archive contents. However, it was agreed at the time that so
>>
>>
>few
>
>
>>people would actually want to be able to do this that it would just
>>
>>
>add
>
>
>>confusion without adding much extra useful functionality.
>>
>>I want to make MailScanner flexible, but if I add too much
>>
>>
>configuration
>
>
>>then people just don't understand how to use it and the extra
>>
>>
>flexibility
>
>
>>is never used. How many people know how to change the font used it
>>
>>
>"Ok"
>
>
>>buttons in Xt applications? Yes, you can do it, someone may need to,
>>
>>
>but
>
>
>>no-one ever does use the fine-grained configuration in X applications
>>because it is too darned hard and no-one understands how it works.
>>
>>Also, more configuration options = more code to execute = slower :-(
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From worker at MOMPOPMEDIA.COM  Thu Sep  9 19:54:53 2004
From: worker at MOMPOPMEDIA.COM (Michael Caplan)
Date: Thu Jan 12 21:26:50 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1815.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Huh.  My original assumption was that MailScanner piped the archive over
to the resident AV scanner regardless of Maximum Archive Depth = 0.  I
thought that meant that the filename rules was circumvented.

I just went through some archives that made it through MailScanner
because of Maximum Archive Depth = 0 and ran them against ClamAV (which
is the AV tied into MailScanner on my machine).  Assumption wrong.  All
the files where infected.  Wow, that's pretty troubling.

So Maximum Archive Depth = 0 really means that all archives are ignored
entirely?!?  I fail to see what the point of such a feature is then.
Can someone explain?  Is there ever a scenario where you would want
MailScanner not to scan archives for viruses?  (if that is the case, why
bother scanning any attachment then, considering that many viruses these
days are packed into zips?)

Thanks,

Michael

Jeff Graves wrote:

>I thought that setting it to 0 would also turn off virus checking...
>
>Jeff Graves, MCSA
>Customer Support Engineer
>Image Source, Inc.
>10 Mill Street
>Bellingham, MA 02019
>
>508.966.5200 - Phone
>508.966.5170 - Fax
>jeff@image-src.com - Email
>www.image-src.com
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Michael Caplan
>Sent: Thursday, September 09, 2004 2:24 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: filename rules inside of an archive
>
>
>Hi Jeff,
>
>
>
>
>>it??? Rather than making an entire separate ruleset for checking
>>archives, how about an on/off toggle for archive filename/filetype
>>checking (this will keep the virus checking for archives).
>>
>>
>>
>>
>>
>Isn't this what Maximum Archive Depth = 0 does already?  I think what I
>ma getting at is a separate ruleset for archives.
>
>
>
>Michael
>
>
>
>
>
>>Jeff Graves, MCSA
>>Customer Support Engineer
>>Image Source, Inc.
>>10 Mill Street
>>Bellingham, MA 02019
>>
>>508.966.5200 - Phone
>>508.966.5170 - Fax
>>jeff@image-src.com - Email
>>www.image-src.com
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Michael Caplan
>>Sent: Thursday, September 09, 2004 1:01 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: filename rules inside of an archive
>>
>>
>>Hi Julian,
>>
>>Thanks for the prompt answer.  While I agree with your interested in
>>avoiding unnecessary code bloat I'd like to try and bounce an argument
>>(sorry if it is a tried argument) of why such a feature is an important
>>one that benefits consideration.
>>
>>With the servers I run, and I am sure this scenario plays out with many
>>other environments other than my own, it is important to deny certain
>>filenames in one scenario (a plain .exe attachment), bot not another
>>
>>
>(an
>
>
>>.exe zipped up).  It is agreed that an executable file is dangerous as
>>
>>
>a
>
>
>>plain attachment, but rolled into a zip, an .exe does not pose the same
>>threat.  Also, it comes up on many occasions that a client needs to
>>transmit an otherwise denied file as a legitimate attachment.
>>
>>One option is deliberately renaming a file extension as a means to get
>>around this, but this creates a level of complexity for the user, and
>>also MailScanner attempts (as far as I understand) to isolate
>>
>>
>improperly
>
>
>>named files using the "file" command anyhow (invalidating this
>>approach).  This leaves no other solution other than turning off
>>
>>
>archive
>
>
>>filename checks with Maximum Archive Depth = 0.  This is not such a
>>
>>
>good
>
>
>>solution as it then opens up an insecure door (how many of you are
>>getting zips with malicious .pifs throughout the day?)
>>
>>All said, I see two equally important scenarios in which different rule
>>sets should be applied to attachments and attached archives.
>>
>>Or, perhaps I am looking at the problem wrong....?
>>
>>Thanks,
>>
>>Michael
>>
>>
>>Julian Field wrote:
>>
>>
>>
>>
>>
>>>At 16:41 09/09/2004, you wrote:
>>>
>>>
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I'm pretty new to MailScanner and its wonderful ways.  I hope this
>>>>question is not a tired one:
>>>>
>>>>I need to configure MailScanner so that it will check the contents of
>>>>all archives against filename.rules.conf (as it does by default),
>>>>
>>>>
>>>>
>>>>
>>except
>>
>>
>>
>>
>>>>I need to make an exception for zip file contents.  In
>>>>filename.rules.conf I have .exe files banned.  I want to allow them
>>>>
>>>>
>>>>
>>>>
>>to
>>
>>
>>
>>
>>>>pass in .zip files, provided that they pass my virus scanner
>>>>
>>>>
>>>>
>>>>
>>(ClamAV).
>>
>>
>>
>>
>>>>For the time being I set Maximum Archive Depth = 0 in order to avoid
>>>>filename checks in Zips outright (a bad temp solution).  How would
>>>>
>>>>
>>>>
>>>>
>>one
>>
>>
>>
>>
>>>>go about such a setup (if it is possible)?
>>>>
>>>>
>>>>
>>>>
>>>Sorry, the "Maximum Archive Depth=0" is the best solution. I
>>>
>>>
>>>
>>>
>>contemplated
>>
>>
>>
>>
>>>adding a second entire set of filename and filetype rules, for
>>>
>>>
>>>
>>>
>>checking
>>
>>
>>
>>
>>>against archive contents. However, it was agreed at the time that so
>>>
>>>
>>>
>>>
>>few
>>
>>
>>
>>
>>>people would actually want to be able to do this that it would just
>>>
>>>
>>>
>>>
>>add
>>
>>
>>
>>
>>>confusion without adding much extra useful functionality.
>>>
>>>I want to make MailScanner flexible, but if I add too much
>>>
>>>
>>>
>>>
>>configuration
>>
>>
>>
>>
>>>then people just don't understand how to use it and the extra
>>>
>>>
>>>
>>>
>>flexibility
>>
>>
>>
>>
>>>is never used. How many people know how to change the font used it
>>>
>>>
>>>
>>>
>>"Ok"
>>
>>
>>
>>
>>>buttons in Xt applications? Yes, you can do it, someone may need to,
>>>
>>>
>>>
>>>
>>but
>>
>>
>>
>>
>>>no-one ever does use the fine-grained configuration in X applications
>>>because it is too darned hard and no-one understands how it works.
>>>
>>>Also, more configuration options = more code to execute = slower :-(
>>>--
>>>Julian Field
>>>www.MailScanner.info
>>>Professional Support Services at www.MailScanner.biz
>>>MailScanner thanks transtec Computers for their support
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>
>>
>>
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Thu Sep  9 20:33:48 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:50 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.1816.1137101210.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
>

> .csh

> .ksh


Hm.  If these two are what I think they are (c shell and k shell scripts
under cygwin?) I wonder why they didn't include .sh and .pl

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Sep  9 21:14:53 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:50 2006
Subject: test virus problem
Message-ID: <mailman.1817.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:10 PM 9/9/2004, Richard Brown wrote:
>A search would have told you that there have been plenty posts about
>testvirus.org. Try this post, although it does appear that they've
>changed the numbering of their tests.
>
>http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R141186&I=-1

That particular post isn't a particularly good refute of testvirus.org's
claims. Julian tested it with Eudora, as did I, but testvirus.org claims
Outlook clients can open it.

Is there any evidence which specifically contradicts the claim that Outlook
can parse these messages? Clearly testing Eudora isn't a good method of
dismissing claims Outlook is vulnerable.

I've been searching the archives extensively and have not found a post that
addresses the issue with anything more specific than Julian's post above.
Nearly all questions regarding this since Julian's post have been responded
to with "It's not an issue, search the archives" replies.

Anyone have a link to a post which does show this is a real non-issue?

I'll also grant that this is more of a Mime-tools issue than a MailScanner
issue, but that alone doesn't make it non-real.

In theory if one is particularly concerned about the empty mime boundary
issue, you can easily pick them off with a SpamAssassin rule:

header MIME_EMPTY_BOUNDARY      Content-Type =~ /boundary\=(?!.)/i
score MIME_EMPTY_BOUNDARY       0.1

(I tested this rule briefly, verified it matched the test #23 email, and
hasn't matched any of the 35 inbound emails in the past couple minutes. It
should however be regarded as not well tested)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From itdept at FRACTALWEB.COM  Thu Sep  9 22:29:10 2004
From: itdept at FRACTALWEB.COM (Fractal IT Dept.)
Date: Thu Jan 12 21:26:50 2006
Subject: definition: messages per month?
Message-ID: <mailman.1818.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi everyone,<br>
<br>
It occurred to me that we may be using different definitions of the
word "messages" when referring to the number of messages our servers
process per month.<br>
<br>
I generally think of a single message as a single email, regardless of
the number of "to", "cc", or "bcc" recipients. But perhaps if a message
has 10 recipients, it should be classed as 10 messages? This becomes
particularly significant as one compares weekly and monthly volumes.<br>
<br>
For example, my server processed 4,980 total (</font><font
 face="Helvetica, Arial, sans-serif">in and out) </font><font
 face="Helvetica, Arial, sans-serif">"messages" (first definition), but
there were really 24,266 "messages" processed, once one takes into
account messages with multiple recipients.<br>
<br>
With this taken into account, where we were once thinking that by
comparison's sake, our server only processed about 115k messages per
month, the real number may be more like 575k.<br>
<br>
So, in the first case, I suppose I should be talking about "message
envelopes"? Or am I off base?<br>
<br>
What are other people's thoughts on this? <br>
<br>
Cheers,<br>
Chris<br>
<br>
<br>
</font>
</body>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep  9 22:32:37 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:50 2006
Subject: definition: messages per month?
Message-ID: <mailman.1819.1137101210.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-09-09 at 14:29 -0700, Fractal IT Dept. wrote:

> What are other people's thoughts on this?

I'd go by whatever the SQL logging says :)


--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From itdept at FRACTALWEB.COM  Thu Sep  9 22:49:06 2004
From: itdept at FRACTALWEB.COM (Fractal IT Dept.)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1820.1137101210.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon : Blacknight Solutions wrote:

>I'd go by whatever the SQL logging says :)
>
>
That's what I was going by, using Mailwatch. But that doesn't seem to
take into account the extra recipients when there are multiples.

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Thu Sep  9 22:51:43 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:51 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.1821.1137101211.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 09, 2004 at 12:33:48PM -0700, John Rudd wrote:
> Julian Field wrote:
> >
>
> > .csh
>
> > .ksh
>
>
> Hm.  If these two are what I think they are (c shell and k shell scripts
> under cygwin?) I wonder why they didn't include .sh and .pl

or .py, for that matter ...

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Thu Sep  9 23:09:05 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1822.1137101211.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 09, 2004 at 02:49:06PM -0700, Fractal IT Dept. wrote:
> Michele Neylon : Blacknight Solutions wrote:
>
> >I'd go by whatever the SQL logging says :)
> >
> >
> That's what I was going by, using Mailwatch. But that doesn't seem to
> take into account the extra recipients when there are multiples.

I've been meaning to ask about the semantics of this myself for
sometime. Since I'm about to run some stats for August (yes, I'm a
little behind ... I was out sick most of last week) now's as a good a
time as any.

In addition to whether to count mails received or mails delivered, I've
wondered how others come up with percentages of viruses, spams and other
nasties caught. Obviously, I know how many were caught. But, I have to
rely soley on user reports of false-positives and false-negatives for
percentages missed. I know most of our users don't give us reports, so
how can I even estimate these percentages? How do the various stats
scripts and packages come up with numbers like these?

And then, if something gets blocked or deleted, do you count how many
people would have gotten it? or does each blocked mail count only once
since it wasn't split out for delivery?

I get all confused trying to keep this straight for myself. It's even
worse trying to explain it to management.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Thu Sep  9 23:24:19 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:51 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1823.1137101211.24926.mailscanner@lists.mailscanner.info>

I don't have the raw message unfortunately, its already been mangled in
Outlook a couple of times :)  Let me try and explain the layout a bit
better.  I have 2 exchange servers serving separate domains/networks.
The mailscanner/sendmail box is in a dmz, and forwards smtp to the
domains on each exchange server.  For one exchange server to send mail
to the other it would be routed through the sendmail box in the dmz.
The original messages that arent being tagged as spam are originating
from the spammer, then are routed through an ISP of a friend that hosts
a domain for me.  That email is then forwarded to another email address
that I host.  The email passed through my friends ISP isnt being tagged,
but if I forward that message back through the sendmail box to my other
exchange server it gets tagged as spam.

Did I just complicate things more?  :)

Matt

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Thursday, September 09, 2004 1:37 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

Matt

have you got the full raw email that you can post on a web/ftp site???

We can then run it through our systems to see what rules it fires and
give scores?

It could be a specific rule is needed to catch this stuff and one of us
may have it already installed.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> The server isnt whitelisted, and the spam coming through are usually
> tagged with a couple points, but not enough to trigger anything.  I
just
> forwarded one of the emails through the server and it was marked as
> spam.
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Steve Swaney
> Sent: Wednesday, September 08, 2004 9:17 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Matt Bullock
>>Sent: Wednesday, September 08, 2004 11:59 AM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Forwarded mail lets spam through
>>
>
>
> Snip
>
>>Right now SA is catching about 98% of the spam received, it just
>>doesn't
>>
>>tag anything that is forwarded from one particular server.
>>
>
> Snip
>
> Only possible explanation I can think of is that this Server is some
how
> white listed. What rule sets have you modified?
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney@fsl.com
>
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From eham at CSULB.EDU  Fri Sep 10 01:28:32 2004
From: eham at CSULB.EDU (Eric Ham)
Date: Thu Jan 12 21:26:51 2006
Subject: Eric Ham is out of the office.
Message-ID: <mailman.1824.1137101211.24926.mailscanner@lists.mailscanner.info>

I will be out of the office starting  09/09/2004 and will not return until
09/14/2004.

I will respond to your message when I return.  If you need immediate
assistance please contact Desktop Support at net-help@csulb.edu or
562-985-8344.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Sep 10 02:04:50 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:26:51 2006
Subject: Eric Ham is out of the office.
Message-ID: <mailman.1825.1137101211.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-09-09 at 17:28 -0700, Eric Ham wrote:
> I will be out of the office starting  09/09/2004 and will not return until
> 09/14/2004.
>
> I will respond to your message when I return.  If you need immediate
> assistance please contact Desktop Support at net-help@csulb.edu or
> 562-985-8344.

Grrr. One of my pet hates.
Could someone please unsubscribe him?
Out of Office replies to people posting is bad enough, but sending it to
an entire list is crazy

 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hden at KCBBS.GEN.NZ  Fri Sep 10 02:25:04 2004
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:26:51 2006
Subject: Help interpreting LOG entry
Message-ID: <mailman.1826.1137101211.24926.mailscanner@lists.mailscanner.info>

We use 2 virus scanners, eTRUST and Sophos. Recently I've had a few
entries where Sophos finds a [suspected] virus, but eTRUST reports
nothing.

All these occurances involve encryted files.

I do note via an archive search previous similar queries, but no answers
that match.

<log entry>
Sep  8 20:22:42 santana MailScanner[28002]: Spam Checks: Starting
Sep  8 20:22:59 santana MailScanner[28002]: Virus and Content Scanning: Starting
Sep  8 20:22:59 santana MailScanner[28002]: SophosSAVI::ERROR:: File was encrypt
ed (530):: ./i888MdNv028368/FengshuiHoroscope1.xls
Sep  8 20:22:59 santana MailScanner[28002]: Virus Scanning: SophosSAVI found 1
infections
Sep  8 20:23:00 santana MailScanner[28002]: Uninfected: Delivered 1 messages
</log entry>

questions..

 Is this a virus or is sophos having an 'encrypted file' problem?

 Does eTRUST not [able?] scan enrypted files?

 Why was the mail delivered anyway?

Cheers!
Hendrik

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevinold at gmail.com  Fri Sep 10 04:25:45 2004
From: kevinold at gmail.com (Kevin Old)
Date: Thu Jan 12 21:26:51 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1827.1137101211.24926.mailscanner@lists.mailscanner.info>

On Tue, 7 Sep 2004 11:46:59 -0400, Steve Swaney <steve.swaney@fsl.com> wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Martin Hepworth
> > Sent: Tuesday, September 07, 2004 11:12 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: SPAM Report - Timed out
> >
> > Mark
> >
> >   had a couple this morning around 10.30 (BST)
> >
> > normally relates to RBL's timing out for me..
> >
> >
>
> I'm working with Mark on this problem and it appears that there were three
> problems - which always makes it a bit difficult to solve.
>
> 1. As Julian suggested there was a ruleset which contained the line:
>         To:     <IP_Address>    no
>
> 2. Running The MailWatch SpamAssassin lint test showed that
>         debug: RBL: success for 0 of 1 queries                  13.12644
>         debug: RBL: timeout for rfci-dsn after 20 seconds        0.00019
>
> So find the rule that's timing out:
>         # cd /usr/share/spamassassin
>         # grep -i rfci-dsn *
>          20_dnsbl_tests.cf:header DNS_FROM_RFCI_DSN
> eval:check_rbl_from_host('rfci-dsn', 'dsn.rfc-ignorant.org.')
>
> vi /etc/MailScanner/spam.assassin.prefs.conf to add the line:
>
>         score DNS_FROM_RFCI_DSN         0.0
>
> And reload MailScanner and:
>
>         time spamassassin -D \
>         -p /etc/MailScanner/spam.assassin.prefs.cond --lint
>
> Dropped from around 20 seconds to about 8 seconds.
>
> 3. It also looked like razor was running a bit slow so we turned off razor
> checks and time to run spamassassin --lint tests dropped to around 2
> seconds.
>
> Is anyone else seeing these same or similar problems?

Yes, I'm seeing something like that.

I'm running MailScanner version:
$Id: mailscanner,v 1.142.2.145 2004/08/01 16:34:47 jkf Exp $

I've been getting a lot of these:

Sep  9 23:20:56 s15111287 MailScanner[13385]: SpamAssassin timed out
and was killed, failure 2 of 20

I'm not sure what's killing it.  I've added the "score
DNS_FROM_RFCI_DSN 0.0" like you did above and that seemed to shorten
the response time.

I also noticed my bayes database was around 8MB so I did a
--force-expire and it brought it down to about 5MB.

On another note, I've been seeing a ton of these "did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA" messages in my maillog.

Sep  9 23:20:06 s15111287 sendmail[13734]: i8A3JunX013734:
[220.186.192.185] did not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA
Sep  9 23:20:13 s15111287 sendmail[13732]: i8A3JtnX013732:
[220.174.221.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
Sep  9 23:20:13 s15111287 sendmail[13775]: i8A3KDnX013775:
[64.80.63.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA

Any ideas?
--
Kevin Old
kevinold@gmail.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Fri Sep 10 05:42:18 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:51 2006
Subject: MajorSophos
Message-ID: <mailman.1828.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tuesday, September 7, 2004, at 04:01  PM, John Rudd wrote:
> MajorSophos uses mktemp for the TMPDIR initialization, but mktemp isn't
> very portable (at least not to Solaris 8).  Here's what I did:

A revised version incorporating your comments is now available at
http://www.tippingmar.com/majorsophos

 From the changelog:
9-09-2004: Now falls back to simple temp directory naming if "mktemp"
program is unavailable.
Also cleans up after itself better if download fails. Added default
values (commented out) for non-rpm
installations of MailScanner.

Thanks for the suggestions.
Mark Nienberg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Mathias.Koerber at LIGHTSPEED.COM.SG  Fri Sep 10 05:45:47 2004
From: Mathias.Koerber at LIGHTSPEED.COM.SG (Mathias Koerber)
Date: Thu Jan 12 21:26:51 2006
Subject: Message-ID matching
Message-ID: <mailman.1829.1137101211.24926.mailscanner@lists.mailscanner.info>

        Date:         Sat, 4 Sep 2004 16:02:30 -0500
        Reply-To:     MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
        From:         Alex Neuman van der Hans <alex@NKPANAMA.COM>
        Subject:      Re: Message-ID matching
        
        
        You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
        well most of the time.
        
That may help some, but I am more after a generic solution which makes
MailScanner remember the Message-IDs of messages sent out, so that replies
that carry these in the references/in-reply-to are scored as much more
likely being genuine than apparent replies which carry unknown Message-IDs.

any hints?

All I think would be required is

a) a hook into MailScanner recording the Message-ID of outgoing messages
   (just before handing them back to sendmail)
b) a hook somewhere in the checking routine to check incoming messages
   against known Ids (and a way to specify rules how to handle matches/
   non-matches)
c) some form of maintenance tool to purge the DB every now and then
   (unless it can be a circular buffer overwriting the oldest entry
   when full by itself).


Secondly, many of the bounces we get are not virus warnings, but bounces
because some virus somewhere sent email to nonexistent users/domains
using a forged from: in our domain. From my cursory inspection the
bogus virus warnings rules do not conver that..

        Mathias Koerber wrote:
        
        > Hi MailScanner gurus,
        >
        > I am getting very frustrated by the many bounce-messages we receive
        > which are in response to some virus elsewhere using our email addresses
        > in the From: headers.
        >
        > Is there a way (in MailScanner) to
        >         a) have MailScanner record the message-id of all outgoing emails
        >            passing though it
        >         b) matching certain incoming emails, such as bounces against
        >            that list and acting differently according to whether the
        >            original mail was known or not
        >
        > formail -D does have a facility to record message-IDs, but I believe
        > calling formail on every outgoing email may be quite heavy, and we are
        > still lacking a facility to check the database on incoming emails.
        >
        > Also, some tool will be required to clean out the database regularly,
        > unless like in formail the database can be of limited size and
        > old records get lost when the database fills up.
        >
        > Has anyone implemented such a facility in Mailscanner yet?
        >
        > Any hints where I should start looking if I wanted to try this
        > myself (ie, where are the hooks etc)


-- 
Mathias Körber
mathias@lightspeed.com.sg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Fri Sep 10 07:05:59 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:51 2006
Subject: MajorSophos
Message-ID: <mailman.1830.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sep 9, 2004, at 9:42 PM, Mark Nienberg wrote:
>
> Thanks for the suggestions.
>

No problem!  Thanks for implementing them :-)


John

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Fri Sep 10 09:21:39 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1831.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";
        color:black;}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>MailScanner-MRTG counts both the number of
messages and the number of recipients, however the virus ratio/ spam ratios are
calculated again the message numbers (unless you tell the configuration that
your MTA is splitting messages into an individual message for each recipient).&nbsp;
My logic here was that having one recipient or ten recipients doesn&#8217;t
really make a difference to the amount of work MailScanner has to do, it still
only unpacks one message. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt;color:windowtext'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 color=black face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma;color:windowtext;font-weight:bold'>From:</span></font></b><font
size=2 color=black face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;
color:windowtext'> Fractal IT Dept. [mailto:itdept@FRACTALWEB.COM] <br>
<b><span style='font-weight:bold'>Sent:</span></b> 09 September 2004 22:29<br>
<b><span style='font-weight:bold'>To:</span></b> MAILSCANNER@JISCMAIL.AC.UK<br>
<b><span style='font-weight:bold'>Subject:</span></b> definition: messages per
month?</span></font><font color=black><span style='color:windowtext'><o:p></o:p></span></font></p>

</div>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3 color=black
face=Helvetica><span style='font-size:12.0pt;font-family:Helvetica'>Hi
everyone,<br>
<br>
It occurred to me that we may be using different definitions of the word
&quot;messages&quot; when referring to the number of messages our servers
process per month.<br>
<br>
I generally think of a single message as a single email, regardless of the number
of &quot;to&quot;, &quot;cc&quot;, or &quot;bcc&quot; recipients. But perhaps
if a message has 10 recipients, it should be classed as 10 messages? This
becomes particularly significant as one compares weekly and monthly volumes.<br>
<br>
For example, my server processed 4,980 total (in and out) &quot;messages&quot;
(first definition), but there were really 24,266 &quot;messages&quot;
processed, once one takes into account messages with multiple recipients.<br>
<br>
With this taken into account, where we were once thinking that by comparison's
sake, our server only processed about 115k messages per month, the real number
may be more like 575k.<br>
<br>
So, in the first case, I suppose I should be talking about &quot;message
envelopes&quot;? Or am I off base?<br>
<br>
What are other people's thoughts on this? <br>
<br>
Cheers,<br>
Chris<br>
<br>
</span></font><o:p></o:p></p>

</div>

</body>

<br />
<br />
<br />BMRB International 
<br /><a href="http://www.bmrb.co.uk">http://www.bmrb.co.uk</a>
<br />+44 (0)20 8566 5000
<br />
<br />This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material.  If you have received this in error, please contact the sender and delete this message immediately.  Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited.  BMRB International Limited accept no liability in relation to any personal emails, or content of any email which does not directly relate to our business.
<br />
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 10 09:24:53 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:51 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1832.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

OK - I think I get the issue.

2 options..

Get MS to archive all email (you'll prob have to do this for the S-OX
bill soon anyway!). You can then run SA on the message by hand to get
info about rules hit/or not..


OR can then get MS to make sure you include ALL scores in the
mail-header info even if it's not spam, again you'll see which rules get
triggered and their score.

Make sure the followinng values are set in MailScanner.conf.

Always Include SpamAssasin Report = yes
SpamScore Number Instead Of Stars = yes
Detailed Spam Report = yes
Include Scores In SpamAssassin Report =yes


Hopefully you'll be able to start norrowing down the issue by getting
this instrumentation into the email.



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> I don't have the raw message unfortunately, its already been mangled in
> Outlook a couple of times :)  Let me try and explain the layout a bit
> better.  I have 2 exchange servers serving separate domains/networks.
> The mailscanner/sendmail box is in a dmz, and forwards smtp to the
> domains on each exchange server.  For one exchange server to send mail
> to the other it would be routed through the sendmail box in the dmz.
> The original messages that arent being tagged as spam are originating
> from the spammer, then are routed through an ISP of a friend that hosts
> a domain for me.  That email is then forwarded to another email address
> that I host.  The email passed through my friends ISP isnt being tagged,
> but if I forward that message back through the sendmail box to my other
> exchange server it gets tagged as spam.
>
> Did I just complicate things more?  :)
>
> Matt
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Thursday, September 09, 2004 1:37 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
> Matt
>
> have you got the full raw email that you can post on a web/ftp site???
>
> We can then run it through our systems to see what rules it fires and
> give scores?
>
> It could be a specific rule is needed to catch this stuff and one of us
> may have it already installed.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Matt Bullock wrote:
>
>>The server isnt whitelisted, and the spam coming through are usually
>>tagged with a couple points, but not enough to trigger anything.  I
>
> just
>
>>forwarded one of the emails through the server and it was marked as
>>spam.
>>
>>
>>Regards,
>>
>>Matt Bullock
>>Troika Networks, Inc.
>>Network Administrator
>>805.367.2728
>>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Steve Swaney
>>Sent: Wednesday, September 08, 2004 9:17 AM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Forwarded mail lets spam through
>>
>>
>>
>>>-----Original Message-----
>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>>Behalf Of Matt Bullock
>>>Sent: Wednesday, September 08, 2004 11:59 AM
>>>To: MAILSCANNER@JISCMAIL.AC.UK
>>>Subject: Re: Forwarded mail lets spam through
>>>
>>
>>
>>Snip
>>
>>
>>>Right now SA is catching about 98% of the spam received, it just
>>>doesn't
>>>
>>>tag anything that is forwarded from one particular server.
>>>
>>
>>Snip
>>
>>Only possible explanation I can think of is that this Server is some
>
> how
>
>>white listed. What rule sets have you modified?
>>
>>Steve Swaney
>>President
>>Fortress Systems Ltd.
>>www.fsl.com
>>steve.swaney@fsl.com
>>
>>
>>
>>--
>>This message has been scanned for viruses and dangerous content by
>>MailScanner, and is believed to be clean.
>>
>>Fortress Systems Ltd.
>>www.fsl.com
>>
>>------------------------ MailScanner list ------------------------ To
>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Fri Sep 10 09:25:43 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:51 2006
Subject: test virus problem
Message-ID: <mailman.1833.1137101211.24926.mailscanner@lists.mailscanner.info>

On Thu, 9 Sep 2004 16:14:53 -0400, Matt Kettler <mkettler@evi-inc.com> wrote:
> Anyone have a link to a post which does show this is a real non-issue?

No, I take it back, test 23 walks right through MailScanner, or rather
MIME::Tools, and although Evolution throws a hissy fit "Could not
parse MIME message. Displaying as source" with it, Outlook is
perfectly happy to parse it.

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Fri Sep 10 09:26:12 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:51 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.1834.1137101211.24926.mailscanner@lists.mailscanner.info>

> > .csh
>
> > .ksh
>
>
> Hm.  If these two are what I think they are (c shell and k shell
scripts
> under cygwin?) I wonder why they didn't include .sh and .pl

Especially as sh and perl are included in Services for UNIX (so is ksh
but csh isn't)




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 10 09:31:32 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1835.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Eric

I always use the 'envelopes' per month version myself...ie how many
actual messages (qf,df pairs - or whatever your MTA uses to store
messages in the queue) are processed.

Otherwise the stats go up the wall - hey my MS processed 2 billion
messages last month, when actually it only  processed two MTA queue file
message pairs!!!

I'm not concerned that a message had multiple recipients, I'm concerned
about the actual number of messages, which has a direct correlation to
the performance and size of the hardware required.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Eric Dantan Rzewnicki wrote:
> On Thu, Sep 09, 2004 at 02:49:06PM -0700, Fractal IT Dept. wrote:
>
>>Michele Neylon : Blacknight Solutions wrote:
>>
>>
>>>I'd go by whatever the SQL logging says :)
>>>
>>>
>>
>>That's what I was going by, using Mailwatch. But that doesn't seem to
>>take into account the extra recipients when there are multiples.
>
>
> I've been meaning to ask about the semantics of this myself for
> sometime. Since I'm about to run some stats for August (yes, I'm a
> little behind ... I was out sick most of last week) now's as a good a
> time as any.
>
> In addition to whether to count mails received or mails delivered, I've
> wondered how others come up with percentages of viruses, spams and other
> nasties caught. Obviously, I know how many were caught. But, I have to
> rely soley on user reports of false-positives and false-negatives for
> percentages missed. I know most of our users don't give us reports, so
> how can I even estimate these percentages? How do the various stats
> scripts and packages come up with numbers like these?
>
> And then, if something gets blocked or deleted, do you count how many
> people would have gotten it? or does each blocked mail count only once
> since it wasn't split out for delivery?
>
> I get all confused trying to keep this straight for myself. It's even
> worse trying to explain it to management.
>
> -Eric Rz.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From David.While at UCE.AC.UK  Fri Sep 10 09:48:34 2004
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1836.1137101211.24926.mailscanner@lists.mailscanner.info>

Just to add Vispan counts envelopes processed - it doesn't care about
how many recipients there were for each email. As Martin points out it
is more important to know how much work MailScanner is doing for things
like hardware etc.

If there are 10,000 receipients in an email - MailScanner only scans it
once (unless you decide to split it at the MTA level).

Similarly looking at Vispan stats it is possible for the individual
virus counts to differ from the messages containing viruses since one
email can contain multiple viruses.

--------------------------------------------
David While BSc CEng MBCS CITP
Technical Development Manager
School of Computing & Information
University of Central England
Tel: 0121 331 6211
-------------------------------------------- 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: 10 September 2004 09:32
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: definition: messages per month?

Eric

I always use the 'envelopes' per month version myself...ie how many
actual messages (qf,df pairs - or whatever your MTA uses to store
messages in the queue) are processed.

Otherwise the stats go up the wall - hey my MS processed 2 billion
messages last month, when actually it only  processed two MTA queue file
message pairs!!!

I'm not concerned that a message had multiple recipients, I'm concerned
about the actual number of messages, which has a direct correlation to
the performance and size of the hardware required.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Eric Dantan Rzewnicki wrote:
> On Thu, Sep 09, 2004 at 02:49:06PM -0700, Fractal IT Dept. wrote:
>
>>Michele Neylon : Blacknight Solutions wrote:
>>
>>
>>>I'd go by whatever the SQL logging says :)
>>>
>>>
>>
>>That's what I was going by, using Mailwatch. But that doesn't seem to
>>take into account the extra recipients when there are multiples.
>
>
> I've been meaning to ask about the semantics of this myself for
> sometime. Since I'm about to run some stats for August (yes, I'm a
> little behind ... I was out sick most of last week) now's as a good a
> time as any.
>
> In addition to whether to count mails received or mails delivered,
I've
> wondered how others come up with percentages of viruses, spams and
other
> nasties caught. Obviously, I know how many were caught. But, I have to
> rely soley on user reports of false-positives and false-negatives for
> percentages missed. I know most of our users don't give us reports, so
> how can I even estimate these percentages? How do the various stats
> scripts and packages come up with numbers like these?
>
> And then, if something gets blocked or deleted, do you count how many
> people would have gotten it? or does each blocked mail count only once
> since it wasn't split out for delivery?
>
> I get all confused trying to keep this straight for myself. It's even
> worse trying to explain it to management.
>
> -Eric Rz.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From viers at UNILIM.FR  Fri Sep 10 10:14:11 2004
From: viers at UNILIM.FR (Nicolas Viers - SCI)
Date: Thu Jan 12 21:26:51 2006
Subject: mailscanner-mrtg explanations
Message-ID: <mailman.1837.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
                 Hello,
how could you explain to me the difference between  for example:
Current  Infected Mail          1491.0
and
Current  Viruses Detected       787.0
on mailscanner-mrtg graph
What is the real value of infected mails ?

Thanks a lot


____________________________________________________________

Nicolas Viers               |  Service Commun Informatique
Mél: viers@unilim.fr        |  123, avenue Albert Thomas
                             |     87060 Limoges cedex
Tel: 05-55-45-77-09         |  Fax: 05-55-45-75-95
                   http://www.unilim.fr/sci
____________________________________________________________

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 10 11:39:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1838.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:33 09/09/2004, you wrote:
>I thought that setting it to 0 would also turn off virus checking...

No, the archive will still have its content checked for viruses.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 10 11:40:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: test virus problem
Message-ID: <mailman.1839.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:14 09/09/2004, you wrote:
>At 12:10 PM 9/9/2004, Richard Brown wrote:
>>A search would have told you that there have been plenty posts about
>>testvirus.org. Try this post, although it does appear that they've
>>changed the numbering of their tests.
>>
>>http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0403&L=mailscanner&P=R141186&I=-1
>
>That particular post isn't a particularly good refute of testvirus.org's
>claims. Julian tested it with Eudora, as did I, but testvirus.org claims
>Outlook clients can open it.
>
>Is there any evidence which specifically contradicts the claim that Outlook
>can parse these messages? Clearly testing Eudora isn't a good method of
>dismissing claims Outlook is vulnerable.
>
>I've been searching the archives extensively and have not found a post that
>addresses the issue with anything more specific than Julian's post above.
>Nearly all questions regarding this since Julian's post have been responded
>to with "It's not an issue, search the archives" replies.

There is some work going on right now to hopefully fix this. We just have
to iron out all the bugs in the new MIME code.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From joakim at CEFALK.COM  Fri Sep 10 12:31:58 2004
From: joakim at CEFALK.COM (Joakim Cefalk)
Date: Thu Jan 12 21:26:51 2006
Subject: test virus problem
Message-ID: <mailman.1840.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
What antivirus software du you use?
I use F-prot and Antivir. F-prot did not find the virus in that test but 
Antivir did.
Test to install Antivir and test again.



Henry Burbano wrote:

>Hello,
>I tested my server with www.testvirus.org, I have problems with test#23,
>maybe I need to configure something else in my configuration files.
>
>Test#23 is:
>
>This test message contains: Test #23: Eicar virus within zip file hidden
>using the "Empty MIME Boundary Vulnerability" (attachment can be opened by
>all versions of Microsoft Outlook and Outlook Express)
>
>All advices or clues are welcome....
>
>Thanks
>
>
>*******************************************
>This message has been scanned for viruses and
>dangerous content by Kypus Server Appliance E-Mail
>Protection Service, and is believed to be clean.
>*******************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>  
>

-- 
Meddelandet har kontrollerats mot virus samt skadligt 
innehåll av MailScanner och förmodas vara säkert.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From E.H.Beekman at AMC.NL  Fri Sep 10 13:22:10 2004
From: E.H.Beekman at AMC.NL (Ewald Beekman)
Date: Thu Jan 12 21:26:51 2006
Subject: HTML stripping through multipart/alternative ?
Message-ID: <mailman.1841.1137101211.24926.mailscanner@lists.mailscanner.info>

When Outlook clients send HTML formatted e-mail they do so
using MIME multipart/alternative, it contains both the plain
text version (text/plain) and the HTML formatted version
(text/html).
Would it be possible to have MailScanner stript the HTML part
from the e-mails, so these e-mails become plain text again?

tia,
Ewald...


--
Ewald Beekman, Security Engineer, Academic Medical Center,
dept. ADB/ICT Computer & Network Services, The Netherlands
## Your mind-mint is:
All life evolves by the differential survival of replicating entities.
                -- Dawkins

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 10 13:56:44 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: HTML stripping through multipart/alternative ?
Message-ID: <mailman.1842.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It's in MailScanner.conf.

# Do you want to convert all HTML messages into plain text?
# This is very useful for users who are children or are easily offended
# by nasty things like pornographic spam.
# This can also be the filename of a ruleset, so you can switch this
# feature on and off for particular users or domains.
Convert HTML To Text = no

At 13:22 10/09/2004, you wrote:
>When Outlook clients send HTML formatted e-mail they do so
>using MIME multipart/alternative, it contains both the plain
>text version (text/plain) and the HTML formatted version
>(text/html).
>Would it be possible to have MailScanner stript the HTML part
>from the e-mails, so these e-mails become plain text again?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Fri Sep 10 14:26:03 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:51 2006
Subject: test virus problem
Message-ID: <mailman.1843.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:40 AM 9/10/2004, Julian Field wrote:
> >I've been searching the archives extensively and have not found a post that
> >addresses the issue with anything more specific than Julian's post above.
> >Nearly all questions regarding this since Julian's post have been responded
> >to with "It's not an issue, search the archives" replies.
>
>There is some work going on right now to hopefully fix this. We just have
>to iron out all the bugs in the new MIME code.
>--
>Julian Field

Thanks for the clarification Julian, at least we now all realize that it is
a real issue for Outlook MUAs, albeit not one that's active in the wild.

In the interim, the SA rule I posted yesterday ran overnight on my
production mailserver with a low score, it's passed 2,505 normal spam/ham
messages without matching, but this morning matched testvirus.org's test
#23 just fine. I'm much more comfortable with it's use as a stop-gap
measure now that it's had at least a little real-world exercise. I'd still
advise a little bit of testing on your own servers prior to pushing the
score up high.

header MIME_EMPTY_BOUNDARY      Content-Type =~ /boundary\=(?!.)/i
score MIME_EMPTY_BOUNDARY       2.0
describe MIME_EMPTY_BOUNDARY    Contains a possible mime exploit for outlook

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From cmaurand at XYONET.COM  Fri Sep 10 14:40:35 2004
From: cmaurand at XYONET.COM (Curtis Maurand)
Date: Thu Jan 12 21:26:51 2006
Subject: powerpoint files not getting through
Message-ID: <mailman.1844.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,
  I'm having trouble getting powerpoint files through the mailscanner.
The filename.rules.conf file has:

allow    \.ppt$      -      -

I'm using MailScanner 4.30.3 with f-prot.  I've found f-prot will block
almost anything with a script no matter how you set it.  I'm getting
ready to switch to clamav on that machine.

Any help will be greatly appreciated.

Sincerely yours,
Curtis Maurand

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Fri Sep 10 14:48:55 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:51 2006
Subject: powerpoint files not getting through
Message-ID: <mailman.1845.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:40 AM 9/10/2004, Curtis Maurand wrote:
>   I'm having trouble getting powerpoint files through the mailscanner.
>The filename.rules.conf file has:
>
>allow    \.ppt$      -      -
>
>I'm using MailScanner 4.30.3 with f-prot.  I've found f-prot will block
>almost anything with a script no matter how you set it.

If f-prot calls it a virus, the settings in filename.rules.conf are
irrelevant.

In the context of filename.rules.conf "allow" means "don't block solely on
the basis of name" not "bypass the virus scanner".

As for f-prot, I run Command AV (which is based on the f-prot engine) and
clamav in parallel. I've not had any trouble like this with either scanner,
and it seems odd to me that you're having trouble.

What reasons is MailScanner citing when it blocks them?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Fri Sep 10 16:08:43 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:51 2006
Subject: mailscanner-mrtg explanations
Message-ID: <mailman.1846.1137101211.24926.mailscanner@lists.mailscanner.info>

Infected mail includes all those failing MailScanners content checks.  Please note that due to the fact that MSMRTG gets its figures from the maillog and the way MailScanner logs it is likely that some mails will trigger more than one test, thus showing twice on this graph.  (Its still useful for seeing relative volumes, which are probably more important anyway).

-----Original Message-----
From: Nicolas Viers - SCI [mailto:viers@UNILIM.FR] 
Sent: 10 September 2004 10:14
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: mailscanner-mrtg explanations

                 Hello,
how could you explain to me the difference between  for example:
Current  Infected Mail          1491.0
and
Current  Viruses Detected       787.0
on mailscanner-mrtg graph
What is the real value of infected mails ?

Thanks a lot


____________________________________________________________

Nicolas Viers               |  Service Commun Informatique
Mél: viers@unilim.fr        |  123, avenue Albert Thomas
                             |     87060 Limoges cedex
Tel: 05-55-45-77-09         |  Fax: 05-55-45-75-95
                   http://www.unilim.fr/sci
____________________________________________________________

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From JFalgout at CO.JEFFERSON.CO.US  Fri Sep 10 16:55:45 2004
From: JFalgout at CO.JEFFERSON.CO.US (Jeff Falgout)
Date: Thu Jan 12 21:26:51 2006
Subject: Disable notification to recipients while sending notification to
    senders
Message-ID: <mailman.1847.1137101211.24926.mailscanner@lists.mailscanner.info>

We're setting up an email archive system where users
forward mail they need to archive to an internal mail relay.
I'm trying to use MS to do the standard av scanning with
clam, file size/type/extension filtering, etc that MS does
so well. There is on hurdle I can't figure out:  I want to
notify the sender of a blocked email but not the recipient.
If I turn on Silent Viruses for all, nobody get's notified. If
I turn it off,  both the sender (with Notify Senders on) and
recipient are notified. In this case, notify recipient is a bad
thing because we don't want the notification to go into the
archives.

Am I missing something?

Suggestions?

Thanks
Jeff

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From davidb at UNIQUEPHOTO.COM  Fri Sep 10 17:06:41 2004
From: davidb at UNIQUEPHOTO.COM (David Ballengee)
Date: Thu Jan 12 21:26:51 2006
Subject: correct way to add entries to spam.whitelist.rules?
Message-ID: <mailman.1848.1137101211.24926.mailscanner@lists.mailscanner.info>

What is the correct way to add entries to spam.whitellist.rules?

is it?

From: *@domain.com  yes

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 10 17:24:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: Disable notification to recipients while sending notification
    to senders
Message-ID: <mailman.1849.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Use
Deliver Cleaned Messages = no
to stop the recipient notifications.

At 16:55 10/09/2004, you wrote:
>We're setting up an email archive system where users
>forward mail they need to archive to an internal mail relay.
>I'm trying to use MS to do the standard av scanning with
>clam, file size/type/extension filtering, etc that MS does
>so well. There is on hurdle I can't figure out:  I want to
>notify the sender of a blocked email but not the recipient.
>If I turn on Silent Viruses for all, nobody get's notified. If
>I turn it off,  both the sender (with Notify Senders on) and
>recipient are notified. In this case, notify recipient is a bad
>thing because we don't want the notification to go into the
>archives.
>
>Am I missing something?
>
>Suggestions?
>
>Thanks
>Jeff
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 10 17:24:48 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: correct way to add entries to spam.whitelist.rules?
Message-ID: <mailman.1850.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Correct.

At 17:06 10/09/2004, you wrote:
>What is the correct way to add entries to spam.whitellist.rules?
>
>is it?
>
>From: *@domain.com  yes

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Fri Sep 10 21:36:33 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:51 2006
Subject: error on Mandrake 10
Message-ID: <mailman.1851.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,
i'm trying to install MS on fresh Mandrake 10, but:

Oh good, module ExtUtils::MakeMaker version 6.05 is already installed.

Oh good, module Net::CIDR version 0.09 is already installed.

Attempting to build and install perl-IO-stringy-2.108-1
Instalacja perl-IO-stringy-2.108-1.src.rpm
Wykonywanie(%prep): /bin/sh -e /var/tmp/rpm-tmp.34178
+ umask 022
+ cd /usr/src/RPM/BUILD
+ cd /usr/src/RPM/BUILD
+ rm -rf IO-stringy-2.108
+ /usr/bin/gzip -dc /usr/src/RPM/SOURCES/IO-stringy-2.108.tar.gz
+ tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd IO-stringy-2.108
+ exit 0
Wykonywanie(%build): /bin/sh -e /var/tmp/rpm-tmp.34178
+ umask 022
+ cd /usr/src/RPM/BUILD
+ cd IO-stringy-2.108
+ CFLAGS=-O2 -fomit-frame-pointer -pipe -march=i586 -mcpu=pentiumpro
+ perl Makefile.PL PREFIX=/var/tmp/perl-IO-stringy-root/usr
********************************************************************************
WARNING: do not set PREFIX in "perl Makefile.PL PREFIX=...", use 
%makeinstall_std instead
********************************************************************************
Checking if your kit is complete...
Looks good
Writing Makefile for IO-stringy
+ make
cp lib/IO/Lines.pm blib/lib/IO/Lines.pm
cp lib/IO/ScalarArray.pm blib/lib/IO/ScalarArray.pm
cp lib/IO/Stringy.pm blib/lib/IO/Stringy.pm
cp lib/IO/Wrap.pm blib/lib/IO/Wrap.pm
cp lib/IO/Scalar.pm.html blib/lib/IO/Scalar.pm.html
cp lib/IO/AtomicFile.pm blib/lib/IO/AtomicFile.pm
cp lib/IO/InnerFile.pm blib/lib/IO/InnerFile.pm
cp lib/IO/Scalar.pm blib/lib/IO/Scalar.pm
cp lib/IO/WrapTie.pm blib/lib/IO/WrapTie.pm
Manifying blib/man3/IO::Lines.3pm
Manifying blib/man3/IO::Stringy.3pm
Manifying blib/man3/IO::ScalarArray.3pm
Manifying blib/man3/IO::Wrap.3pm
Manifying blib/man3/IO::AtomicFile.3pm
Manifying blib/man3/IO::InnerFile.3pm
Manifying blib/man3/IO::Scalar.3pm
Manifying blib/man3/IO::WrapTie.3pm
+ make test
PERL_DL_NONLAZY=1 /usr/bin/perl5.8.3 "-MExtUtils::Command::MM" "-e" 
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/IO_Lines..........ok
t/IO_Scalar.........ok
t/IO_ScalarArray....ok
t/IO_WrapTie........ok
t/simple............ok
t/two...............ok
All tests successful.
Files=6, Tests=116,  1 wallclock secs ( 0.95 cusr +  0.05 csys =  1.00 CPU)
+ exit 0
Wykonywanie(%install): /bin/sh -e /var/tmp/rpm-tmp.60680
+ umask 022
+ cd /usr/src/RPM/BUILD
+ cd IO-stringy-2.108
+ rm -rf /var/tmp/perl-IO-stringy-root
++ perl -V:installarchlib
+ eval 'installarchlib='\''/usr/lib/perl5/5.8.3/i386-linux-thread-multi'\'';'
++ installarchlib=/usr/lib/perl5/5.8.3/i386-linux-thread-multi
+ mkdir -p 
/var/tmp/perl-IO-stringy-root//usr/lib/perl5/5.8.3/i386-linux-thread-multi
+ make install
********************************************************************************
WARNING: you should use DESTDIR (in "make install") (neither PREFIX nor DESTDIR 
is set, this is weird)
********************************************************************************
Installing /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/Lines.pm
Installing 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/ScalarArray.pm
Installing /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/Stringy.pm
Installing /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/Wrap.pm
Installing 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/Scalar.pm.html
Installing 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/AtomicFile.pm
Installing 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/InnerFile.pm
Installing /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/Scalar.pm
Installing /var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/IO/WrapTie.pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Lines.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Stringy.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::ScalarArray.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Wrap.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::AtomicFile.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::InnerFile.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Scalar.3pm
Installing /var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::WrapTie.3pm
Writing 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/auto/IO-stringy/.packlist
Appending installation info to 
/var/tmp/perl-IO-stringy-root/usr/lib/perl5/5.8.3/i386-linux-thread-multi/perllocal.pod
+ '[' -x /usr/lib/rpm/brp-compress ']'
+ /usr/lib/rpm/brp-compress
bzip2: Bad flag `-n'
bzip2, a block-sorting file compressor.  Version 1.0.2, 30-Dec-2001.

    usage: bzip2 [flags and input files in any order]

    -h --help           print this message
    -d --decompress     force decompression
    -z --compress       force compression
    -k --keep           keep (don't delete) input files
    -f --force          overwrite existing output files
    -t --test           test compressed file integrity
    -c --stdout         output to standard out
    -q --quiet          suppress noncritical error messages
    -v --verbose        be verbose (a 2nd -v gives more)
    -L --license        display software version & license
    -V --version        display software version & license
    -s --small          use less memory (at most 2500k)
    -1 .. -9            set block size to 100k .. 900k
    --fast              alias for -1
    --best              alias for -9

    If invoked as `bzip2', default action is to compress.
               as `bunzip2',  default action is to decompress.
               as `bzcat', default action is to decompress to stdout.

    If no file names are given, bzip2 compresses or decompresses
    from standard input to standard output.  You can combine
    short flags, so `-v -4' means the same as -v4 or -4v, &c.

(about 5 times the same info as above)

+ find /var/tmp/perl-IO-stringy-root/usr -type f -print
+ sed 's@^/var/tmp/perl-IO-stringy-root@@g'
+ grep -v perllocal.pod
+ grep -v '\.packlist'
++ cat IO-stringy-2.108-filelist
+ '[' '/usr/lib/perl5/site_perl/5.8.3/IO/Lines.pm
/usr/lib/perl5/site_perl/5.8.3/IO/ScalarArray.pm
/usr/lib/perl5/site_perl/5.8.3/IO/Stringy.pm
/usr/lib/perl5/site_perl/5.8.3/IO/Wrap.pm
/usr/lib/perl5/site_perl/5.8.3/IO/Scalar.pm.html
/usr/lib/perl5/site_perl/5.8.3/IO/AtomicFile.pm
/usr/lib/perl5/site_perl/5.8.3/IO/InnerFile.pm
/usr/lib/perl5/site_perl/5.8.3/IO/Scalar.pm
/usr/lib/perl5/site_perl/5.8.3/IO/WrapTie.pm
/usr/share/man/man3/IO::Lines.3pm
/usr/share/man/man3/IO::Stringy.3pm
/usr/share/man/man3/IO::ScalarArray.3pm
/usr/share/man/man3/IO::Wrap.3pm
/usr/share/man/man3/IO::AtomicFile.3pm
/usr/share/man/man3/IO::InnerFile.3pm
/usr/share/man/man3/IO::Scalar.3pm
/usr/share/man/man3/IO::WrapTie.3pmX' = X ']'
+ /usr/lib/rpm/brp-mandrake
Cleaning files...done
Compressing files...done
Stripping files...done
Relativisation of symlinks...done
Clean perl...done
Building libraries symlinks...done
Przetwarzanie plików: perl-IO-stringy-2.108-1
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Lines.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Stringy.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::ScalarArray.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Wrap.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::AtomicFile.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::InnerFile.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Scalar.3pm
b³±d: Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::WrapTie.3pm


B³êdy budowania RPM-a:
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Lines.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Stringy.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::ScalarArray.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Wrap.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::AtomicFile.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::InnerFile.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::Scalar.3pm
     Nie znaleziono pliku: 
/var/tmp/perl-IO-stringy-root/usr/share/man/man3/IO::WrapTie.3pm


The same error happened when MS tried to install Net::CIDR - when i downloaded 
Net:CIDR it installed smoothly. I guess when i download perl-IO-stringy it will 
install without problems too. I also suspect that "bzip2: Bad flag `-n'"-error 
will occur with all modules installed by MS. The question is what should i do to 
fix?
My system is Mandrake 10.0 Official. On 9.1 and 9.2 everything worked perfect.

I've searched the archives and i've found similar problem but without a solution...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From rzewnickie at RFA.ORG  Fri Sep 10 22:31:46 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1852.1137101211.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 10, 2004 at 09:31:32AM +0100, Martin Hepworth wrote:
> Eric
> I always use the 'envelopes' per month version myself...ie how many
> actual messages (qf,df pairs - or whatever your MTA uses to store
> messages in the queue) are processed.
> Otherwise the stats go up the wall - hey my MS processed 2 billion
> messages last month, when actually it only  processed two MTA queue file
> message pairs!!!
> I'm not concerned that a message had multiple recipients, I'm concerned
> about the actual number of messages, which has a direct correlation to
> the performance and size of the hardware required.

Ok. this helps. One other concern with regard to hardware and
performance ... imapd/pop access is on the same server here as
smtp/mailscanner. In other's experience is user access to mail spools
a performance concern? If so, then it might be interesting to keep
counts for messages spooled to users' mailboxes and actually accessed or
downloaded by MUAs as well as counts of messages scanned.


I haven't seen anyone address the question of false positive/negative
stats, yet. If someone claims "our mailscanner install blocks 98.6% of
spam", how can they actually know that? Can you verify that every user
has reported every miss in either direction?

Or, are people quoting percentages like that based on sending a corpus
of known ham/spam through the system?

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevinold at gmail.com  Fri Sep 10 23:13:12 2004
From: kevinold at gmail.com (Kevin Old)
Date: Thu Jan 12 21:26:51 2006
Subject: SpamAssassin timed out errors
Message-ID: <mailman.1853.1137101211.24926.mailscanner@lists.mailscanner.info>

I'm running MailScanner version:
$Id: mailscanner,v 1.142.2.145 2004/08/01 16:34:47 jkf Exp $

I've been getting a lot of these:

Sep  9 23:20:56 s15111287 MailScanner[13385]: SpamAssassin timed out
and was killed, failure 2 of 20

I'm not sure what's killing it.  I've added the "score
DNS_FROM_RFCI_DSN 0.0" like you did above and that seemed to shorten
the response time.

I also noticed my bayes database was around 8MB so I did a
--force-expire and it brought it down to about 5MB.

On another note, I've been seeing a ton of these "did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA" messages in my maillog.

Sep  9 23:20:06 s15111287 sendmail[13734]: i8A3JunX013734:
[220.186.192.185] did not issue MAIL/EXPN/VRFY/ETRN during connection
to MTA
Sep  9 23:20:13 s15111287 sendmail[13732]: i8A3JtnX013732:
[220.174.221.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA
Sep  9 23:20:13 s15111287 sendmail[13775]: i8A3KDnX013775:
[64.80.63.187] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA

Any ideas?

--
Kevin Old
kevinold@gmail.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From itdept at FRACTALWEB.COM  Sat Sep 11 02:20:21 2004
From: itdept at FRACTALWEB.COM (Fractal IT Dept.)
Date: Thu Jan 12 21:26:51 2006
Subject: definition: messages per month?
Message-ID: <mailman.1854.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Eric Dantan Rzewnicki wrote:

>I haven't seen anyone address the question of false positive/negative
>stats, yet. If someone claims "our mailscanner install blocks 98.6% of
>spam", how can they actually know that? Can you verify that every user
>has reported every miss in either direction?
>
>Or, are people quoting percentages like that based on sending a corpus
>of known ham/spam through the system?
>
>
We have some "fake" accounts that have been seeded on newsgroups and
such that receive a lot of spam. Of course, the accounts never receive
actual email. Using a program like MailWatch, it's very easy to run a
report on such an account and see that the account received 1938
messages, of which 3 messages were not tagged as spam. Therefore, doing
the math, MailScanner on my server is about 99.85% efficient at blocking
spam...at least on that account.

Cheers,
Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From garry at GLENDOWN.DE  Sat Sep 11 06:06:20 2004
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:26:51 2006
Subject: MS bogging under load ...
Message-ID: <mailman.1855.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

I've lately run into some load issues with MS ... I'm running the
current version, though looking at the mrtg stats, it seems the problem
may have been around ever since I upgraded to 4.31.6 and later ... I'm
running on a Celeron 2.2 w/512M of RAM ...

Anyway, usually, MS is handling the incoming mail load pretty decently
... the box has a daily load of around 20-25k mails or 500-800megs ...
spam ratio of anywhere between 50-75%, viruses/unwanted file types
around 10-20% (d@mn Windoze). I'm running ClamAV and F-Prot. Most of the
time, mail comes in and MS has to handle something like 2-5 mails per
batch, sometimes more. No sweat. At some point though, mails just start
backing up in the mqueue.in ... MS just goes to the configured maximum
of 30 mails per batch, and all 4 threads I've configured can't seem to
cope with the flow anymore (though checking the incoming mails in the
log/mail file doesn't appear any worse than from the regular flow). I've
read through the FAQ/MAQ and already moved the MS working directory to
the ram disk, which seemed to have helped at first, but I'm more or less
back to the beginning, with queues of up to 1000 and more mails building
up ...
At the times of the backlog, memory is pretty tight (which is why I
already limited MS to 4 threads, I think the default is 5 IIRC), but no
much swap used ... load avg runs around 4-5, with the CPU having some
idle time left ... (making me believe it might be something with the I/O
system - running on RAID1 ATA drives)

Question: where could I check into what might be causing this? I don't
think the above config should not be able to handle that kind of load ... !?

Tnx, -gg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Sat Sep 11 06:17:55 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:51 2006
Subject: MS bogging under load ...
Message-ID: <mailman.1856.1137101211.24926.mailscanner@lists.mailscanner.info>

Garry Glendown wrote:
> Hi,
>
> I've lately run into some load issues with MS ... I'm running the
> current version, though looking at the mrtg stats, it seems the
> problem may have been around ever since I upgraded to 4.31.6 and
> later ... I'm running on a Celeron 2.2 w/512M of RAM ...
>
> Anyway, usually, MS is handling the incoming mail load pretty
> decently ... the box has a daily load of around 20-25k mails or
> 500-800megs ...
> spam ratio of anywhere between 50-75%, viruses/unwanted file types
> around 10-20% (d@mn Windoze). I'm running ClamAV and F-Prot. Most of
> the time, mail comes in and MS has to handle something like 2-5 mails
> per batch, sometimes more. No sweat. At some point though, mails just
> start backing up in the mqueue.in ... MS just goes to the configured
> maximum of 30 mails per batch, and all 4 threads I've configured
> can't seem to cope with the flow anymore (though checking the
> incoming mails in the log/mail file doesn't appear any worse than
> from the regular flow). I've read through the FAQ/MAQ and already
> moved the MS working directory to the ram disk, which seemed to have
> helped at first, but I'm more or less back to the beginning, with
> queues of up to 1000 and more mails building up ... At the times of
> the backlog, memory is pretty tight (which is why I already limited
> MS to 4 threads, I think the default is 5 IIRC), but no much swap
> used ... load avg runs around 4-5, with the CPU having some idle time
> left ... (making me believe it might be something with the I/O system
> - running on RAID1 ATA drives)
>
> Question: where could I check into what might be causing this? I
> don't think the above config should not be able to handle that kind
> of load ... !?
>
> Tnx, -gg
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Are you running any non-default SA rules?  Bigevil turned out to be my
demon.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From garry at GLENDOWN.DE  Sat Sep 11 07:05:03 2004
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:26:51 2006
Subject: MS bogging under load ...
Message-ID: <mailman.1857.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Kercher wrote:
> Are you running any non-default SA rules?  Bigevil turned out to be my
> demon.

Yup ... running that and others ... I'll move that out and see how
performance changes ...

-gg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcin.rozek at IOS.EDU.PL  Sat Sep 11 14:17:54 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:51 2006
Subject: error on Mandrake 10
Message-ID: <mailman.1858.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
ok, i've got it...
edit /usr/lib/rpm/brp-compress and remove -n from line 11:
COMPRESS="bzip2 -9 -n"
becomes
COMPRESS="bzip2 -9"

and eveything installs just fine.
Why the hell Mandrake's developers put that -n there??

> Appending installation info to
> /var/tmp/perl-IO-stringy-root/usr/lib/perl5/5.8.3/i386-linux-thread-multi/perllocal.pod
>
> + '[' -x /usr/lib/rpm/brp-compress ']'
> + /usr/lib/rpm/brp-compress
> bzip2: Bad flag `-n'
> bzip2, a block-sorting file compressor.  Version 1.0.2, 30-Dec-2001.
>
>    usage: bzip2 [flags and input files in any order]
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Sat Sep 11 14:33:05 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:51 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.1859.1137101211.24926.mailscanner@lists.mailscanner.info>

might be better to publish a "safe list" instead of an "unsafe list" ;-)


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Sat Sep 11 14:33:08 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:51 2006
Subject: Mailscanner allocating swap memory space and not freeing it?
Message-ID: <mailman.1860.1137101211.24926.mailscanner@lists.mailscanner.info>

During the last few days I have seen several occasions where SA timed out 
(and I'm sure it is RBLs), so that MS couldn't add a score and delivered 
the messages as clean. It's always accompanied by those "attempt 1 of 20" 
messages (never higher than that).
After investigating I found that if that occurs our swap space is heavily 
in use although there's still plenty of RAM available. "heavily in use" 
means that top and free show 200 or more MB of swap space in use while 
that usually is near nothing. As an example:

             total       used       free     shared    buffers     cached
Mem:        514948     364916     150032          0      13400      51128
-/+ buffers/cache:     300388     214560
Swap:       514040     261756     252284

Also, an "sa-learn -D --sync" takes a long time, around two minutes (which 
explains the time-out). I didn't check the size of the journal file the 
first time I forced the sync, but this time I did and it was at 170 MB (!) 
(almost ten times higher than the bayes db itself). I'd think that's 
impossible on a machine with only a few thousand mails arriving per day. 
Looks like a problem with the journal in SA 3.0. That also explains why it 
cuts into the swap space. What it doesn't explain is why that space isn't 
freed up after the time-out. It gets only freed when I restart 
MailScanner.
Before I post this to sa-talk I wanted to check here what MailScanner 
actually does when SA notices a --sync is needed (I assume it does one 
each day?) and why the swap space isn't redeemed after that.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Sat Sep 11 14:48:04 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:26:51 2006
Subject: mail-tools compilation error
Message-ID: <mailman.1861.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I can't compile Mail-Tools on Mandrake 10 (not from MS package or from CPAN)
during 'make test' i've got:

(snip)
t/Misc...... FAILED tests 4-6
        Failed 3/7 tests , 57,14% okay
(snip)
make: *** [test_dynamic] Error 255

When i build from CPAN i can 'make install' it anyway - but
mailscanner-4.33.3-1.noarch.rpm requires perl-Mime-Tools-5.411-pl4.3.src.rpm
which can't be build because 3 tests fails.
I tried rpm -ivh --force mailscanner-4.33.3-1.noarch.rpm  but it still
complaines about perl-Mime-Tools ...

Any advice?

Regards,
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Sat Sep 11 14:48:19 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:51 2006
Subject: Mailscanner allocating swap memory space and not freeing it?
Message-ID: <mailman.1862.1137101211.24926.mailscanner@lists.mailscanner.info>

Kai Schaetzl wrote on Sat, 11 Sep 2004 15:33:08 +0200:

> (and I'm sure it is RBLs)
>

Grrrr. *NOT* RBLs, of course.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Sat Sep 11 17:58:31 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:51 2006
Subject: Blocking content with pornography
Message-ID: <mailman.1863.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial>
<DIV><SPAN class=559173916-11092004><FONT face=Arial>Hello 
all,</FONT></SPAN></DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial>I have a client that is 
quite happy with their spam control since we installed MailScanner. However, 
they are getting what they described as "disturbing messages" that have sexual 
content in them and they would like us to filter them out. So I want to use the 
mcp feature in MailScanner. The client has deleted all of the offensive emails 
so I do not have examples of the emails they are getting in order to formulate 
some rules for the mcp directory. Does anyone have some mcp rules specific to 
filtering out pornographic content or can someone point me to a good resource 
for this? I need to start with something generic because I do not have examples 
and them hopefully get more specific later if I can get them to forward examples 
to me. </FONT></SPAN></DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial>Oh, can MCP rules be domain 
specific?</FONT></SPAN></DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial>Thanks.</FONT></SPAN></DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=559173916-11092004><FONT face=Arial>Dave</FONT></SPAN></DIV><!-- Converted from text/plain format --></FONT></DIV>
<DIV>&nbsp;</DIV><!-- Converted from text/plain format -->
<P align=left><FONT size=2><FONT face=Verdana>David Filchak<BR>President - Zuka 
Inc.<BR>Toronto, On Canada M5V2J1<BR>www.zuka.net | www.screamingmedia.ca</FONT> 
</FONT></P>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Sep 11 18:21:13 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:51 2006
Subject: Blocking content with pornography
Message-ID: <mailman.1864.1137101211.24926.mailscanner@lists.mailscanner.info>

> Hello all,
>
> I have a client that is quite happy with their spam control since we
> installed MailScanner. However, they are getting what they described as
> "disturbing messages" that have sexual content in them and they would like
> us to filter them out. So I want to use the mcp feature in MailScanner.
> The
> client has deleted all of the offensive emails so I do not have examples
> of
> the emails they are getting in order to formulate some rules for the mcp
> directory. Does anyone have some mcp rules specific to filtering out
> pornographic content or can someone point me to a good resource for this?
> I
> need to start with something generic because I do not have examples and
> them
> hopefully get more specific later if I can get them to forward examples to
> me.
>
> Oh, can MCP rules be domain specific?
You might want to look at rules_du_jour and the SA rules emporium, as a
lot of those can help against p0rn email.
Without examples from your client it would be extremely difficult to
formulate your own rulesets.

HTH

M

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Sat Sep 11 18:49:17 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:51 2006
Subject: Blocking content with pornography
Message-ID: <mailman.1865.1137101211.24926.mailscanner@lists.mailscanner.info>

Dave Filchak wrote on         Sat, 11 Sep 2004 12:58:31 -0400:

> I have a client that is quite happy with their spam control since we
> installed MailScanner. However, they are getting what they described as
> "disturbing messages" that have sexual content in them and they would like
> us to filter them out. So I want to use the mcp feature in MailScanner.
>

Why MCP? First, you don't need an extra SA pass for this, second, as Michele 
suggests, use additional SA rules. We use the SA rulesets and only several 
handful of old rules and almost nothing gets thru. You may want to dig a bit 
into SA, this is not really MS specific.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michael at dilworth.net  Sat Sep 11 22:24:14 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:51 2006
Subject: Spam Quarantine report by user?  (close but no cigar)
Message-ID: <mailman.1866.1137101211.24926.mailscanner@lists.mailscanner.info>

        OK, I'm close I have a perl script which does most of what I want.

        BUT, the files in the quarantine do not contain MailScanner Headers
        I would like to sort the lists by the spam score...  That way
        the user (my self included) really would only need to look at the
        top few entries...

        SO, how do I get MailScanner to add the headers when it "stores"
        high scoring spam messages?  I does include the headers when it
        forwards the message, just not when it stores.

        I've looked through the code, but my perl skills are still
        limited to hacking...  Maybe I should do this in C++ or asm?
        (just kidding, I would like it to stay perl to match logwatch
        etc...)


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Michael R. Dilworth (E-mail)
Sent: Friday, September 03, 2004 5:07 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Spam Quarantine report by user?


        I've googled around (maybe I just can't come up with
        the right query!)

        Has any one written (and would like to share) a script
        to scan the "qf" files in the spam quarantine, emailing
        the user with the qid, sender and subject?

        I would like to run this daily (cron) to allow my users
        to look for false positives, I've been doing it, and
        would like to stop! (5000 a week).

        Any thing close would be a help and I will share the
        result.

        Hoping to avoid re-inventing the wheel...
        Thanks Michael.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sun Sep 12 00:12:18 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:51 2006
Subject: Spam Quarantine report by user?  (close but no cigar)
Message-ID: <mailman.1867.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michael R. Dilworth (E-mail) wrote:
>         OK, I'm close I have a perl script which does most of what I want.
>
>         BUT, the files in the quarantine do not contain MailScanner Headers
>         I would like to sort the lists by the spam score...  That way
>         the user (my self included) really would only need to look at the
>         top few entries...
>
>         SO, how do I get MailScanner to add the headers when it "stores"
>         high scoring spam messages?  I does include the headers when it
>         forwards the message, just not when it stores.
>
>         I've looked through the code, but my perl skills are still
>         limited to hacking...  Maybe I should do this in C++ or asm?
>         (just kidding, I would like it to stay perl to match logwatch
>         etc...)

It's been mentioned numerous times on the list that stored messages are
left the way they were received. You have to match them against the mail
log instead, not too hard.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michael at dilworth.net  Sun Sep 12 02:01:09 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:51 2006
Subject: Spam Quarantine report by user?  (close but no cigar)
Message-ID: <mailman.1868.1137101211.24926.mailscanner@lists.mailscanner.info>

        Cool, sorry I missed it. (I'm pretty google eyed)
        I've already have a roughed out a script to match against
        the logs, as I kind of figured that would be the answer
        I would get.

        Thanks for confirming though!


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Peter Bonivart
Sent: Saturday, September 11, 2004 4:12 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Spam Quarantine report by user? (close but no cigar)


Michael R. Dilworth (E-mail) wrote:
>         OK, I'm close I have a perl script which does most of what I want.
>
>         BUT, the files in the quarantine do not contain MailScanner
Headers
>         I would like to sort the lists by the spam score...  That way
>         the user (my self included) really would only need to look at the
>         top few entries...
>
>         SO, how do I get MailScanner to add the headers when it "stores"
>         high scoring spam messages?  I does include the headers when it
>         forwards the message, just not when it stores.
>
>         I've looked through the code, but my perl skills are still
>         limited to hacking...  Maybe I should do this in C++ or asm?
>         (just kidding, I would like it to stay perl to match logwatch
>         etc...)

It's been mentioned numerous times on the list that stored messages are
left the way they were received. You have to match them against the mail
log instead, not too hard.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Sun Sep 12 07:25:11 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:51 2006
Subject: ClamAV update error??
Message-ID: <mailman.1869.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>Got the following in my 
logs this AM. Is this an error of does this mean that no new definitions or 
program were available?</FONT></SPAN></DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>update.virus.scanners: 
Found clamav installed<BR>Sep 12 02:10:47 rosewood update.virus.scanners: 
Running autoupdate for clamav<BR>Sep 12 02:10:48 rosewood 
ClamAV-autoupdate[19710]: ClamAV updater failed </FONT></SPAN></DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>In fact, the update for 
ClamAV has failed since August 15. Might have been around the time we updated 
sendmail. Any help as to how to correct this?</FONT></SPAN></DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>&nbsp;I have just joined 
the clamav users list so if this is not an appropriate group to ask a clamav 
question to, just let me know. However, I really would like to get the update 
stuff working again for obvious reasons ASAP.</FONT></SPAN></DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>TIA</FONT></SPAN></DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=687441306-12092004><FONT face=Arial>Dave</FONT></SPAN></DIV>
<DIV><FONT face=Arial></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From dfilchak at sympatico.ca  Sun Sep 12 07:38:24 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:51 2006
Subject: My last email
Message-ID: <mailman.1870.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=780223606-12092004><FONT face=Arial>Sorry, it's late. Just read 
my last email and it sounds like I don't know which list I am on. What I mean to 
say is that if this is not the appropriate list for this question, I will ask it 
on the ClamAV list. In fact, I will anyway.</FONT></SPAN></DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial>Blah 
......</FONT></SPAN></DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial>I am going to 
bed.</FONT></SPAN></DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=780223606-12092004><FONT face=Arial>Dave</FONT></SPAN></DIV>
<DIV><FONT size=2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mbullock at TROIKANETWORKS.COM  Sun Sep 12 08:38:52 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:26:51 2006
Subject: Forwarded mail lets spam through
Message-ID: <mailman.1871.1137101211.24926.mailscanner@lists.mailscanner.info>

Martin Hepworth wrote: 

>Always Include SpamAssasin Report = yes
>SpamScore Number Instead Of Stars = yes
>Detailed Spam Report = yes
>Include Scores In SpamAssassin Report =yes

I checked my settings and they all correspond to what you suggested.

Below are headers from 1 email, received from the forwarding server
ns1701.softcom.net, then I simply forwarded that message back through my
mailscanner server to another account.  When it was received it scored a
2.1, but when I forwarded it through again it scored 5.1.  


Microsoft Mail Internet Headers Version 2.0
Received: from slammer.troikanetworks.com ([12.31.173.45]) by
xchange.venturanetworks.com with Microsoft SMTPSVC(6.0.3790.0);
         Sat, 11 Sep 2004 15:15:17 -0700
Received: from ns1701.softcom.net (ns1701.softcom.net [209.142.8.13])
        by slammer.troikanetworks.com (8.12.11/8.12.11) with ESMTP id
i8BMF5s5002082
        for <matt@solidfunk.com>; Sat, 11 Sep 2004 15:15:06 -0700
Received: from 209.142.8.13 (eZvalaria@[218.18.195.73])
        by ns1701.softcom.net (8.12.11/8.12.11) with SMTP id
i8BMF0HL021989
        for <roto@clanmcp.com>; Sat, 11 Sep 2004 15:15:03 -0700
X-Message-Info: NWfnfMMM833dWXGvyCBIo605ZNHnn941+ELElfr4htA
Received: from gxnmqdcgndg5.sc83.ko.snet.kharkov.ua ([217.44.253.176])
by px496-mc05.sc83.ko.snet.kharkov.ua with Microsoft SMTPSVC
(5.0.0204.6219); Sat, 11 Sep 2004 18:14:56 -0500 PST
Received: from Roslynxhj77f1udh008rhw ([100.240.86.176]) by
ofykpazcmuxhsly571.sc83.ko.snet.kharkov.ua
          (InterMail vM.5.01.06.05 188-929-364-072-251-07411509) with
SMTP
          id
<909655133.BC428.hfkhw642.sc83.ko.snet.kharkov.ua@figurater0p4f40ou>
          for <roto@clanmcp.com>; Sat, 11 Sep 2004 18:14:56 -0500
From: "Mcmahon-Lamont" <tzroto@clanmcp.com>
To: roto@clanmcp.com
Subject: Clark Simone
Date: Sat, 11 Sep 2004 18:14:56 -0500
Message-ID:
<309313yi658y38887$952526$hzr209ia83@Roslyne727gsl394rjh71nc>
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="--jkso798660083rvbMNT"
X-TroikaNetworks-MailScanner-OpenProtect-Information: Please contact the
Troika Networks, Inc. IT Department
X-TroikaNetworks-MailScanner-OpenProtect: Found to be clean
X-MailScanner-OpenProtect-MCPCheck: 
X-TroikaNetworks-MailScanner-OpenProtect-SpamCheck: not spam,
        SpamAssassin (score=2.1, required 5, OB_URI_RBL 2.10)
X-TroikaNetworks-MailScanner-OpenProtect-SpamScore: 2
X-MailScanner-OpenProtect-From: tzroto@clanmcp.com
Return-Path: tzroto@clanmcp.com
X-OriginalArrivalTime: 11 Sep 2004 22:15:17.0510 (UTC)
FILETIME=[D1A05A60:01C4984C]

----jkso798660083rvbMNT
Content-Type: text/html; Charset=windows-1252
Content-Transfer-Encoding: 7Bit


----jkso798660083rvbMNT--



Microsoft Mail Internet Headers Version 2.0
Received: from communicator.troikanetworks.com ([12.31.172.15]) by
loadstar.troikanetworks.com with Microsoft SMTPSVC(6.0.3790.0);
         Sat, 11 Sep 2004 20:49:43 -0700
Received: from slammer.troikanetworks.com ([12.31.173.45]) by
communicator.troikanetworks.com with Microsoft SMTPSVC(5.0.2195.6713);
         Sat, 11 Sep 2004 20:49:43 -0700
Received: from xchange.venturanetworks.com (xchange.venturanetworks.com
[12.42.120.163])
        by slammer.troikanetworks.com (8.12.11/8.12.11) with ESMTP id
i8C3nXvn016878
        for <mbullock@troikanetworks.com>; Sat, 11 Sep 2004 20:49:33
-0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: *Spam* FW: Clark Simone
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Date: Sat, 11 Sep 2004 20:49:40 -0700
Message-ID:
<A8F190A47A2C9B4CB1925CE039D29C192D68@xchange.venturanetworks.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Clark Simone
Thread-Index: AcSYTNGxrxpfPjEgTDiCccGxZXzjmgALrIEg
From: "Matt Bullock" <mbullock@venturanetworks.com>
To: <mbullock@troikanetworks.com>
X-TroikaNetworks-MailScanner-OpenProtect-Information: Please contact the
Troika Networks, Inc. IT Department
X-TroikaNetworks-MailScanner-OpenProtect: Found to be clean
X-MailScanner-OpenProtect-MCPCheck: 
X-TroikaNetworks-MailScanner-OpenProtect-SpamCheck: spam,
        SpamAssassin (score=5.1, required 5, OB_URI_RBL 2.10,
        SPAMCOP_URI_RBL 3.00)
X-TroikaNetworks-MailScanner-OpenProtect-SpamScore: 5
X-MailScanner-OpenProtect-From: mbullock@venturanetworks.com
Return-Path: mbullock@venturanetworks.com
X-OriginalArrivalTime: 12 Sep 2004 03:49:43.0220 (UTC)
FILETIME=[89B8B740:01C4987B] 


Matt Bullock


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Friday, September 10, 2004 1:25 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

Matt

OK - I think I get the issue.

2 options..

Get MS to archive all email (you'll prob have to do this for the S-OX
bill soon anyway!). You can then run SA on the message by hand to get
info about rules hit/or not..


OR can then get MS to make sure you include ALL scores in the
mail-header info even if it's not spam, again you'll see which rules get
triggered and their score.

Make sure the followinng values are set in MailScanner.conf.

Always Include SpamAssasin Report = yes
SpamScore Number Instead Of Stars = yes
Detailed Spam Report = yes
Include Scores In SpamAssassin Report =yes


Hopefully you'll be able to start norrowing down the issue by getting
this instrumentation into the email.



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Sun Sep 12 09:12:09 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:51 2006
Subject: ClamAV update error??
Message-ID: <mailman.1872.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave Filchak wrote:
> Got the following in my logs this AM. Is this an error of does this mean
> that no new definitions or program were available?
>
> update.virus.scanners: Found clamav installed
> Sep 12 02:10:47 rosewood update.virus.scanners: Running autoupdate for
> clamav
> Sep 12 02:10:48 rosewood ClamAV-autoupdate[19710]: ClamAV updater failed
>
> In fact, the update for ClamAV has failed since August 15. Might have been
> around the time we updated sendmail. Any help as to how to correct this?

Sendmail shouldn't have anything to do with this. What happens if you
run freshclam manually?

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Sun Sep 12 09:20:10 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:51 2006
Subject: ClamAV update error??
Message-ID: <mailman.1873.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> update.virus.scanners: Found clamav installed
> Sep 12 02:10:47 rosewood update.virus.scanners: Running autoupdate for
> clamav
> Sep 12 02:10:48 rosewood ClamAV-autoupdate[19710]: ClamAV updater failed
>
> In fact, the update for ClamAV has failed since August 15. Might have been
> around the time we updated sendmail. Any help as to how to correct this?
>
> I have just joined the clamav users list so if this is not an appropriate
> group to ask a clamav question to, just let me know. However, I really would
> like to get the update stuff working again for obvious reasons ASAP.

What version Clam are you running? I hope not the outdates .60 ? Support
for that one is dropped some time ago, could be your problem. You should
have seen log lines telling you this for months, but obviously you dont
look a lot if thats the case ;)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Sun Sep 12 09:32:06 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1874.1137101211.24926.mailscanner@lists.mailscanner.info>

Hello all,

Recently we were forced to limit the size of messages sent by our network's
users due to heavy traffic caused by "junk mail" - movies, wav files etc.
Earlier we turned off reports to avoid excess internet traffic caused by
sending notices to infected mail senders.
What we would like to do is to send notices about the exceeded mail size to
senders, but to local senders only. Is there a way to configure MailScanner
to send only notices saying "Message too large" and only to local users
(i.e. to senders from a certain domain)?

I'd be grateful for your help.

Best regards,
Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep 12 11:42:11 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1875.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please read up about rulesets in /etc/MailScanner/rules/* and in the MAQ,
the address of which is at the bottom of every posting.

At 09:32 12/09/2004, you wrote:
>Hello all,
>
>Recently we were forced to limit the size of messages sent by our network's
>users due to heavy traffic caused by "junk mail" - movies, wav files etc.
>Earlier we turned off reports to avoid excess internet traffic caused by
>sending notices to infected mail senders.
>What we would like to do is to send notices about the exceeded mail size to
>senders, but to local senders only. Is there a way to configure MailScanner
>to send only notices saying "Message too large" and only to local users
>(i.e. to senders from a certain domain)?
>
>I'd be grateful for your help.
>
>Best regards,
>Sebastian
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From res at AUSICS.NET  Sun Sep 12 12:39:56 2004
From: res at AUSICS.NET (Res)
Date: Thu Jan 12 21:26:51 2006
Subject: ClamAV update error??
Message-ID: <mailman.1876.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dave,

On Sun, 12 Sep 2004, Dave Filchak wrote:

> In fact, the update for ClamAV has failed since August 15. Might have been
> around the time we updated sendmail. Any help as to how to correct this?


Check the permissions on the log file? we made a silly mistake like this
recently when I moved it to /var/log/mail where sendmail and pop3 is,
touched it as root, discovered it wasnt running, dfixed perms and off we
went.


Res

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Sun Sep 12 12:56:43 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1877.1137101211.24926.mailscanner@lists.mailscanner.info>

Dear Julian,

Thank you for your reply.
I read about the rules and rule-making. Now I know how to make a rule of
outgoing mail only however I can't seem to find any information on
customizing the reports sent to mail-sender. Is there any way I can point
to a desired report file in my rule? Can I make my own report file and tell
the rule to point to it once the condition has been fulfilled? I think I
can, but since the rule file has three columns - FromOrTo; pattern; yes/no -
 and the target of the report file is put in the third column, can I set an
action for the pattern and define a report file to be used for that pattern?
How to do it?

Thank you for any info in advance.


Best regards,
Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From sastian at OP.PL  Sun Sep 12 12:56:43 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1878.1137101211.24926.mailscanner@lists.mailscanner.info>

Dear Julian,

Thank you for your reply.
I read about the rules and rule-making. Now I know how to make a rule of
outgoing mail only however I can't seem to find any information on
customizing the reports sent to mail-sender. Is there any way I can point
to a desired report file in my rule? Can I make my own report file and tell
the rule to point to it once the condition has been fulfilled? I think I
can, but since the rule file has three columns - FromOrTo; pattern; yes/no -
 and the target of the report file is put in the third column, can I set an
action for the pattern and define a report file to be used for that pattern?
How to do it?

Thank you for any info in advance.


Best regards,
Sebastian

From mailscanner at ecs.soton.ac.uk  Sun Sep 12 13:08:48 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1879.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:56 12/09/2004, you wrote:
>I read about the rules and rule-making. Now I know how to make a rule of
>outgoing mail only however I can't seem to find any information on
>customizing the reports sent to mail-sender. Is there any way I can point
>to a desired report file in my rule? Can I make my own report file and tell
>the rule to point to it once the condition has been fulfilled? I think I
>can, but since the rule file has three columns - FromOrTo; pattern; yes/no -
>  and the target of the report file is put in the third column, can I set an
>action for the pattern and define a report file to be used for that pattern?
>How to do it?

The right hand column in a rule is the value you want for the setting when
the condition matches. It is a yes or no only if that is what the
configuration option wants.

So if you want different report files as a result of the rule, then put the
filename in there instead.

So for example you could have rules that look like this sort of thing:
To: @mydomain.com  /etc/MailScanner/reports/incoming.report.txt
From: @mydomain.com /etc/MailScanner/reports/outgoing.report.txt
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Sun Sep 12 13:40:47 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1880.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your reply again.

>So if you want different report files as a result of the rule, then put the
>filename in there instead.

Ok, that is understandable.

>So for example you could have rules that look like this sort of thing:
>To: @mydomain.com  /etc/MailScanner/reports/incoming.report.txt
>From: @mydomain.com /etc/MailScanner/reports/outgoing.report.txt

Good, but if I put a name of a report file in the "result" column of the
rule, where do I define what should happen to such message? Do I define it
in the report file? No, because that is only the message file, right?
So if I want to make a rule which will limit the outgoing mail to 5 MB I
can put this line in the MailScanner.conf:

Maximum Message Size = 5000000

however such setting will not cause the custom report file to be sent to
the sender of the message excessive in size, will it?

So I can put this line in the MailScanner.conf to use a custom rule:

Maximum Message Size = /opt/MailScanner/etc/rules/message.too.large.rules

this will point to the custom rule which I create, won't it?

And in the message.too.large.rules i put the following lines:

From:
server.com.pl /opt/MailScanner/etc/reports/en/message.too.large.report.txt
# (Can I define my own report file? Do I put any reulst IN the report file?)
From: server.com.pl 5000000
# (Can I define both the result of the rule and the report file I want to
use?)
From: default 0


Will such a configuration work?

Julian, I am pretty new to MailScanner - that's the reason for my lame
questions...

Thanks for your help in advance.

Best regards,
Sebastian Plosarek

From sastian at OP.PL  Sun Sep 12 13:40:47 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1881.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your reply again.

>So if you want different report files as a result of the rule, then put the
>filename in there instead.

Ok, that is understandable.

>So for example you could have rules that look like this sort of thing:
>To: @mydomain.com  /etc/MailScanner/reports/incoming.report.txt
>From: @mydomain.com /etc/MailScanner/reports/outgoing.report.txt

Good, but if I put a name of a report file in the "result" column of the
rule, where do I define what should happen to such message? Do I define it
in the report file? No, because that is only the message file, right?
So if I want to make a rule which will limit the outgoing mail to 5 MB I
can put this line in the MailScanner.conf:

Maximum Message Size = 5000000

however such setting will not cause the custom report file to be sent to
the sender of the message excessive in size, will it?

So I can put this line in the MailScanner.conf to use a custom rule:

Maximum Message Size = /opt/MailScanner/etc/rules/message.too.large.rules

this will point to the custom rule which I create, won't it?

And in the message.too.large.rules i put the following lines:

From:
server.com.pl /opt/MailScanner/etc/reports/en/message.too.large.report.txt
# (Can I define my own report file? Do I put any reulst IN the report file?)
From: server.com.pl 5000000
# (Can I define both the result of the rule and the report file I want to
use?)
From: default 0


Will such a configuration work?

Julian, I am pretty new to MailScanner - that's the reason for my lame
questions...

Thanks for your help in advance.

Best regards,
Sebastian Plosarek

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep 12 14:30:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1882.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:32 12/09/2004, you wrote:
>Hello all,
>
>Recently we were forced to limit the size of messages sent by our network's
>users due to heavy traffic caused by "junk mail" - movies, wav files etc.
>Earlier we turned off reports to avoid excess internet traffic caused by
>sending notices to infected mail senders.
>What we would like to do is to send notices about the exceeded mail size to
>senders,

It appears to send the "sender.error.report.txt" message by virtue of the
setting:
Sender Error Report        = %report-dir%/sender.error.report.txt

>  but to local senders only. Is there a way to configure MailScanner
>to send only notices saying "Message too large" and only to local users
>(i.e. to senders from a certain domain)?

You would need to set
Notify Senders of Other Blocked Content = %rules-dir%/notify.senders.rules
in MailScanner.conf.
Then in /etc/MailScanner/rules/notify.senders.rules you should put
From: certain.domain.com        yes
FromOrTo: default               no

Another example:

If you wanted to change the report for different domains instead, you could put
Sender Error Report = %rules-dir%/sender.report.rules
in MailScanner.conf, and in /etc/MailScanner/rules/sender.report.rules you
could put
From: certain.domain.com /etc/MailScanner/reports/en/special.sender.error.txt
FromOrTo: default /etc/MailScanner/reports/en/sender.error.report.txt

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Sun Sep 12 14:58:15 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1883.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your reply again.

>> Is there a way to configure MailScanner
>> to send only notices saying "Message too large" and only to local users
>> (i.e. to senders from a certain domain)?

>You would need to set
>Notify Senders of Other Blocked Content = %rules-dir%/notify.senders.rules
>in MailScanner.conf.

When I look at the MailScanner.conf there is a condition which spoils it
all:

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = yes

I do not want to set "Notify Senders" to "yes" because that would seriously
increase the traffic - both in my local network and in the Internet due to
faking sender addresses by viruses and remote server notifications about
non-existence of addressee of the "Notify Sender" message.
Can I turn on the "Notify Senders Of Other Blocked Content *without*
turning on the "Notify Senders" option?

Ok, ok, I think I'm getting the point. I turn on the "Notify Senders"
option to "yes" and in /etc/MailScanner/rules/notify.senders.rules I
indicate that only my local domain should be affected by this rule. Do I
get it right?
Therefore the setting in /etc/MailScanner/rules/notify.senders.rules should
look like this:

From: my.domain.com        yes
FromOrTo: default               no

Can you check if I'm thinking right?

Thanks!

Best regards,
Sebastian Plosarek

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From sastian at OP.PL  Sun Sep 12 14:58:15 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1884.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for your reply again.

>> Is there a way to configure MailScanner
>> to send only notices saying "Message too large" and only to local users
>> (i.e. to senders from a certain domain)?

>You would need to set
>Notify Senders of Other Blocked Content = %rules-dir%/notify.senders.rules
>in MailScanner.conf.

When I look at the MailScanner.conf there is a condition which spoils it
all:

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = yes

I do not want to set "Notify Senders" to "yes" because that would seriously
increase the traffic - both in my local network and in the Internet due to
faking sender addresses by viruses and remote server notifications about
non-existence of addressee of the "Notify Sender" message.
Can I turn on the "Notify Senders Of Other Blocked Content *without*
turning on the "Notify Senders" option?

Ok, ok, I think I'm getting the point. I turn on the "Notify Senders"
option to "yes" and in /etc/MailScanner/rules/notify.senders.rules I
indicate that only my local domain should be affected by this rule. Do I
get it right?
Therefore the setting in /etc/MailScanner/rules/notify.senders.rules should
look like this:

From: my.domain.com        yes
FromOrTo: default               no

Can you check if I'm thinking right?

Thanks!

Best regards,
Sebastian Plosarek

From mailscanner at ecs.soton.ac.uk  Sun Sep 12 15:04:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1885.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:58 12/09/2004, you wrote:
>Julian,
>
>Thanks for your reply again.
>
> >> Is there a way to configure MailScanner
> >> to send only notices saying "Message too large" and only to local users
> >> (i.e. to senders from a certain domain)?
>
> >You would need to set
> >Notify Senders of Other Blocked Content = %rules-dir%/notify.senders.rules
> >in MailScanner.conf.
>
>When I look at the MailScanner.conf there is a condition which spoils it
>all:
>
># *If* "Notify Senders" is set to yes, do you want to notify people
># who sent you messages containing other blocked content, such as
># partial messages or messages with external bodies?
># This can also be the filename of a ruleset.
>Notify Senders Of Other Blocked Content = yes
>
>I do not want to set "Notify Senders" to "yes" because that would seriously
>increase the traffic - both in my local network and in the Internet due to
>faking sender addresses by viruses and remote server notifications about
>non-existence of addressee of the "Notify Sender" message.
>Can I turn on the "Notify Senders Of Other Blocked Content *without*
>turning on the "Notify Senders" option?

You could switch on "notify senders" but leave all the other "notify
senders of..." options switched off. So only those who send "other blocked
content" would be notified. Read the comments above each of the "notify
senders of..." options.

>Ok, ok, I think I'm getting the point. I turn on the "Notify Senders"
>option to "yes" and in /etc/MailScanner/rules/notify.senders.rules I
>indicate that only my local domain should be affected by this rule. Do I
>get it right?
>Therefore the setting in /etc/MailScanner/rules/notify.senders.rules should
>look like this:
>
>From: my.domain.com        yes
>FromOrTo: default               no
>
>Can you check if I'm thinking right?

You need to set
Notify Senders = %rules-dir%/notify.senders.rules
so that it knows where to get the ruleset from. But otherwise that would
work okay.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Sun Sep 12 15:16:45 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1886.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thank you for all your help.
I'll do some experimenting now. Hope I'll be able to set it all properly.

Thank you!

Sebastian

From sastian at OP.PL  Sun Sep 12 15:16:45 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:51 2006
Subject: Report "Message too large" to sender?
Message-ID: <mailman.1887.1137101211.24926.mailscanner@lists.mailscanner.info>

Julian,

Thank you for all your help.
I'll do some experimenting now. Hope I'll be able to set it all properly.

Thank you!

Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at WEALDCLOSE.CO.UK  Sun Sep 12 22:52:02 2004
From: mailscanner at WEALDCLOSE.CO.UK (Kristian Shaw)
Date: Thu Jan 12 21:26:51 2006
Subject: MCP Messages vanishing
Message-ID: <mailman.1888.1137101211.24926.mailscanner@lists.mailscanner.info>

Hello,

For some time I've noticed that messages that are both MCP and Spam
disappear into a black hole on two slackware systems. For me, this occurs
when the MCP action is 'forward xxx@xxx.xxx' and the spam action is
'attachment deliver'. In my logs the action just comes out as 'attachment'
with no deliver or forward actions. Messages that are either MCP or Spam are
delivered as I would expect.

I've found an area of code in MCPMessage.pm that I think handles the
delivery/forward logic and added some code where I don't think it was
handling forwarding. I have attached a patch for 4.33.3 at the end of this
email. (Hopefully I did it right as I've not made a patch before)

I've only tested this code for my system so I don't know if it breaks any
other combinations of spam/mcp actions. If I've misinterpreted how the code
works please let me know so I can put it right!

Thanks,

Kris.


MCPMessage.pm   2004-05-22 13:12:49.000000000 +0100
+++ ./MCPMessage.pm     2004-09-12 22:23:41.000000000 +0100
@@ -304,6 +304,14 @@
       $global::MS->{mta}->DeleteRecipients($this);
       $this->{mcpdelivering} = 0;
     }
+
+    # Added by KLS to deliver from MCP when forwarding and spam
+    # action is attachment
+    if ($actions{'forward'}) {
+      $this->{mcpdelivering} = 1;
+    }
+    # End of code by KLS
+
     # Message still exists, so it will be delivered to its new recipients
   } else {
     #

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Sun Sep 12 23:31:28 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:51 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1889.1137101211.24926.mailscanner@lists.mailscanner.info>

Ye, can somebody tell us why we are getting these messages all the time?

I had this issue with 4.27 and it drove us nuts. Then it went away
mysteriously. Today, I upgraded to 4.33 and we are getting these timeout
messages again with spamassassin.

Please advise as to why.

Thank you.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Martin Hepworth
Sent: Tuesday, September 07, 2004 11:12 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SPAM Report - Timed out

Mark

  had a couple this morning around 10.30 (BST)

normally relates to RBL's timing out for me..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Mark Pottage wrote:
> Has anyone any ideas on the below?
>
> Spam Report Timed Out.
>
> Systems are running:
>
> SendMail version:  ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6
> ClamAV version:  0.75
> BitDefender version:  7.0 build 2492
> SpamAssassin version: 2.63
>
>
> Size:         3.3Kb
> Virus:         N
> Blocked File:          N
> Other Infection:       N
> Report:
> Spam:          N   Action(s): deliver
> High Scoring Spam:     N
> Listed in RBL:         N
> Whitelisted:   N
> Blacklisted:   N
> SpamAssassin Spam:     N
> SpamAssassin Autolearn:        N
> SpamAssassin Score:   0.00
> Spam Report:  timed out
> Archive:

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Mon Sep 13 01:23:24 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:51 2006
Subject: MailScanner 4.33.3-1 And Issues with Exim
Message-ID: <mailman.1890.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>As of this upgrade, MailScanner is no longer playing nice
with those of use using Exim.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have been using MailScanner + Exim for a very long time
and have never had issues with configuring it or upgrading it. I am having
issues with Exim and Mailscanner.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Messages are not being delivered to the users. Instead we
see messages in the log files that say;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>2004-09-12 20:06:36 1C6eMx-0007fx-Jv Spool file
1C6eMx-0007fx-Jv-D not found<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The problem is with this file. What happened to the contents
of this file? The format has changed.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The new format looks like this, &nbsp;/etc/sysconfig/MailScanner.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The format of this file has changed. When I look at
/etc/sysconfig/MailScanner.conf.rpmsave all I see in there is this;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Put in here the time between runs for the outgoing
sendmail mqueue<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># if you don't want the default of 15 minutes (15m).<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Put in there the location of the PID files<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># if you don't want the default of /var/run/MailScanner.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>QUEUETIME=15m<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>WORKDIR=/var/spool/MailScanner/incoming<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>INQDIR=/var/spool/exim_incoming/input<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>But this is not working and does not work with Exim!!!!!!<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The old file looks like this;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Put in here all the settings for your particular mail
system so that <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MailScanner's init.d script can run it all for you.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Are you running Postfix, sendmail, Exim or ZMailer? <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Don't set it by hand, we now auto-detect it from
MailScanner.conf<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MTA=sendmail<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MTA=postfix <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MTA=exim<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MTA=zmailer <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>MTA=`perl -n -e 'print &quot;$_&quot; if chomp &amp;&amp;
s/^\s*MTA\s*=\s*([a-zA-Z]+)/$1/ &amp;&amp; ($_=lc($_))'
/etc/MailScanner/MailScanner.conf`<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Cron job update_virus_scanners settings<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>UPDATEMAXDELAY=600 # Maximum delay before running cron job
to avoid server peaks<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># MailScanner Settings<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#&nbsp; <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>WORKDIR=/var/spool/MailScanner/incoming # Where the temp
MailScanner files live<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>RESTART_DELAY=10 # Pause time between stop and start when
restarting<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Sendmail Settings<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>SENDMAIL=/usr/sbin/exim<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>QUEUETIME=15m<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>INQDIR=/var/spool/exim_incoming/input<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>INPID=/var/run/sendmail.in.pid<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>OUTPID=/var/run/sendmail.out.pid <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>SMPID=/var/run/sm-client.pid<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>MSPUSER=smmsp&nbsp; # User for mail submission queue runner<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>MSPGROUP=smmsp # Group for mail submission queue runner<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Postfix settings <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#&nbsp; <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>POSTFIX=/usr/sbin/postfix<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>POSTFIXINCF=/etc/postfix.in&nbsp;&nbsp; # Directory
containing incoming configuration<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>POSTFIXOUTCF=/etc/postfix&nbsp;&nbsp;&nbsp;&nbsp; #
Directory containing outgoing configuration<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Exim settings<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#&nbsp; <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>EXIM=/usr/sbin/exim<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>EXIMINCF=/etc/exim.conf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
# Incoming configuration file <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>EXIMSENDCF=/etc/exim_outgoing.conf&nbsp; # Outgoing
configuration file<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#&nbsp; <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># ZMailer settings<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ZMAILER=/usr/lib/zmailer/zmailer <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ZMAILERCF=/etc/zmailer/zmailer.conf&nbsp;&nbsp;&nbsp;&nbsp;
# Configuration file<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>And these settings used to work!<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 09:01:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:51 2006
Subject: MailScanner 4.33.3-1 And Issues with Exim
Message-ID: <mailman.1891.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 01:23 13/09/2004, you wrote:
>The format of this file has changed. When I look at
>/etc/sysconfig/MailScanner.conf.rpmsave all I see in there is this;

The file in /etc/sysconfig is not called MailScanner.conf, it is just
called MailScanner. The rpmsave file is what was left over after you last
did "rpm -e mailscanner". The potential new file is .rpmnew and your
current file is just called MailScanner.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 13 09:01:36 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:51 2006
Subject: MS bogging under load ...
Message-ID: <mailman.1892.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Garry

use the surbl.org URI rbl's as a replacement for the bigevil...


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Garry Glendown wrote:
> Mike Kercher wrote:
>
>> Are you running any non-default SA rules?  Bigevil turned out to be my
>> demon.
>
>
> Yup ... running that and others ... I'll move that out and see how
> performance changes ...
>
> -gg
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 13 09:10:08 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: definition: messages per month?
Message-ID: <mailman.1893.1137101211.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Eric

I keep my email gateway on a separate machine, if the gateway machine
gets compromised then all youe email is hosed, cf putting www server on
a separate machine/DMZ.

I tend to look at a couple of 'core' uses for our stats, ie the one how
tend to get alot of spam, and corelate full population stats from them.

Also 100% spam trap is almost impossible to achieve without FP's rate
being too high (ie getting FP's), I'd rather a couple of spams creep
though than miss the odd spam..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Eric Dantan Rzewnicki wrote:
> On Fri, Sep 10, 2004 at 09:31:32AM +0100, Martin Hepworth wrote:
>
>>Eric
>>I always use the 'envelopes' per month version myself...ie how many
>>actual messages (qf,df pairs - or whatever your MTA uses to store
>>messages in the queue) are processed.
>>Otherwise the stats go up the wall - hey my MS processed 2 billion
>>messages last month, when actually it only  processed two MTA queue file
>>message pairs!!!
>>I'm not concerned that a message had multiple recipients, I'm concerned
>>about the actual number of messages, which has a direct correlation to
>>the performance and size of the hardware required.
>
>
> Ok. this helps. One other concern with regard to hardware and
> performance ... imapd/pop access is on the same server here as
> smtp/mailscanner. In other's experience is user access to mail spools
> a performance concern? If so, then it might be interesting to keep
> counts for messages spooled to users' mailboxes and actually accessed or
> downloaded by MUAs as well as counts of messages scanned.
>
>
> I haven't seen anyone address the question of false positive/negative
> stats, yet. If someone claims "our mailscanner install blocks 98.6% of
> spam", how can they actually know that? Can you verify that every user
> has reported every miss in either direction?
>
> Or, are people quoting percentages like that based on sending a corpus
> of known ham/spam through the system?
>
> -Eric Rz.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep 13 09:12:33 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:52 2006
Subject: Whitelisting localhost for spam checks?
Message-ID: <mailman.1894.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi list

Is it possible / advisable to whitelist localhost for spam checks?

It seems a bit sillty to check all the messages generated by the local
machine for spam!

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 09:18:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Whitelisting localhost for spam checks?
Message-ID: <mailman.1895.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In /etc/MailScanner/rules/spam.whitelist.rules add this line
From: 127.0.0.1 yes

At 09:12 13/09/2004, you wrote:
>Is it possible / advisable to whitelist localhost for spam checks?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Mon Sep 13 09:19:55 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:52 2006
Subject: Whitelisting localhost for spam checks?
Message-ID: <mailman.1896.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 13 Sep 2004 10:12:33 +0200, Remco Barendse
<mailscanner@barendse.to> wrote:
> Hi list
>
> Is it possible / advisable to whitelist localhost for spam checks?

Possible, yes:

%etc-dir%/MailScanner.conf
Spam Checks = %etc-dir%/rules/spam.check.rules

%etc-dir%/rules/spam.check.rules

From:           127.0.0.1        no
FromOrTo:       default         yes

Advisable, depends:

Would you otherwise notice if your localhost started spewing out spam?

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep 13 10:42:45 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:52 2006
Subject: languages.conf
Message-ID: <mailman.1897.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian!

Could you please add all the mcp stuff to languages.conf?

On every update I have to add the following manually (and I keep
forgetting it):

MCPblacklisted = MCP-Blacklisted
MCPwhitelisted = MCP-Whitelisted
MCPsadisabled = MCP disabled
MCPsanoheaders = MCP Message had no headers
MCPsatimedout = MCP timed out


Thanx!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 11:06:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: languages.conf
Message-ID: <mailman.1898.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:42 13/09/2004, you wrote:
>Hi Julian!
>
>Could you please add all the mcp stuff to languages.conf?
>
>On every update I have to add the following manually (and I keep
>forgetting it):
>
>MCPblacklisted = MCP-Blacklisted
>MCPwhitelisted = MCP-Whitelisted
>MCPsadisabled = MCP disabled
>MCPsanoheaders = MCP Message had no headers
>MCPsatimedout = MCP timed out

Sorry about that, I had added some of the MCP definitions but not all.
Fixed now.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Mon Sep 13 11:06:47 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1899.1137101212.24926.mailscanner@lists.mailscanner.info>

Hello!

The virus scanner indeed scans zip files for virii. But what about a
situation where I block some unwanted filetypes (.mp3, .mpg etc.). How do I
configure MailScanner to scan zip files for these unwanted filetypes?
Since the users do all their best to choke up our Internet Connection which
is tragic as far as it comes to speed and stability we want to prevent some
outgoing "junk mail" in form of these files as attachments.

Any possibility to do that?

Regards,
Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 11:54:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1900.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:06 13/09/2004, you wrote:
>Hello!
>
>The virus scanner indeed scans zip files for virii. But what about a
>situation where I block some unwanted filetypes (.mp3, .mpg etc.). How do I
>configure MailScanner to scan zip files for these unwanted filetypes?

As long as you set
Maximum Archive Depth = 3
then it will check archives for those unwanted filetypes.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Mon Sep 13 12:12:23 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1901.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,
    Ummm...  The default setting for Maximum Archive Depth is 2, not
3.  Time for another change in the default configuration?

Jeff Earickson

On Mon, 13 Sep 2004, Julian Field wrote:

> Date: Mon, 13 Sep 2004 11:54:40 +0100
> From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: scan zip files
>
> At 11:06 13/09/2004, you wrote:
>> Hello!
>>
>> The virus scanner indeed scans zip files for virii. But what about a
>> situation where I block some unwanted filetypes (.mp3, .mpg etc.). How do I
>> configure MailScanner to scan zip files for these unwanted filetypes?
>
> As long as you set
> Maximum Archive Depth = 3
> then it will check archives for those unwanted filetypes.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 12:20:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1902.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:12 13/09/2004, you wrote:
>Julian,
>    Ummm...  The default setting for Maximum Archive Depth is 2, not
>3.  Time for another change in the default configuration?

No, 2 should do okay. Has anyone any thoughts whether 3 would be better? I
might change it to 3 unless anyone objects.
The extra processing overhead will be minimal.

>On Mon, 13 Sep 2004, Julian Field wrote:
>>Date: Mon, 13 Sep 2004 11:54:40 +0100
>>From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
>>Subject: Re: scan zip files
>>
>>At 11:06 13/09/2004, you wrote:
>>>The virus scanner indeed scans zip files for virii. But what about a
>>>situation where I block some unwanted filetypes (.mp3, .mpg etc.). How do I
>>>configure MailScanner to scan zip files for these unwanted filetypes?
>>
>>As long as you set
>>Maximum Archive Depth = 3
>>then it will check archives for those unwanted filetypes.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep 13 12:38:33 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:52 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1903.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
OK, so I tried the tarball install on the RedHat box instead of RPMS.

It seems that I am getting the same depency problems.

URI is not working so I am trying to install the tarballs by hand.

When I try to make URI-1.31.tar.gz  my old friend seems to be poooping up
again.

t/urn-isbn.......skipped
         all skipped: Needs the Business::ISBN module installed

I got the same error when trying to install the rpm.

I guess this module should be included in the install-Clam-SA package too?


Thanks!!
Remco

On Mon, 6 Sep 2004, Remco Barendse wrote:

> On Mon, 6 Sep 2004, Julian Field wrote:
>
>> At 21:08 06/09/2004, you wrote:
>>> OK, I tried it on the box I fdisked friday....
>>>
>>> I guess I shouldn't get this?
>>>
>>> error: Failed dependencies:
>>> perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1
>>
>> Do a
>> perl -MCPAN -e 'install DBI'
>> first.
>
> I'm afraid that didn't do the trick. It installed ok but didn't solve
> the issue with the modules.
>
> Of all the modules in the package:
> perl-DB_File-1.810-1.src.rpm
> perl-Digest-1.08-1.src.rpm
> perl-Digest-HMAC-1.01-1.src.rpm
> perl-Digest-MD5-2.33-1.src.rpm
> perl-Digest-SHA1-2.10-1.src.rpm
> perl-Inline-0.44-1.src.rpm
> perl-Mail-ClamAV-0.11-1.src.rpm
> perl-Mail-SpamAssassin-3.0.0-rc3.1.src.rpm
> perl-Mail-SPF-Query-1.997-1.src.rpm
> perl-Net-CIDR-Lite-0.15-1.src.rpm
> perl-Net-DNS-0.48-1.src.rpm
> perl-Parse-RecDescent-1.94-1.src.rpm
> perl-Sys-Hostname-Long-1.2-1.src.rpm
> perl-Test-Harness-2.42-1.src.rpm
> perl-Test-Simple-0.47-1.src.rpm
> perl-Text-Balanced-1.95-1.src.rpm
> perl-URI-1.31-1.src.rpm
>
> These are the only ones that did install, I get loads of errors on
> the rest:
> perl-DB_File-1.810-1
> perl-Digest-SHA1-2.10-1
> perl-Inline-0.44-1
> perl-Mail-ClamAV-0.11-1
> perl-Net-CIDR-0.09-3 (guess this comes standard with RHEL??)
> perl-Net-CIDR-Lite-0.15-1
> perl-Parse-RecDescent-1.94-1
> perl-URI-1.21-7  (guess this should have been updated???)
>
>
> file /usr/lib/perl5/5.8.0/Digest.pm from install of perl-Digest-1.08-1
> conflicts with file from package perl-5.8.0-88.4.TL1
>
> file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm from
> install
> of perl-Digest-MD5-2.33-1 conflicts with file from package
> perl-5.8.0-88.4.TL1
>
> perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>
>
> Some modules did not build at all and others reported that the box was
> running perl 5.008 while compiling which is not possible on a newly
> installed RHEL 3 box
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sastian at OP.PL  Mon Sep 13 13:24:08 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1904.1137101212.24926.mailscanner@lists.mailscanner.info>

>
> As long as you set
> Maximum Archive Depth = 3
> then it will check archives for those unwanted filetypes.
> --
> Julian Field
> www.MailScanner.info


Julian,

Thank you for your reply.
There isn't any such option in my /opt/MailScanner/etc/MailScanner.conf
Am I looking in the right place?
Should some other option be set to correspond to "Maximum Archive Depth"?

Best regards,
Sebastian

From sastian at OP.PL  Mon Sep 13 13:24:08 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1905.1137101212.24926.mailscanner@lists.mailscanner.info>

>
> As long as you set
> Maximum Archive Depth = 3
> then it will check archives for those unwanted filetypes.
> --
> Julian Field
> www.MailScanner.info


Julian,

Thank you for your reply.
There isn't any such option in my /opt/MailScanner/etc/MailScanner.conf
Am I looking in the right place?
Should some other option be set to correspond to "Maximum Archive Depth"?

Best regards,
Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 13:47:08 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.1906.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It's optional, I don't use ISBN numbers in MailScanner much :-)

At 12:38 13/09/2004, you wrote:
>OK, so I tried the tarball install on the RedHat box instead of RPMS.
>
>It seems that I am getting the same depency problems.
>
>URI is not working so I am trying to install the tarballs by hand.
>
>When I try to make URI-1.31.tar.gz  my old friend seems to be poooping up
>again.
>
>t/urn-isbn.......skipped
>         all skipped: Needs the Business::ISBN module installed
>
>I got the same error when trying to install the rpm.
>
>I guess this module should be included in the install-Clam-SA package too?
>
>
>Thanks!!
>Remco
>
>On Mon, 6 Sep 2004, Remco Barendse wrote:
>
>>On Mon, 6 Sep 2004, Julian Field wrote:
>>
>>>At 21:08 06/09/2004, you wrote:
>>>>OK, I tried it on the box I fdisked friday....
>>>>
>>>>I guess I shouldn't get this?
>>>>
>>>>error: Failed dependencies:
>>>>perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc3.1
>>>
>>>Do a
>>>perl -MCPAN -e 'install DBI'
>>>first.
>>
>>I'm afraid that didn't do the trick. It installed ok but didn't solve
>>the issue with the modules.
>>
>>Of all the modules in the package:
>>perl-DB_File-1.810-1.src.rpm
>>perl-Digest-1.08-1.src.rpm
>>perl-Digest-HMAC-1.01-1.src.rpm
>>perl-Digest-MD5-2.33-1.src.rpm
>>perl-Digest-SHA1-2.10-1.src.rpm
>>perl-Inline-0.44-1.src.rpm
>>perl-Mail-ClamAV-0.11-1.src.rpm
>>perl-Mail-SpamAssassin-3.0.0-rc3.1.src.rpm
>>perl-Mail-SPF-Query-1.997-1.src.rpm
>>perl-Net-CIDR-Lite-0.15-1.src.rpm
>>perl-Net-DNS-0.48-1.src.rpm
>>perl-Parse-RecDescent-1.94-1.src.rpm
>>perl-Sys-Hostname-Long-1.2-1.src.rpm
>>perl-Test-Harness-2.42-1.src.rpm
>>perl-Test-Simple-0.47-1.src.rpm
>>perl-Text-Balanced-1.95-1.src.rpm
>>perl-URI-1.31-1.src.rpm
>>
>>These are the only ones that did install, I get loads of errors on
>>the rest:
>>perl-DB_File-1.810-1
>>perl-Digest-SHA1-2.10-1
>>perl-Inline-0.44-1
>>perl-Mail-ClamAV-0.11-1
>>perl-Net-CIDR-0.09-3 (guess this comes standard with RHEL??)
>>perl-Net-CIDR-Lite-0.15-1
>>perl-Parse-RecDescent-1.94-1
>>perl-URI-1.21-7  (guess this should have been updated???)
>>
>>
>>file /usr/lib/perl5/5.8.0/Digest.pm from install of perl-Digest-1.08-1
>>conflicts with file from package perl-5.8.0-88.4.TL1
>>
>>file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm from
>>install
>>of perl-Digest-MD5-2.33-1 conflicts with file from package
>>perl-5.8.0-88.4.TL1
>>
>>perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>>
>>
>>Some modules did not build at all and others reported that the box was
>>running perl 5.008 while compiling which is not possible on a newly
>>installed RHEL 3 box
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 13 14:55:42 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1907.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sebastian Plosarek wrote:
>>As long as you set
>>Maximum Archive Depth = 3
>>then it will check archives for those unwanted filetypes.
>>--
>>Julian Field
>>www.MailScanner.info
>
>
>
> Julian,
>
> Thank you for your reply.
> There isn't any such option in my /opt/MailScanner/etc/MailScanner.conf
> Am I looking in the right place?
> Should some other option be set to correspond to "Maximum Archive Depth"?
>
> Best regards,
> Sebastian
>

What version of MailScanner are you running???

I believe this function/option was introcuded in 4.28.5 looking at the
chnagelog...



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jlramos at REIT.UP.PT  Mon Sep 13 15:05:19 2004
From: jlramos at REIT.UP.PT (JosX LuXs Ramos)
Date: Thu Jan 12 21:26:52 2006
Subject: Only notifiy recepients/senders in my domain
Message-ID: <mailman.1908.1137101212.24926.mailscanner@lists.mailscanner.info>

I have recently installed MailScanner (version 4.31.6) + Mcafee (Virus Scan for
Linux v4.32.0) on my email server.

The configuration files and parameters on my system are:


# #####The "MailScanner.conf" on my system has the following parameters: ###

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From d.santos at barcelohotels.com.do  Mon Sep 13 15:21:26 2004
From: d.santos at barcelohotels.com.do (Dywer Santos)
Date: Thu Jan 12 21:26:52 2006
Subject: Multipart Mime
Message-ID: <mailman.1909.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2>Hi.</FONT></SPAN></DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial size=2>Is there a way to 
stop MiltiparMime OLE messages?</FONT></SPAN></DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2>thanks.</FONT></SPAN></DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=887402014-13092004><FONT face=Arial 
size=2>dywer</FONT></SPAN></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From alaslavic at HAVERTYS.COM  Mon Sep 13 15:47:29 2004
From: alaslavic at HAVERTYS.COM (Alex Laslavic)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1910.1137101212.24926.mailscanner@lists.mailscanner.info>

I just rebuilt our mailscanner server on a new machine, and in the process
upgraded to the newest versions.  Everything is running fine, but I have
noticed that Bayes is not running.  Spamassassin --lint successfully ties
to the bayes databases, but when MailScanner is running bayes is not being
used.  I cannot find any error messages in the logs, to give me a clue
here.

Suggestions on where I need to look to see why bayes is not running?

Alex Laslavic
Havertys Tech Services

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at WEALDCLOSE.CO.UK  Mon Sep 13 16:06:44 2004
From: mailscanner at WEALDCLOSE.CO.UK (MailScanner)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1911.1137101212.24926.mailscanner@lists.mailscanner.info>

Hello,

Bayes needs to have learnt 200 spams/hams before it becomes active - perhaps
that is your problem?

sa-learn --dump magic    tells you the number of messages learnt.

Kris.


----- Original Message -----
From: "Alex Laslavic" <alaslavic@HAVERTYS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, September 13, 2004 3:47 PM
Subject: Bayes not running


> I just rebuilt our mailscanner server on a new machine, and in the process
> upgraded to the newest versions.  Everything is running fine, but I have
> noticed that Bayes is not running.  Spamassassin --lint successfully ties
> to the bayes databases, but when MailScanner is running bayes is not being
> used.  I cannot find any error messages in the logs, to give me a clue
> here.
>
> Suggestions on where I need to look to see why bayes is not running?
>
> Alex Laslavic
> Havertys Tech Services
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 13 16:07:48 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1912.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex Laslavic wrote:
> I just rebuilt our mailscanner server on a new machine, and in the process
> upgraded to the newest versions.  Everything is running fine, but I have
> noticed that Bayes is not running.  Spamassassin --lint successfully ties
> to the bayes databases, but when MailScanner is running bayes is not being
> used.  I cannot find any error messages in the logs, to give me a clue
> here.
>
> Suggestions on where I need to look to see why bayes is not running?
>
> Alex Laslavic
> Havertys Tech Services

Alex

make sure you have enough spam and ham in the DB (minimum 200 each!) -
www.fsl.com have a good starter DB if not.

Also make sure the MailScanner user (AS defined at the top of
MailScanner.conf) has write accesss to the files

--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 13 16:09:12 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1913.1137101212.24926.mailscanner@lists.mailscanner.info>

> I just rebuilt our mailscanner server on a new machine, and
> in the process upgraded to the newest versions.  Everything
> is running fine, but I have noticed that Bayes is not
> running.  Spamassassin --lint successfully ties to the bayes
> databases, but when MailScanner is running bayes is not being
> used.  I cannot find any error messages in the logs, to give
> me a clue here.
>
> Suggestions on where I need to look to see why bayes is not running?
>
Bayes cannot "run", as it's not a process

You won't see any Bayes references in your logs until you've had 200 spam +
200 ham



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevinold at gmail.com  Mon Sep 13 16:33:53 2004
From: kevinold at gmail.com (Kevin Old)
Date: Thu Jan 12 21:26:52 2006
Subject: SPAM Report - Timed out
Message-ID: <mailman.1914.1137101212.24926.mailscanner@lists.mailscanner.info>

Michael,

It was suggested to me on the Spamassassin list to up the timeout for
Spamassassin to 4 minutes in the MailScanner.conf file.

Also, to check the directory where your bayes database is and see if
there are a lot of files with "expire" in them.

If so, you need to do a sa-learn --force-expire and a sa-learn
--rebuild.  Then you need to disable bayes_auto_expire in your
local.cf file, and run sa-learn --force-expire from a daily cronjob.

Hope this helps,
Kevin

On Sun, 12 Sep 2004 18:31:28 -0400, Michael Freeman
<admin@thenamegame.com> wrote:
> Ye, can somebody tell us why we are getting these messages all the time?
>
> I had this issue with 4.27 and it drove us nuts. Then it went away
> mysteriously. Today, I upgraded to 4.33 and we are getting these timeout
> messages again with spamassassin.
>
> Please advise as to why.
>
> Thank you.
>
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Martin Hepworth
> Sent: Tuesday, September 07, 2004 11:12 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SPAM Report - Timed out
>
> Mark
>
>   had a couple this morning around 10.30 (BST)
>
> normally relates to RBL's timing out for me..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> Mark Pottage wrote:
> > Has anyone any ideas on the below?
> >
> > Spam Report Timed Out.
> >
> > Systems are running:
> >
> > SendMail version:  ESMTP Sendmail 8.12.6/8.12.6/SuSE Linux 0.6
> > ClamAV version:  0.75
> > BitDefender version:  7.0 build 2492
> > SpamAssassin version: 2.63
> >
> >
> > Size:         3.3Kb
> > Virus:         N
> > Blocked File:          N
> > Other Infection:       N
> > Report:
> > Spam:          N   Action(s): deliver
> > High Scoring Spam:     N
> > Listed in RBL:         N
> > Whitelisted:   N
> > Blacklisted:   N
> > SpamAssassin Spam:     N
> > SpamAssassin Autolearn:        N
> > SpamAssassin Score:   0.00
> > Spam Report:  timed out
> > Archive:
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>



--
Kevin Old
kevinold@gmail.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Mon Sep 13 16:39:20 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1915.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:47 AM 9/13/2004, Alex Laslavic wrote:
>I just rebuilt our mailscanner server on a new machine, and in the process
>upgraded to the newest versions.  Everything is running fine, but I have
>noticed that Bayes is not running.  Spamassassin --lint successfully ties
>to the bayes databases, but when MailScanner is running bayes is not being
>used.  I cannot find any error messages in the logs, to give me a clue
>here.
>
>Suggestions on where I need to look to see why bayes is not running?

Does your spam.assassin.prefs.conf contain a "bayes_path" statement?

If so, Mailscanner is going to use that directory, whereas the SA command
line tools will use their defaults.

I for one find this to be a nuisance, so I've commented out the bayes_path
statement in spam.assassin.prefs.conf, and allow my bayes DB's to live in
root's home directory.

As an alternative you can pass the --dbpath option to sa-learn while training.

However, getting the spamassassin command-line tool to recognize the new
path without using a site-wide setting in /etc/mail/spamassassin can be
tricky. And if you do make it site-wide, you need to make the bayes files
world-writable, or ensure no SA tools are ever executed as any user other
than root.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 13 16:48:40 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1916.1137101212.24926.mailscanner@lists.mailscanner.info>

> I for one find this to be a nuisance, so I've commented out
> the bayes_path statement in spam.assassin.prefs.conf, and
> allow my bayes DB's to live in root's home directory.

That can bit if your root partition isn't very big

You should be able to append the directory locations to the command line
arguments.




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at K2SISTEMAS.COM.BR  Mon Sep 13 16:58:13 2004
From: tonioli at K2SISTEMAS.COM.BR (Felipe Tonioli)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1917.1137101212.24926.mailscanner@lists.mailscanner.info>

If you have everything listed in messages, and just still not running, check
if your upgrad did not damaged your bayes.

If you copied the old bays and upgrade then to a new version of
spamassassin, check if it wasnt damaged. SpamAssassin RC3 just damaged my
bayes.

Felipe Tonioli

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Matt Kettler
> Sent: Monday, September 13, 2004 12:39 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Bayes not running
>
>
> At 10:47 AM 9/13/2004, Alex Laslavic wrote:
> >I just rebuilt our mailscanner server on a new machine, and in
> the process
> >upgraded to the newest versions.  Everything is running fine, but I have
> >noticed that Bayes is not running.  Spamassassin --lint successfully ties
> >to the bayes databases, but when MailScanner is running bayes is
> not being
> >used.  I cannot find any error messages in the logs, to give me a clue
> >here.
> >
> >Suggestions on where I need to look to see why bayes is not running?
>
> Does your spam.assassin.prefs.conf contain a "bayes_path" statement?
>
> If so, Mailscanner is going to use that directory, whereas the SA command
> line tools will use their defaults.
>
> I for one find this to be a nuisance, so I've commented out the bayes_path
> statement in spam.assassin.prefs.conf, and allow my bayes DB's to live in
> root's home directory.
>
> As an alternative you can pass the --dbpath option to sa-learn
> while training.
>
> However, getting the spamassassin command-line tool to recognize the new
> path without using a site-wide setting in /etc/mail/spamassassin can be
> tricky. And if you do make it site-wide, you need to make the bayes files
> world-writable, or ensure no SA tools are ever executed as any user other
> than root.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.760 / Virus Database: 509 - Release Date: 9/10/2004
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date: 9/10/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mgt at STELLARCORE.NET  Mon Sep 13 17:30:31 2004
From: mgt at STELLARCORE.NET (Mike Tremaine)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes settings
Message-ID: <mailman.1918.1137101212.24926.mailscanner@lists.mailscanner.info>

I've decided to setup local spam/notspam users to re-train the bayes
engine and I've got a question about the Mailscanner.conf settings.

Specifically these setttings...

Rebuild Bayes Every = 0

Wait During Bayes Rebuild = no

By default Rebuild Bayes is off? What is the "suggested" use for this if
you are doing "re-training"? And will a hourly cron that excutes
sa-learn cause any time-outs?

I'm sorry if this has been covered before I did look through the MAQ and
the maillist archive.


[ Just for more info I've used the perl script posted here, with some
modifications for vhosts. I'll post it back when I'm all done...

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html

]

--
Mike Tremaine
mgt@stellarcore.net
http://www.stellarcore.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From eric at GATEWAYCONNECTIONS.COM  Mon Sep 13 17:56:09 2004
From: eric at GATEWAYCONNECTIONS.COM (Eric Gregory)
Date: Thu Jan 12 21:26:52 2006
Subject: Detailed Virus Statistics
Message-ID: <mailman.1919.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Can anyone point me in the right direction to get Detailed virus
statistics with ClamAV.  I know I'm catching hundreds per day and my
stats have Skyrocketed this morning most likely due to the new spybot
viruses out but can anyone tell me how I can get a graph of what viruses
were caught and how many of each?

Thanks
Eric

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 13 18:18:58 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: Detailed Virus Statistics
Message-ID: <mailman.1920.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-13 at 11:56 -0500, Eric Gregory wrote:
> Can anyone point me in the right direction to get Detailed virus
> statistics with ClamAV.  I know I'm catching hundreds per day and my
> stats have Skyrocketed this morning most likely due to the new spybot
> viruses out but can anyone tell me how I can get a graph of what viruses
> were caught and how many of each?
>
Have a look at MailWatch (other tools are listed in the MAQ)

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jstuart at EDENPR.K12.MN.US  Mon Sep 13 18:39:24 2004
From: jstuart at EDENPR.K12.MN.US (Joe Stuart)
Date: Thu Jan 12 21:26:52 2006
Subject: spamassassin rules
Message-ID: <mailman.1921.1137101212.24926.mailscanner@lists.mailscanner.info>

Is it possible to store custom spamassassin rules in separate files
instead of putting them all in the spam.assassin.prefs.conf file?  I'm
adding rules from rulesemporium.com.

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 13 18:42:23 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: spamassassin rules
Message-ID: <mailman.1922.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-13 at 12:39 -0500, Joe Stuart wrote:
> Is it possible to store custom spamassassin rules in separate files
> instead of putting them all in the spam.assassin.prefs.conf file?  I'm
> adding rules from rulesemporium.com.
>
Please refer to the MAQ/FAQ and archive. This has been covered in depth.
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Mon Sep 13 18:42:54 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:52 2006
Subject: spamassassin rules
Message-ID: <mailman.1923.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Joe Stuart wrote:
> Is it possible to store custom spamassassin rules in separate files
> instead of putting them all in the spam.assassin.prefs.conf file?  I'm
> adding rules from rulesemporium.com.

I put my rules in /etc/mail/spamassassin/. Just name the file/s .cf.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alaslavic at HAVERTYS.COM  Mon Sep 13 19:20:07 2004
From: alaslavic at HAVERTYS.COM (Alex Laslavic)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes not running
Message-ID: <mailman.1924.1137101212.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK> wrote on 09/13/2004
12:58:13 PM:

> If you have everything listed in messages, and just still not running,
check
> if your upgrad did not damaged your bayes.
>
> If you copied the old bays and upgrade then to a new version of
> spamassassin, check if it wasnt damaged. SpamAssassin RC3 just damaged my
> bayes.
>
> Felipe Tonioli
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Matt Kettler
> > Sent: Monday, September 13, 2004 12:39 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] Bayes not running
> >
> >
> > At 10:47 AM 9/13/2004, Alex Laslavic wrote:
> > >I just rebuilt our mailscanner server on a new machine, and in
> > the process
> > >upgraded to the newest versions.  Everything is running fine, but I
have
> > >noticed that Bayes is not running.  Spamassassin --lint successfully
ties
> > >to the bayes databases, but when MailScanner is running bayes is
> > not being
> > >used.  I cannot find any error messages in the logs, to give me a clue
> > >here.
> > >
> > >Suggestions on where I need to look to see why bayes is not running?
> >
> > Does your spam.assassin.prefs.conf contain a "bayes_path" statement?
> >
> > If so, Mailscanner is going to use that directory, whereas the SA
command
> > line tools will use their defaults.
> >
> > I for one find this to be a nuisance, so I've commented out the
bayes_path
> > statement in spam.assassin.prefs.conf, and allow my bayes DB's to live
in
> > root's home directory.
> >
> > As an alternative you can pass the --dbpath option to sa-learn
> > while training.
> >
> > However, getting the spamassassin command-line tool to recognize the
new
> > path without using a site-wide setting in /etc/mail/spamassassin can be
> > tricky. And if you do make it site-wide, you need to make the bayes
files
> > world-writable, or ensure no SA tools are ever executed as any user
other
> > than root.
> >

Thanks for all the answers folks.  I'm sorta going to try to answer
everyones questions in one message.  I copied the bayes files from the old
server to the new one.  It went from SA 2.63 to SA 2.64.  spamassassin -C
/etc/MailScanner/spam.assassin.prefs.conf -D --lint ties sucessfully to the
bayes files, and even puts a bayes score on the test done by --lint.

In MailScanner.conf, I have the spamassassin directory set to
/mnt/data/spamassassin/bayes.  The files and directories are all R/W to the
postfix user and group.  I also have the bayes path in
spam.assassin.prefs.conf set to /mnt/data/spamassassin/bayes/bayes .  I
guess my real question is, why would bayes be working with a spamassassin
-C /etc/MailScanner/spam.assassin.prefs.conf -D --lint, but not when
MailScanner is actually running?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From el.baby at gmail.com  Mon Sep 13 20:40:39 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: [VulnWatch] Corsaire Security Advisory - Multiple vendor MIME
    field multiple occurrence issue
Message-ID: <mailman.1925.1137101212.24926.mailscanner@lists.mailscanner.info>

FYI...

I didn't check anything about MailScanner, but I think we're at the
mercy of MIME-tools, are we?

---------- Forwarded message ----------
From: advisories <advisories@corsaire.com>
Date: Mon, 13 Sep 2004 12:40:38 +0100
Subject: [VulnWatch] Corsaire Security Advisory - Multiple vendor MIME
field multiple occurrence issue
To: advisories@corsaire.com


-- Corsaire Security Advisory --

Title: Multiple vendor MIME field multiple occurrence issue
Date: 04.08.03
Application: various
Environment: various
Author: Martin O'Neal [martin.oneal@corsaire.com]
Audience: General distribution
Reference: c030804-002

-- Scope --

The aim of this document is to clearly define a MIME content evasion
issue that affects a variety of products including; browsers, proxy
servers, email clients, content security gateways and antivirus
products.

-- History --

Discovered: 04.08.03 (Martin O'Neal)
CERT/CC notified: 18.08.03
NISCC notified: 24.10.03
Document released: 13.09.04

This advisory has been created from merging Corsaire advisories with
references c030804-001, c030806-001 and c030806-002.

-- Overview --

There are a number of content security gateway and antivirus products
available that provide policy based security functionality. Part of this
functionality allows the products to block embedded file attachments
based on their specific content type, such as executables or those
containing viruses. However, by using malformed MIME encapsulation
techniques centred on the presence of multiple occurrences of fields,
this functionality can be evaded.

-- Analysis --

The MIME standards are intended to provide a common mechanism to
exchange data between systems and are used extensively by protocols such
as HTTP and SMTP. The structure of a MIME message is defined in RFC2045
[1], which in turn makes use of concepts introduced in RFC822 [2]
(superseded by RFC2822 [3]).

The standards define a range of fields that control how data is encoded
within the transport, and how it should be interpreted by the receiving
agent. RFC822 states "This specification permits multiple occurrences of
most fields. Except as noted, their interpretation is not specified
here, and their use is discouraged."

As usual, this lack of clarity within an RFC has been interpreted in
various ways by the assorted vendors. For many products, such as email
clients and browsers, this scope for interpretation might only result in
some unreliable behaviour. However, for a collection of security
products, being unaware of the various ways that the standard has been
interpreted can lead to more serious results, as the products may fail
to detect a threat within the data stream.

When a receiving agent is presented with a MIME message that contains
multiple occurrences of a field, it tends to respond in one of four
broad ways:

- It identifies the MIME message as malformed and blocks it.
- It fails to interpret the MIME field (or message).
- It interprets the first occurrence of a field and ignores all those
 that follow it.
- It interprets the last occurrence of a field and ignores all those
 that precede it.

The first of the four would be the correct behaviour for a security
conscious product, but based on empirical research this is not the
common result.

The MIME field multiple occurrence issue has been observed to affect
most of the headers, parameters and values defined within the standard.
To use this issue as an attack mechanism, all that is required is to
identify a target that has a client agent that interprets the chosen
MIME field in a different way to any security products that protect it.

-- Recommendations --

To be effective tools, the security products must not only be able to
process encoding techniques implemented as per the relevant standard,
but also common misinterpretations and deliberate corruptions.

As an ongoing process, a study project should be undertaken by the
vendors to identify applications that routinely decode MIME objects and
have a liberal interpretation of the MIME standard.

NISCC have produced a document consolidating a number of vendor
statements on these issues [4]. Contact your vendor directly to
establish whether you are affected by these issues.

-- Background --

This issue was discovered using a custom SMTP/HTTP vulnerability
analysis tool developed by Corsaire's security assessment team. This
tool is not available publicly, but is an example of the specialist
approach used by Corsaire's consultants as part of a commercial security
assessment. To find out more about the cutting edge services provided by
Corsaire simply visit our web site at http://www.corsaire.com

-- CVE --

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2003-1014 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardises
names for security problems.

-- References --

[1] http://www.faqs.org/rfcs/rfc2045.html
[2] http://www.faqs.org/rfcs/rfc822.html
[3] http://www.faqs.org/rfcs/rfc2822.html
[4] http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

-- Revision --

a. Initial release.
b. Released.

-- Distribution --

This security advisory may be freely distributed, provided that it
remains unaltered and in its original form.

-- Disclaimer --

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. Corsaire
accepts no responsibility for any damage caused by the use or misuse of
this information.

-- About Corsaire --

Corsaire are a leading information security consultancy, founded in 1997
in Guildford, Surrey, UK. Corsaire bring innovation, integrity and
analytical rigour to every job, which means fast and dramatic security
performance improvements. Our services centre on the delivery of
information security planning, assessment, implementation, management
and vulnerability research.

A free guide to selecting a security assessment supplier is available at
http://www.penetration-testing.com

Copyright 2003 Corsaire Limited. All rights reserved.



--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 20:54:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: [VulnWatch] Corsaire Security Advisory - Multiple vendor
    MIME field multiple occurrence issue
Message-ID: <mailman.1926.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Quite a bit of work has been done on this very recently. New version
appearing shortly...
We are working on it, I'm just trying to get some more sample messages at
the moment.

At 20:40 13/09/2004, Mariano Absatz wrote:
>I didn't check anything about MailScanner, but I think we're at the
>mercy of MIME-tools, are we?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From el.baby at gmail.com  Mon Sep 13 20:58:32 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:52 2006
Subject: Message-ID matching
Message-ID: <mailman.1927.1137101212.24926.mailscanner@lists.mailscanner.info>

On Fri, 10 Sep 2004 12:45:47 +0800, Mathias Koerber
<mathias.koerber@lightspeed.com.sg> wrote:
>         Date:         Sat, 4 Sep 2004 16:02:30 -0500
>         Reply-To:     MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>         From:         Alex Neuman van der Hans <alex@NKPANAMA.COM>
>         Subject:      Re: Message-ID matching
>
>
>         You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
>         well most of the time.
>
> That may help some, but I am more after a generic solution which makes
> MailScanner remember the Message-IDs of messages sent out, so that replies
> that carry these in the references/in-reply-to are scored as much more
> likely being genuine than apparent replies which carry unknown Message-IDs.
>
> any hints?
>
> All I think would be required is
>
> a) a hook into MailScanner recording the Message-ID of outgoing messages
>    (just before handing them back to sendmail)
> b) a hook somewhere in the checking routine to check incoming messages
>    against known Ids (and a way to specify rules how to handle matches/
>    non-matches)
> c) some form of maintenance tool to purge the DB every now and then
>    (unless it can be a circular buffer overwriting the oldest entry
>    when full by itself).
>
> Secondly, many of the bounces we get are not virus warnings, but bounces
> because some virus somewhere sent email to nonexistent users/domains
> using a forged from: in our domain. From my cursory inspection the
> bogus virus warnings rules do not conver that..
Mmmmhhh you shouldn't get into those waters...

'Memory' is a _very_ dificult thing for a mail server, and if you have
more than one mailserver for outgoing and/or incoming mail, then
things get really worst.

Even though...  step b), in your proposal is incomplete... you have to
check those incoming messages ID's _ONLY_ for messages that are
bounces... not for EVERY incoming message... for instance, the
Message-Id of this message that has just been 'incoming' to your
server (so you can read it now) was completely unknown to your server,
that is, it never came out, cause it was generated outside...

You could do this check _ONLY_ for messages whose envelope from is
empty (SMTP 'MAIL FROM:<>'), but then, there are hundreds of brain
damaged mail servers out there that generate bounces and use
MAILER-DAEMON@domain or other similar stuff for envelope from (some of
them are wrongly configured because other stupid sysadmin before
thought that rejecting empty envelope froms would keep spam away...
well the chain of stupidity is almost limitless).

Then, you should also be sure that all valid mail with a from address
in your domain DID pass thru your outgoing MailScanners... maybe a
roaming user of your network sends mail from your domain using other
SMTP servers...

If I were you, I'd give a shot to "bogus virus warnings" SpamAssassin
rules from SARE before trying this stuff...



--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From el.baby at gmail.com  Mon Sep 13 21:33:47 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: [VulnWatch] Corsaire Security Advisory - Multiple vendor
    MIME field multiple occurrence issue
Message-ID: <mailman.1928.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 13 Sep 2004 20:54:14 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> Quite a bit of work has been done on this very recently. New version
> appearing shortly...
> We are working on it, I'm just trying to get some more sample messages at
> the moment.
So, the new version of MIME-tools that the people @MIMEdefang are
working on is supposedly solving this stuff?

Great to know!

>
> At 20:40 13/09/2004, Mariano Absatz wrote:
> >I didn't check anything about MailScanner, but I think we're at the
> >mercy of MIME-tools, are we?
>

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From el.baby at gmail.com  Mon Sep 13 21:33:47 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: [VulnWatch] Corsaire Security Advisory - Multiple vendor
    MIME field multiple occurrence issue
Message-ID: <mailman.1929.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 13 Sep 2004 20:54:14 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> Quite a bit of work has been done on this very recently. New version
> appearing shortly...
> We are working on it, I'm just trying to get some more sample messages at
> the moment.
So, the new version of MIME-tools that the people @MIMEdefang are
working on is supposedly solving this stuff?

Great to know!

> 
> At 20:40 13/09/2004, Mariano Absatz wrote:
> >I didn't check anything about MailScanner, but I think we're at the
> >mercy of MIME-tools, are we?
> 

-- 
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

From sastian at OP.PL  Mon Sep 13 21:59:35 2004
From: sastian at OP.PL (Sebastian Plosarek)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1930.1137101212.24926.mailscanner@lists.mailscanner.info>

>
>What version of MailScanner are you running???
>
>I believe this function/option was introcuded in 4.28.5 looking at the
>chnagelog...
>


Martin,

My version of MailScanner is pretty old. I'm running 4.23.something.
As far as I can see it would be a good idea to upgrade my installation to a
newer one. Should there be no problems with it as long as I stick to the
tips given in MAQ at www.mailscanner.info?
Should I take any special care about SpamAssassin or is it included in the
newest package? Should I backup SpamAssassin's config files?

Thanks for any info in advance.

Best regards,
Sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 13 22:00:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: [VulnWatch] Corsaire Security Advisory - Multiple vendor
    MIME field multiple occurrence issue
Message-ID: <mailman.1931.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:33 13/09/2004, you wrote:
>On Mon, 13 Sep 2004 20:54:14 +0100, Julian Field
><mailscanner@ecs.soton.ac.uk> wrote:
> > Quite a bit of work has been done on this very recently. New version
> > appearing shortly...
> > We are working on it, I'm just trying to get some more sample messages at
> > the moment.
>So, the new version of MIME-tools that the people @MIMEdefang are
>working on is supposedly solving this stuff?

Hey! They aren't the only ones working on it. There's plenty of my code in
there too.
:o)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jonas at PIN.SE  Mon Sep 13 23:03:36 2004
From: jonas at PIN.SE (Jonas Back)
Date: Thu Jan 12 21:26:52 2006
Subject: Strange corrupted postfix queue file
Message-ID: <mailman.1932.1137101212.24926.mailscanner@lists.mailscanner.info>

Cheers,

I've got Mailscanner 4.33.3-2 and postfix 2.1.4-5 running fine and working
very good. Well.. I thought so anyway.

I have now found some corrupted messages in /var/spool/postfix/corrupt

I also found this in the syslog:
---
Sep 13 18:30:15 ewash postfix/qmgr[16389]: B1B356C2A5: from=<cisco-nsp-
bounces@puck.nether.net>, size=9505, nrcpt=2 (queue active)
Sep 13 18:30:15 ewash postfix/qmgr[16389]: warning: B1B356C2A5: rcpt count
mismatch (1)
Sep 13 18:30:16 ewash postfix/smtp[28193]: warning: corrupted queue file:
active/B/B1B356C2A5
Sep 13 18:30:16 ewash postfix/smtp[28193]: panic: smtp_rcpt_cleanup:
recipient count mismatch: 0+0!=1
Sep 13 18:30:17 ewash postfix/qmgr[16389]: warning: premature end-of-input
on private/relay socket while reading input attribute name
Sep 13 18:30:17 ewash postfix/qmgr[16389]: warning: private/relay socket:
malformed response
Sep 13 18:30:17 ewash postfix/qmgr[16389]: warning: transport relay
failure -- see a previous warning/fatal/panic logfile record for the
problem description
Sep 13 18:30:17 ewash postfix/master[16386]: warning:
process /usr/lib/postfix/smtp pid 28193 killed by signal 6
Sep 13 18:30:17 ewash postfix/master[16386]:
warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Sep 13 18:30:17 ewash postfix/qmgr[16389]: warning: saving corrupt
file "B1B356C2A5" from queue "active" to queue "corrupt"
---

Well.. looking at the corrupted message I understand that postfix
complains. It seems like Mailscanner have messed up the message.

It looks like a duplicate och the message have been placed in the middle
of the message. Giving the queue file two envelpoe records and two message
content sections. I can send of one message if it's for any help.

Anyone got an idea why this occur and how to get around it.. The messages
that are stuck are both OK messages and SPAM and with HTML and without so
it doesn't seem to have anything to do with the structure of the message...

Looking forward to get any input here..

Best Regards,
Jonas

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Tue Sep 14 00:20:15 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1933.1137101212.24926.mailscanner@lists.mailscanner.info>

I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at k2sistemas.com.br  Tue Sep 14 01:22:53 2004
From: tonioli at k2sistemas.com.br (Felipe Tonioli)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1934.1137101212.24926.mailscanner@lists.mailscanner.info>

mine :)

*********** REPLY SEPARATOR  ***********

On 13/09/2004 at 18:20 Mike Kercher wrote:

>I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.
>
>Mike
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at ocs.com  Tue Sep 14 01:42:01 2004
From: james_gray at ocs.com (James Gray)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1935.1137101212.24926.mailscanner@lists.mailscanner.info>

On Tue, 14 Sep 2004 09:20 am, Mike Kercher wrote:
> I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.
>
> Mike

I'll take one :)

-- James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Tue Sep 14 01:49:23 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:52 2006
Subject: Gmail Invites
Message-ID: <mailman.1936.1137101212.24926.mailscanner@lists.mailscanner.info>

Mike Kercher wrote:
> I have 4 Gmail invites if anyone wants them.  First 4 to reply get
> them.
>
> Mike
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

All gone!  I'll post when I have more.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From worker at MOMPOPMEDIA.COM  Tue Sep 14 01:53:01 2004
From: worker at MOMPOPMEDIA.COM (Michael Caplan)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1937.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
i'm game if there are any left!

thanks!



James Gray wrote:

>On Tue, 14 Sep 2004 09:20 am, Mike Kercher wrote:
>
>
>>I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.
>>
>>Mike
>>
>>
>
>I'll take one :)
>
>-- James
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ochanis at NCC.EDU  Tue Sep 14 02:14:10 2004
From: ochanis at NCC.EDU (Steve Ochani)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1938.1137101212.24926.mailscanner@lists.mailscanner.info>

I'd like one

thanks


On 13 Sep 2004 at 18:20, Mike Kercher wrote:

> I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»
I never made a mistake in my life. I thought I did
once, but I was wrong. -- Lucy Van Pelt

Steve O.
http://www.steveo.us

B17G WWII Bomber "Yankee Lady" Flight
http://www.steveo.us/b17ride

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at ocs.com  Tue Sep 14 02:46:58 2004
From: james_gray at ocs.com (James Gray)
Date: Thu Jan 12 21:26:52 2006
Subject: spamassassin rules
Message-ID: <mailman.1939.1137101212.24926.mailscanner@lists.mailscanner.info>

On Tue, 14 Sep 2004 03:42 am, Peter Bonivart wrote:
> Joe Stuart wrote:
> > Is it possible to store custom spamassassin rules in separate files
> > instead of putting them all in the spam.assassin.prefs.conf file?  I'm
> > adding rules from rulesemporium.com.
>
> I put my rules in /etc/mail/spamassassin/. Just name the file/s .cf.
>
> --
> /Peter Bonivart

...and be aware SpamAssassin loads them in alphabetical order based on their
file names, eg,

Load order:       File name:
1.                00_z_foo.cf
2.                01_a_bar.cf
3.                1_baz.cf
4.                10_another.cf
5.                Alfalfa.cf  (notice captial first letter)
6.                alfalfa.cf
7.                brussel_sprout.cf
...
nn.               zzzz.cf

So if you have a bunch of "meta" rules (or something) that other rules depend
on, you might want to consider forcing the load order with preceding the file
names with zero-leading padded numbers, like I did above in the first 2
examples.

Have a look at Spamassassin's default rules for a better example :)

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 08:43:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Strange corrupted postfix queue file
Message-ID: <mailman.1940.1137101212.24926.mailscanner@lists.mailscanner.info>

At 23:03 13/09/2004, you wrote:
>Cheers,
>
>I've got Mailscanner 4.33.3-2 and postfix 2.1.4-5 running fine and working
>very good. Well.. I thought so anyway.
>
>I have now found some corrupted messages in /var/spool/postfix/corrupt

Please try the attached patch.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "PFDiskStore.pm.patch")  ]
    [ 1.1KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep 14 08:51:48 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1941.1137101212.24926.mailscanner@lists.mailscanner.info>

I've got 6 gmail invites. Pop me an email offlist if you want one.

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Tue Sep 14 08:52:00 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1942.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi all!

Received another one line + image spam mail. The header as created by
MS+SA says this:

X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=7.982, required 6,
        BAYES_99 1.89, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30,
        HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS
1.47,
        MPART_ALT_DIFF 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22)

Which does not mention any SURBL.

When I do a lookup on http://www.rulesemporium.com/cgi-bin/uribl.cgi

I get this:

peachcasino.com is 62.73.174.136 [  rbl lookup  ]
domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]

* URIBL: ws.surbl.org: listed [Blocked, See: http://www.stearns.org/sa-blacklist/]
* URIBL: sc.surbl.org: not listed
* URIBL: ob.surbl.org: not listed
* URIBL: multi.surbl.org: listed [Blocked, peachcasino.com on lists [ws], See: http://www.surbl.org/lists.html]
* URIBL: ab.surbl.org: not listed


I thought SA 3 (rc4) was using combined SURBL lists so this should have
come up? Any ideas why this didn't come up blacklisted?

(Extremely annoying btw that it is not possible to put the output of
spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf though
| less or more), I can never read the top bit....) URI is working on some
mails.


Thx!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike.norton at JOBSITE.CO.UK  Tue Sep 14 08:58:57 2004
From: mike.norton at JOBSITE.CO.UK (Mike Norton)
Date: Thu Jan 12 21:26:52 2006
Subject: Per Account Blacklisting
Message-ID: <mailman.1943.1137101212.24926.mailscanner@lists.mailscanner.info>

Is there anyway with MailScanner to blacklist on a per User basis 

e.g Block mails coming from blah@whatever.com to myaccount@myserver.com and allowing it to be sent anotheraccount@myserver.com

Thanks

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 08:59:56 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Fwd: SpamAssassin 3.0.0-rc5 RELEASED
Message-ID: <mailman.1944.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The noble guys at SpamAssassin have released another "release candidate".
I have just updated the ClamAV-and-SA installer at
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz

>*** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3.0.0 RELEASE ***
>
>SpamAssassin 3.0.0-rc5 is released!  SpamAssassin 3.0.0 is a major update
>and includes a number of new email and anti-spam technologies.
>Downloading
>-----------
>
>Pick it up from:
>
>   http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.tar.gz
>   http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.tar.bz2
>   http://spamassassin.apache.org/released/Mail-SpamAssassin-3.0.0-rc5.zip

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 14 09:05:34 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: scan zip files
Message-ID: <mailman.1945.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sebastian

should be pretty straight forward...

backups *always* advisable before making changes...

SA is not part of MS and should be upgraded separately...you prob want
to do one at a time and have some testing period before doing the 2nd
one. IE take is nice and slow, no big bang approach.

If you are upgrading SA from <2.60 be aware the bayes database format
chnaged from 2.5x to 2.6x


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Sebastian Plosarek wrote:
>>What version of MailScanner are you running???
>>
>>I believe this function/option was introcuded in 4.28.5 looking at the
>>chnagelog...
>>
>
>
>
> Martin,
>
> My version of MailScanner is pretty old. I'm running 4.23.something.
> As far as I can see it would be a good idea to upgrade my installation to a
> newer one. Should there be no problems with it as long as I stick to the
> tips given in MAQ at www.mailscanner.info?
> Should I take any special care about SpamAssassin or is it included in the
> newest package? Should I backup SpamAssassin's config files?
>
> Thanks for any info in advance.
>
> Best regards,
> Sebastian

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 14 09:07:37 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1946.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco

would be better asking this on the SA-users or surb users lists???



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
> Hi all!
>
> Received another one line + image spam mail. The header as created by
> MS+SA says this:
>
> X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=7.982, required 6,
>        BAYES_99 1.89, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30,
>        HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS
> 1.47,
>        MPART_ALT_DIFF 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22)
>
> Which does not mention any SURBL.
>
> When I do a lookup on http://www.rulesemporium.com/cgi-bin/uribl.cgi
>
> I get this:
>
> peachcasino.com is 62.73.174.136 [  rbl lookup  ]
> domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]
>
> * URIBL: ws.surbl.org: listed [Blocked, See:
> http://www.stearns.org/sa-blacklist/]
> * URIBL: sc.surbl.org: not listed
> * URIBL: ob.surbl.org: not listed
> * URIBL: multi.surbl.org: listed [Blocked, peachcasino.com on lists
> [ws], See: http://www.surbl.org/lists.html]
> * URIBL: ab.surbl.org: not listed
>
>
> I thought SA 3 (rc4) was using combined SURBL lists so this should have
> come up? Any ideas why this didn't come up blacklisted?
>
> (Extremely annoying btw that it is not possible to put the output of
> spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf though
> | less or more), I can never read the top bit....) URI is working on some
> mails.
>
>
> Thx!!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Tue Sep 14 09:13:48 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:52 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1947.1137101212.24926.mailscanner@lists.mailscanner.info>

On Tue, Sep 14, 2004 at 08:51:48AM +0100, Michele Neylon :: Blacknight Solutions wrote:
> I've got 6 gmail invites. Pop me an email offlist if you want one.

Ugh. Half the lists I'm on have turned into gmail invite clearing
houses. Can we please avoid this here?

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 14 09:15:56 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:52 2006
Subject: Per Account Blacklisting
Message-ID: <mailman.1948.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike

should be able to do this with rules - have a look in the examples
directory, the MAQ/FAQ or the online docs for the MailScanner.conf settings.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Mike Norton wrote:
> Is there anyway with MailScanner to blacklist on a per User basis
>
> e.g Block mails coming from blah@whatever.com to myaccount@myserver.com and allowing it to be sent anotheraccount@myserver.com
>
> Thanks
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mynamewasgone at gmail.com  Tue Sep 14 09:27:52 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1949.1137101212.24926.mailscanner@lists.mailscanner.info>

On Tue, 14 Sep 2004 09:52:00 +0200, Remco Barendse
<mailscanner@barendse.to> wrote:
> (Extremely annoying btw that it is not possible to put the output of
> spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf though
> | less or more), I can never read the top bit....) URI is working on some
> mails.

Hi, why don't you redirect stderr?

spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf 2>&1 | less

will redirect stderr to stdout and pipe that to less.

Or you could run

spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
2>lintoutput.txt

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 09:31:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Per Account Blacklisting
Message-ID: <mailman.1950.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please read CustomConfig.pm, there is code in there to do what you want.
It's fairly well commented to get you started.

At 08:58 14/09/2004, you wrote:
>Is there anyway with MailScanner to blacklist on a per User basis
>
>e.g Block mails coming from blah@whatever.com to myaccount@myserver.com
>and allowing it to be sent anotheraccount@myserver.com
>
>Thanks
>
>Mike
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gaborv at KIG.HU  Tue Sep 14 09:55:14 2004
From: gaborv at KIG.HU ([iso-8859-2] Veszprémi Gábor)
Date: Thu Jan 12 21:26:52 2006
Subject: Report if .EXE found, but keep quiet on .SCR
Message-ID: <mailman.1951.1137101212.24926.mailscanner@lists.mailscanner.info>

Hello,

On my Debian Linux system, EXE, SCR and other executables are blocked. I
want to set up MailScanner to work differently on some file types.

1. I would like to block EXEs, and report this blocking to the recipient,
the sender and the postmaster. Attachment should be quarantined. (it works
now)

2. I would like to block SCRs, but keep quiet, neither them nor the
postmaster should get a report, and MailScanner shouldn't use the
quarantine, only delete this attachment.

I read about using rules like "allow" and "deny" in the filename.rules.conf
file, there is no "deny-but-not-report", because reporting and quarantine is
configurable only in mailscanner.conf, and it is system-wide.

Is there a solution? How can I set up this?

Thank you in advance:
GaborV

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 10:13:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.1952.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, you read it right, there is now a MailScanner book.

It is a user guide, administration guide, and a training manual. The user 
and administration guide is written by Steve Swaney of Fortress Systems 
Ltd, and I have written the training manual.

The training manual describes exactly what MailScanner does, in horrifying 
detail, so should give you a very good idea of how the different components 
of the system interact.

It is accurate as of version MailScanner version 4.32.

It is priced at a very reasonable $39.95 (about £23 in the UK).

You can buy it from here:
http://www.cafepress.com/mailscanner2,mailscanner.13170076

But feel free to look around the rest of the MailScanner store at
http://www.mailscanner.info/store
-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 10:13:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.1953.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, you read it right, there is now a MailScanner book.

It is a user guide, administration guide, and a training manual. The user 
and administration guide is written by Steve Swaney of Fortress Systems 
Ltd, and I have written the training manual.

The training manual describes exactly what MailScanner does, in horrifying 
detail, so should give you a very good idea of how the different components 
of the system interact.

It is accurate as of version MailScanner version 4.32.

It is priced at a very reasonable $39.95 (about £23 in the UK).

You can buy it from here:
http://www.cafepress.com/mailscanner2,mailscanner.13170076

But feel free to look around the rest of the MailScanner store at
http://www.mailscanner.info/store
-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

</x-flowed>

From listas at VIRUSATTACK.COM.AR  Tue Sep 14 10:32:34 2004
From: listas at VIRUSATTACK.COM.AR (Ignacio M. Sbampato)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner 4.33.3-1 & NOD32 2.04-1
Message-ID: <mailman.1954.1137101212.24926.mailscanner@lists.mailscanner.info>

Any answer? :-\

----- Original Message -----
From: "Ignacio M. Sbampato" <listas@VIRUSATTACK.COM.AR>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 08, 2004 1:21 AM
Subject: MailScanner 4.33.3-1 & NOD32 2.04-1


> Guys,
>
> i'm having some troubles with latest version of NOD32 & MailScanner (fresh
> install). MailScanner is running and processing emails (according to logs
> and emails headers) and it's running NOD32 (according to nod32.log - i
> modified nod32-wrapper to write in the log with param --log) but the virus
> aren't detected (subjet isn't being modified with {VIRUS?}text) or deleted
> from messages.
>
> I'm using NOD32 2.04-1 (latest), so i configured MailScanner.conf to use
> nod32-1.99 as Virus Scanner. Virus Scanning is turned on.
>
> I noted some differences between current nod32.log and the one was
generated
> by previous versions of NOD32 (like the first 1.99). Now, NOD32 is
> generating log file as following:
>
> --------> cut <---------
>
> Signatures database module, version 1.864 (20040907).
> Archives support module, version 1.019 (20040823).
> Advanced heuristics module, version 1.010 (20040902).
>
> Command line: --log --arch --all
>
> Scanning started on 09-08-2004, 06:09:29
> object="file",
> name="/var/spool/MailScanner/incoming/2699/BB75C1B819A/your_letter.pif",
> virus="Win32/Netsky.D worm", action="", info="", lines=0
>
> Scanning finished at 06:09:29, total time: 0 sec (0:00:00)
> Total files:    3
> Infected files: 1
> Cleaned files:  0
>
> --------> cut <---------
>
> Could be this the problem?
>
> According to 'man nod32' command, the return codes of NOD32 on-demmand
> scanner (/usr/sbin/nod32) are the following:
>
> --------> cut <---------
>
>        0   - Everything ok, no viruses found.
>        1   - All viruses were cleaned.
>        10  - At least one virus was found.
>        100 - Internal error occurred, no scanning performed.
>        101 - Error occurred during archives unpacking, no scanning
> performed.
>
> --------> cut <---------
>
> Are those the return codes expected by MailScanner?
>
> The following is some information extracted from 'maillog' related to
> previous message NOD32 scanning result:
>
> --------> cut <---------
>
> Sep  8 06:09:28 melkart MailScanner[2699]: New Batch: Scanning 1 messages,
> 26347 bytes
> Sep  8 06:09:29 melkart MailScanner[2699]: Virus and Content Scanning:
> Starting
> Sep  8 06:09:29 melkart postfix/smtpd[4111]: connect from
> unknown[192.168.0.18]
> Sep  8 06:09:29 melkart MailScanner[2699]: Requeue: BB75C1B819A to
> D5A311B819D
> Sep  8 06:09:29 melkart postfix/qmgr[2648]: D5A311B819D:
> from=<email@domain.com>, size=25914, nrcpt=4 (queue active)
> Sep  8 06:09:29 melkart MailScanner[2699]: Uninfected: Delivered 1
messages
> Sep  8 06:09:29 melkart postfix/smtpd[4111]: 6C3411B819A:
> client=unknown[192.168.0.18]
> Sep  8 06:09:29 melkart postfix/local[4123]: D5A311B819D:
> to=<email@domain.com>, relay=local, delay=1, status=sent (delivered to
> command: /usr/local/bin/maildrop)
>
> --------> cut <---------
>
> If anyone can help, it'll great =)
>
> Regards,
>
> Ignacio
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Tue Sep 14 10:46:01 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1955.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> Received another one line + image spam mail. The header as created by
> MS+SA says this:
>
> X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=7.982, required 6,
>       BAYES_99 1.89, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30,
>       HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS
> 1.47,
>       MPART_ALT_DIFF 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22)
>
> Which does not mention any SURBL.
>
> When I do a lookup on http://www.rulesemporium.com/cgi-bin/uribl.cgi

>
> peachcasino.com is 62.73.174.136 [  rbl lookup  ]
> domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]

Was the domain mentioned in the body of the mail, or a sending header?
The checks done in SA3 are inside body, and also with a certain pattern,
it has to have http and so on.

We are talking on the SA dev list to get that last behaviour changed btw.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Tue Sep 14 10:59:45 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1956.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 14 Sep 2004, Raymond Dijkxhoorn wrote:

> Hi!
>
>> Received another one line + image spam mail. The header as created by
>> MS+SA says this:
>>
>> X-gw-MailScanner-SpamCheck: spam, SpamAssassin (score=7.982, required 6,
>> BAYES_99 1.89, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30,
>> HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_BASE64_BLANKS
>> 1.47,
>> MPART_ALT_DIFF 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22)
>>
>> Which does not mention any SURBL.
>>
>> When I do a lookup on http://www.rulesemporium.com/cgi-bin/uribl.cgi
>
>>
>> peachcasino.com is 62.73.174.136 [  rbl lookup  ]
>> domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]
>
> Was the domain mentioned in the body of the mail, or a sending header?
> The checks done in SA3 are inside body, and also with a certain pattern,
> it has to have http and so on.

The domain was mentioned in the body, so it should have been caught I
guess.... The domain was the only line in the e-mail.

Thanx!


> We are talking on the SA dev list to get that last behaviour changed btw.
>
> Bye,
> Raymond.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Tue Sep 14 11:02:42 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:52 2006
Subject: Debugging SA SURBL
Message-ID: <mailman.1957.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>>> peachcasino.com is 62.73.174.136 [  rbl lookup  ]
>>> domain registered: ..............: Mon, Jul 14, 2003 [ full whois ]

>> Was the domain mentioned in the body of the mail, or a sending header?
>> The checks done in SA3 are inside body, and also with a certain pattern,
>> it has to have http and so on.
>
> The domain was mentioned in the body, so it should have been caught I
> guess.... The domain was the only line in the e-mail.

Question remains, how was it listed, just the domain, or www.domain or
http://www.domain

Could also be it was added after you got the mail, to perhaps a timing
issue. Most of the time ;) we add the domains after receiving spam, not
before.

Bye,
Raymond,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From wm at META.NET  Tue Sep 14 11:12:03 2004
From: wm at META.NET (Michael Weis)
Date: Thu Jan 12 21:26:52 2006
Subject: mailscanner and apple-mails
Message-ID: <mailman.1958.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

when my apple-users send an email with an attachment
mailscanner says:
cant  analyze email,

The corresponding entry in the syslog of the mailserver (running
CommuniGatePro 3.5.2)
says:
--------MailScanner[26397]: Cannot parse
/var/spool/MailScanner/incoming/26397/32413.header and , --------

I found out, that the apple-mail-clients break down emails with one or
more attachments
into several more attachments (59 in the current email)
but I'm not shure if this is the reason why mailscanner couldn't analyze.

I know that there is an entry in the Mailscanner.conf-file where you can
set the
max-number of attachments, but I think this isn't the right way to solve
the problem.


Here are my software-revisions:
mailscanner V. 4.25.14
spamassassin 2.63
SuSE Linux 7.3
perl 5  5.6.1


TIA

Greetings

Michael


PS I really really searched the mailscanner-archives and google and and
for a problem like this
       it seems that this has never happend (can't believe)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 11:22:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Report if .EXE found, but keep quiet on .SCR
Message-ID: <mailman.1959.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
"deny+delete" should do what you want.

At 09:55 14/09/2004, you wrote:
>1. I would like to block EXEs, and report this blocking to the recipient,
>the sender and the postmaster. Attachment should be quarantined. (it works
>now)
>
>2. I would like to block SCRs, but keep quiet, neither them nor the
>postmaster should get a report, and MailScanner shouldn't use the
>quarantine, only delete this attachment.
>
>I read about using rules like "allow" and "deny" in the filename.rules.conf
>file, there is no "deny-but-not-report", because reporting and quarantine is
>configurable only in mailscanner.conf, and it is system-wide.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 12:06:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: mailscanner and apple-mails
Message-ID: <mailman.1960.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You need to configure your Apple mail clients so that they do not fragment
large attachments.

At 11:12 14/09/2004, you wrote:
>when my apple-users send an email with an attachment
>mailscanner says:
>cant  analyze email,
>
>The corresponding entry in the syslog of the mailserver (running
>CommuniGatePro 3.5.2)
>says:
>I found out, that the apple-mail-clients break down emails with one or
>more attachments
>into several more attachments (59 in the current email)

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep 14 12:14:29 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.1961.1137101212.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Yes, you read it right, there is now a MailScanner book.
> 
> It is a user guide, administration guide, and a training
> manual. The user and administration guide is written by Steve
> Swaney of Fortress Systems Ltd, and I have written the
> training manual.
> 
> The training manual describes exactly what MailScanner does,
> in horrifying detail, so should give you a very good idea of
> how the different components of the system interact.
> 
> It is accurate as of version MailScanner version 4.32.
> 
> It is priced at a very reasonable $39.95 (about £23 in the UK).
> 
> You can buy it from here:
> http://www.cafepress.com/mailscanner2,mailscanner.13170076
> 
> But feel free to look around the rest of the MailScanner
> store at http://www.mailscanner.info/store

Excellent! 
I ordered a copy for us just now.




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From suporte at SETINET.COM.BR  Tue Sep 14 12:15:41 2004
From: suporte at SETINET.COM.BR (Dennis Robert Kelbert)
Date: Thu Jan 12 21:26:52 2006
Subject: Sintax Error with Qmail options
Message-ID: <mailman.1962.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>MailScanner-install-4.33.3</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I install Mailscanner&nbsp;and i use 
Qmail.</FONT></DIV>
<DIV><FONT face=Arial size=2>When i start it, i have many errors like DEFUNCT 
with "ps ax"</FONT></DIV>
<DIV><FONT face=Arial size=2>Then i read about use it with qmail, and turn a 
line into MailScanner.conf ON, (the qmail hash diretories)</FONT></DIV>
<DIV><FONT face=Arial size=2>but i have other errors about.</FONT></DIV>
<DIV><FONT face=Arial size=2>What i can do?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>Sep 14 08:08:22 internet MailScanner[20136]: Syntax 
error(s) in configuration file:<BR>Sep 14 08:08:22 internet MailScanner[20136]: 
Unrecognised keyword "qmailhashdirectorynumber" at line 117<BR>Sep 14 08:08:22 
internet MailScanner[20136]: Unrecognised keyword "qmailintdhashnumber" at line 
122<BR>Sep 14 08:08:22 internet MailScanner[20136]: Aborting due to syntax 
errors in /opt/MailScanner/etc/MailScanner.conf.<BR>Sep 14 08:08:22 internet 
MailScanner[20136]: Using locktype = flock<BR>Sep 14 08:08:29 internet qmailq: 
Process did not exit cleanly, returned 9 with signal 0<BR>Sep 14 08:08:30 
internet MailScanner[20150]: MailScanner E-Mail Virus Scanner version 4.33.3 
starting...<BR>Sep 14 08:08:31 internet MailScanner[20150]: MailScanner child 
caught a SIGHUP<BR>------------------------------</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;</DIV></FONT>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 13:41:56 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: Sintax Error with Qmail options
Message-ID: <mailman.1963.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Contact the folks at opencomputing.sourceforge.net for help with the qmail
support.
Probably your best bet.

At 12:15 14/09/2004, you wrote:
>MailScanner-install-4.33.3
>
>I install Mailscanner and i use Qmail.
>When i start it, i have many errors like DEFUNCT with "ps ax"
>Then i read about use it with qmail, and turn a line into MailScanner.conf
>ON, (the qmail hash diretories)
>but i have other errors about.
>What i can do?
>
>
>Thanks
>
>------------------------------
>Sep 14 08:08:22 internet MailScanner[20136]: Syntax error(s) in
>configuration file:
>Sep 14 08:08:22 internet MailScanner[20136]: Unrecognised keyword
>"qmailhashdirectorynumber" at line 117
>Sep 14 08:08:22 internet MailScanner[20136]: Unrecognised keyword
>"qmailintdhashnumber" at line 122
>Sep 14 08:08:22 internet MailScanner[20136]: Aborting due to syntax errors
>in /opt/MailScanner/etc/MailScanner.conf.
>Sep 14 08:08:22 internet MailScanner[20136]: Using locktype = flock
>Sep 14 08:08:29 internet qmailq: Process did not exit cleanly, returned 9
>with signal 0
>Sep 14 08:08:30 internet MailScanner[20150]: MailScanner E-Mail Virus
>Scanner version 4.33.3 starting...
>Sep 14 08:08:31 internet MailScanner[20150]: MailScanner child caught a SIGHUP
>------------------------------
>
>
>
>
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Tue Sep 14 14:16:29 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:52 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.1964.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I keep getting spam from mortgage and software 
sales.....</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Anyone have a tip for not letting these guys 
through?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I can send headers, but last 2 times I did my email 
never got through to the list, I guess cuz the mail server thought it was 
spam..</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>:)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>MS 4.28</FONT></DIV>
<DIV><FONT face=Arial size=2>SA.2.63</FONT></DIV>
<DIV><FONT face=Arial size=2>using <EM><FONT 
size=3>surbl.org</FONT></EM></FONT></DIV>
<DIV><EM><FONT face=Arial></FONT></EM>&nbsp;</DIV>
<DIV><EM><FONT face=Arial>Thanks</FONT></EM></DIV><FONT face=Arial size=2>
<DIV><BR>Rob....</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Tue Sep 14 15:11:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner 4.33.3-1 & NOD32 2.04-1
Message-ID: <mailman.1965.1137101212.24926.mailscanner@lists.mailscanner.info>

The wonderful folks at NOD32 have gone and completely changed their output
format, yet again. They must have teams of people just dedicated to
changing stuff.

Please try the attached patch to SweepViruses.pm.

At 10:32 14/09/2004, you wrote:
>Any answer? :-\
>
>----- Original Message -----
>From: "Ignacio M. Sbampato" <listas@VIRUSATTACK.COM.AR>
>To: <MAILSCANNER@JISCMAIL.AC.UK>
>Sent: Wednesday, September 08, 2004 1:21 AM
>Subject: MailScanner 4.33.3-1 & NOD32 2.04-1
>
>
> > Guys,
> >
> > i'm having some troubles with latest version of NOD32 & MailScanner (fresh
> > install). MailScanner is running and processing emails (according to logs
> > and emails headers) and it's running NOD32 (according to nod32.log - i
> > modified nod32-wrapper to write in the log with param --log) but the virus
> > aren't detected (subjet isn't being modified with {VIRUS?}text) or deleted
> > from messages.
> >
> > I'm using NOD32 2.04-1 (latest), so i configured MailScanner.conf to use
> > nod32-1.99 as Virus Scanner. Virus Scanning is turned on.
> >
> > I noted some differences between current nod32.log and the one was
>generated
> > by previous versions of NOD32 (like the first 1.99). Now, NOD32 is
> > generating log file as following:
> >
> > --------> cut <---------
> >
> > Signatures database module, version 1.864 (20040907).
> > Archives support module, version 1.019 (20040823).
> > Advanced heuristics module, version 1.010 (20040902).
> >
> > Command line: --log --arch --all
> >
> > Scanning started on 09-08-2004, 06:09:29
> > object="file",
> > name="/var/spool/MailScanner/incoming/2699/BB75C1B819A/your_letter.pif",
> > virus="Win32/Netsky.D worm", action="", info="", lines=0
> >
> > Scanning finished at 06:09:29, total time: 0 sec (0:00:00)
> > Total files:    3
> > Infected files: 1
> > Cleaned files:  0
> >
> > --------> cut <---------
> >
> > Could be this the problem?
> >
> > According to 'man nod32' command, the return codes of NOD32 on-demmand
> > scanner (/usr/sbin/nod32) are the following:
> >
> > --------> cut <---------
> >
> >        0   - Everything ok, no viruses found.
> >        1   - All viruses were cleaned.
> >        10  - At least one virus was found.
> >        100 - Internal error occurred, no scanning performed.
> >        101 - Error occurred during archives unpacking, no scanning
> > performed.
> >
> > --------> cut <---------
> >
> > Are those the return codes expected by MailScanner?
> >
> > The following is some information extracted from 'maillog' related to
> > previous message NOD32 scanning result:
> >
> > --------> cut <---------
> >
> > Sep  8 06:09:28 melkart MailScanner[2699]: New Batch: Scanning 1 messages,
> > 26347 bytes
> > Sep  8 06:09:29 melkart MailScanner[2699]: Virus and Content Scanning:
> > Starting
> > Sep  8 06:09:29 melkart postfix/smtpd[4111]: connect from
> > unknown[192.168.0.18]
> > Sep  8 06:09:29 melkart MailScanner[2699]: Requeue: BB75C1B819A to
> > D5A311B819D
> > Sep  8 06:09:29 melkart postfix/qmgr[2648]: D5A311B819D:
> > from=<email@domain.com>, size=25914, nrcpt=4 (queue active)
> > Sep  8 06:09:29 melkart MailScanner[2699]: Uninfected: Delivered 1
>messages
> > Sep  8 06:09:29 melkart postfix/smtpd[4111]: 6C3411B819A:
> > client=unknown[192.168.0.18]
> > Sep  8 06:09:29 melkart postfix/local[4123]: D5A311B819D:
> > to=<email@domain.com>, relay=local, delay=1, status=sent (delivered to
> > command: /usr/local/bin/maildrop)
> >
> > --------> cut <---------
> >
> > If anyone can help, it'll great =)
> >
> > Regards,
> >
> > Ignacio
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "SweepViruses.pm.patch")  ]
    [ 1.3KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From gaborv at KIG.HU  Tue Sep 14 15:56:42 2004
From: gaborv at KIG.HU (VeszprXmi GXbor)
Date: Thu Jan 12 21:26:52 2006
Subject: Report if .EXE ... versions
Message-ID: <mailman.1966.1137101212.24926.mailscanner@lists.mailscanner.info>

Hello,

> "deny+delete" should do what you want.
>
> >I read about using rules like "allow" and "deny" in the
filename.rules.conf
> >file, there is no "deny-but-not-report", because reporting and quarantine
is
> >configurable only in mailscanner.conf, and it is system-wide.

Thank you, it is exactly that I was looking for, but I still have a problem.
I've found this "deny+delete" in the latest version of MailScanner, but I
have a stable debian with MailScanner version 3.13.2-4. This old one doesn't
contain this rule.

I tried to install that 4.33.3-2 version (from a testing .deb package) but
the install procedure exits with an error while processing the pre-install
script, executing a "db_get" command. This comand doesn't exist in my
system. I have read the dependency info of this debian package, but I have
not found anything missing.

Is it possible to install the new MailScanner version onto a stable debian?
If it is possible, what should I read to find out what the problem is with
this pre-install script.

GaborV

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mgt at STELLARCORE.NET  Tue Sep 14 16:30:07 2004
From: mgt at STELLARCORE.NET (Mike Tremaine)
Date: Thu Jan 12 21:26:52 2006
Subject: Bayes settings
Message-ID: <mailman.1967.1137101212.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-13 at 09:30, Mike Tremaine wrote:
> I've decided to setup local spam/notspam users to re-train the bayes
> engine and I've got a question about the Mailscanner.conf settings.
>
> Specifically these setttings...
>
> Rebuild Bayes Every = 0
>
> Wait During Bayes Rebuild = no
>
> By default Rebuild Bayes is off? What is the "suggested" use for this if
> you are doing "re-training"? And will a hourly cron that excutes
> sa-learn cause any time-outs?

I guess I should add that the host I want to do this on is a mail
gateway which gets between 25000 - 40000 emails per day [quad pentium
pro 200/ 1 gb ram].

I read in another thread that the Rebuild Bayes Every = x may also be
tied into the restart Mailscanner every x.

So my question is still what is the suggested setting for this [given
these conditions], and what are the benefits for leaving it disabled as
opposed to setting it?

Thanks again for your time.


--
Mike Tremaine
mgt@stellarcore.net
http://www.stellarcore.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Tue Sep 14 18:05:20 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:52 2006
Subject: MailScanner 4.33.3-1 And Issues with Exim
Message-ID: <mailman.1968.1137101212.24926.mailscanner@lists.mailscanner.info>

The attachment you sent could not be read.

The file that was installed after I upgraded was called MailScanner.rpmsave
and tha file only has two lines in it. I did not do a rpm -e mailscanner
prior to upgrading, I simply upgraded over the top of my existing
installation. The rpmsave files were created and I simply copied them over
the existing ones before that I did look at all my files. I need to know
what the /etc/sysconfig/MailScanner file is supposed to look like.

Thanks

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Monday, September 13, 2004 4:01 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner 4.33.3-1 And Issues with Exim

At 01:23 13/09/2004, you wrote:
>The format of this file has changed. When I look at
>/etc/sysconfig/MailScanner.conf.rpmsave all I see in there is this;

The file in /etc/sysconfig is not called MailScanner.conf, it is just
called MailScanner. The rpmsave file is what was left over after you last
did "rpm -e mailscanner". The potential new file is .rpmnew and your
current file is just called MailScanner.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michael at dilworth.net  Tue Sep 14 19:59:54 2004
From: michael at dilworth.net (Michael R. Dilworth (E-mail))
Date: Thu Jan 12 21:26:52 2006
Subject: Spam Quarantine report by user?  (DONE!)
Message-ID: <mailman.1969.1137101212.24926.mailscanner@lists.mailscanner.info>

        It's finished and semi tested (first live/auto run tonight).

        It is a modified version of the mailscanner perl script for
        logwatch.  It sends email each user with a summary of his/her
        messages placed in the quarantine, aka:

        Score:    8.064     id:i8E3gNTK012624
        From:     "fredda torres" <kellyeswade@mail.bulgaria.com>
        Subject:  Be Young Again

        ....

        If anyone would like it let me know and I will pass it on.
        (note I'll wait until tomorrow just to be sure it works)

        It's a bit of a hack, and definitely could use improvement,
        but it works...


        How it works:
                requirements: logwatch (later version with mailscanner included)
                                  linux 'date' aka date -d yesterday
                                  Mail::Mailer
                                  File::Find

                It Scans yesterdays quarantine generating a list of all
                messages and a list of users and there totals.

                From the current logwatch processing it creates a list of
                Message ID's and there scores and saves them in
                        /var/spool/mailscanner/quarantine/'date'/scores.log

                it then loops through each user and the messages creating
                an email message with the score/id/from/subject.

                Note it uses the current scores and loading the score file from
                yesterday to handle the four hours between midnight and 4am when
                cron runs.


        Michael...











------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ree at THUNDERSTAR.NET  Tue Sep 14 20:22:52 2004
From: ree at THUNDERSTAR.NET (Ron E.)
Date: Thu Jan 12 21:26:52 2006
Subject: SA 3 rc5 timeout pattern
Message-ID: <mailman.1970.1137101212.24926.mailscanner@lists.mailscanner.info>

Just wondering if anyone else is seeing anything similar -- I am running
Sa 3 rc 3/4/5 with the default MailScanner RBLs & Bayes.  A few times now
I have noticed a pattern of SA timeouts spaced about 5 minutes apart. The
oddity is how regular the pattern is.

I tried lengthening the SA timeout but that seemed to only slow down the
mail flow. In any case, the last time this happened a restart of
MailScanner seemed to break this timeout pattern. Last time I ran
MailScanner in debug mode I did not see any specific point of timeout.

Any ideas would be of interest.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From spamfilter2 at MUPP.NET  Tue Sep 14 20:23:11 2004
From: spamfilter2 at MUPP.NET (j2)
Date: Thu Jan 12 21:26:53 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.1971.1137101212.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I'm sorry if this is a FAQ.. i _have_ RTFM.. but i 
might be stupid and/or blind.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>exe/com/scr/other files gets rejected which is 
nice. But i would like to allow them if they are in an archive, but still scan 
them for viruses, and reject if contaminated. Is that 
possible?</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep 14 20:43:58 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.1972.1137101213.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-14 at 21:23 +0200, j2 wrote:
> I'm sorry if this is a FAQ.. i _have_ RTFM.. but i might be stupid
> and/or blind.
>
> exe/com/scr/other files gets rejected which is nice. But i would like
> to allow them if they are in an archive, but still scan them for
> viruses, and reject if contaminated. Is that possible?
What have you set the scan depth to on archives?
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Sep 14 20:51:54 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:53 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.1973.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
j2 wrote:

> I'm sorry if this is a FAQ.. i _have_ RTFM.. but i might be stupid
> and/or blind.

Just set the archive depth setting to 0 and it will do exactly what you
want.

>
> exe/com/scr/other files gets rejected which is nice. But i would like to
> allow them if they are in an archive, but still scan them for viruses,
> and reject if contaminated. Is that possible?
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From spamfilter2 at MUPP.NET  Tue Sep 14 21:30:44 2004
From: spamfilter2 at MUPP.NET (j2)
Date: Thu Jan 12 21:26:53 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.1974.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> Just set the archive depth setting to 0 and it will do exactly what you
> want.

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ochanis at ncc.edu  Wed Sep 15 02:08:34 2004
From: ochanis at ncc.edu (Steve Ochani)
Date: Thu Jan 12 21:26:53 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1975.1137101213.24926.mailscanner@lists.mailscanner.info>

On 14 Sep 2004 at 8:51, Michele Neylon :: Blacknight  wrote:

> I've got 6 gmail invites. Pop me an email offlist if you want one.

Don't you mean SMTP you an email :-)

sorry, couldn't resist

>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101


«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»
Education is what remains after one has forgotten everything he
learned in school. -Albert Einstein

Steve O.
http://www.steveo.us

B17G WWII Bomber "Yankee Lady" Flight I took
http://www.steveo.us/b17ride

SUNY NCC Physical Sciences Dept. Network Admin
SUNY NCC MATH/COMPUTER Unix Admin
http://www.matcmp.ncc.edu

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From myeasytech at YAHOO.COM.HK  Wed Sep 15 02:57:44 2004
From: myeasytech at YAHOO.COM.HK (hkbyte)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.1976.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Yes, you read it right, there is now a MailScanner book.
>
> It is a user guide, administration guide, and a training manual. The 
> user and administration guide is written by Steve Swaney of Fortress 
> Systems Ltd, and I have written the training manual.
>
> The training manual describes exactly what MailScanner does, in 
> horrifying detail, so should give you a very good idea of how the 
> different components of the system interact.
>
> It is accurate as of version MailScanner version 4.32.
>
> It is priced at a very reasonable $39.95 (about £23 in the UK).
>
> You can buy it from here:
> http://www.cafepress.com/mailscanner2,mailscanner.13170076
>
> But feel free to look around the rest of the MailScanner store at
> http://www.mailscanner.info/store

Can I have the table of content of  the book. I can't find it in the 
above site.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From forrie at FORRIE.COM  Wed Sep 15 08:21:15 2004
From: forrie at FORRIE.COM (Forrest Aldrich)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner insecurity with Postfix
Message-ID: <mailman.1977.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Someone recently mentioned on the postfix-users list that Mailscanner is
not secure to run with Postfix.   I can't recal whom this was, but
perhaps someone here could comment on this?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 08:49:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.1978.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:57 15/09/2004, you wrote:
>Can I have the table of content of  the book. I can't find it in the above
>site.

Chapter
Introduction..........................................................................
7
A Brief History of
MailScanner....................................................................7
How MailScanner
Works..............................................................................7
2 Chapter
Planning the
Installation...................................................... 13
System Requirements
................................................................................13
Firewall and Network
Requirements.........................................................14
Installing Red Hat Enterprise
Linux..........................................................14
Installing the Message Transfer
Agent......................................................15
Installing sendmail
.....................................................................................15
Installing Exim
...........................................................................................15
Installing
Postfix.........................................................................................15
Installing MailScanner
...............................................................................15
Installing
SpamAssassin.............................................................................16
3 Chapter
MailScanner Configuration.................................................. 19
MailScanner
Files.......................................................................................19
Getting Started with MailScanner Configuration
.....................................20
Before you
start..........................................................................................20
MailScanner.conf
Parameters....................................................................21
General settings
.........................................................................................21
System
Settings..........................................................................................22
Incoming Work Dir
Settings.......................................................................23
Quarantine and Archive
Settings...............................................................24
Processing Incoming Mail
..........................................................................25
Virus Scanning and Vulnerability Testing
.................................................28
Options specific to Sophos
Anti-Virus........................................................31
Options specific to ClamAV Anti-Virus
......................................................32
Removing/Logging dangerous or potentially offensive content ...............32
Attachment Filename
Checking.................................................................35
4
Reports and
Responses..............................................................................
36
Changes to Message Headers
................................................................... 39
Notifications back to the senders of blocked messages
........................... 42
Changes to the Subject:
line...................................................................... 43
Changes to the Message
Body................................................................... 45
Mail Archiving and
Monitoring.................................................................. 46
Notices to System Administrators
............................................................. 46
Spam Detection and Virus Scanner Definitions
........................................ 47
Spam Detection and Spam Lists (DNS blocklists)
.................................... 48
SpamAssassin.............................................................................................
50
What to do with spam
................................................................................
53
Logging.......................................................................................................
56
Advanced SpamAssassin Settings
............................................................. 57
Advanced Settings
.....................................................................................
58
4 Chapter
SpamAssassin Configuration.............................................. 63
spam.assassin.prefs.conf
........................................................................... 64
SpamAssassin and DNS
.............................................................................
64
White and Black
Listing.............................................................................
64
Bayesian Filtering
......................................................................................
65
Network
Checks.........................................................................................
66
Adding SpamAssassin Rules
...................................................................... 67
Changing SpamAssassin Rule
Scores........................................................ 68
SpamAssassin SURBL
rules....................................................................... 68
5 Chapter
Advanced Configuration via Rulesets ................................. 71
Ruleset Formats
.........................................................................................
71
Direction.....................................................................................................
71
Pattern........................................................................................................
72
Result..........................................................................................................
73
6 Chapter
Related Applications
........................................................... 75
MailWatch for MailScanner
....................................................................... 75
MailScanner Webmin Module
................................................................... 76
Vispan.........................................................................................................
76
MailScanner-mrtg
......................................................................................
76
5
phplistadmin...............................................................................................77
Network Spam
Checks...............................................................................77
DCC.............................................................................................................77
Razor...........................................................................................................77
http://razor.sourceforge.net/......................................................................78
Pyzor
...........................................................................................................78
Tuning.........................................................................................................79
Trouble shooting
........................................................................................80
Getting Help
...............................................................................................80
AppendixA
Installing Red Hat Enterprise Linux.................................. 83
AppendixB
Installing Third Party Virus Scanners ............................... 85
AppendixC
Practical Ruleset Examples ............................................... 89
Spam Black
List..........................................................................................89
Only Sign Outgoing Messages
...................................................................89
Use Different Signatures for Different Domains
.......................................90
Only Virus Scan Some
Domains.................................................................90
Send System Administrator Notices to Several People
............................90
Scan for spam only from certain domains
.................................................91
Filename and Filetype Checking for Specified Domains
..........................92
AppendixD
Upgrading MailScanner (rpm Version)............................. 95
The
Upgrade...............................................................................................95
Upgrading Mailscanner.conf
.....................................................................95
Installing .rpmnew
files..............................................................................96

1 Training Introduction
....................................................................................................
101
2 Email Message Structure
..............................................................................................
105
3 The Mail Delivery
Process............................................................................................
111
4 MailScanner: What It
Does...........................................................................................
117
5 Detailed Analysis
..........................................................................................................
123
5.1 Child Processes
.....................................................................................................
129
5.2 Spam Checking
.....................................................................................................
135
5.3 Spam
Actions........................................................................................................
159
5.4 Attachment Extraction
..........................................................................................
171
5.5 Attachment Checks
...............................................................................................
181
5.6 Virus
Scanning......................................................................................................
203
5.7 HTML Checks
......................................................................................................
213
5.8 Quarantine & Modifying Messages
...................................................................... 223
5.9 Silent & Non-Forging Viruses
..............................................................................
245
100
5.10 Message
Responses...............................................................................................
253
5.11 Macro-virus Disinfection
......................................................................................
261
6 Administration
..............................................................................................................
269
7 Configuration
................................................................................................................
279
7.1
Rulesets.................................................................................................................
285
7.2 Custom Functions
.................................................................................................
297
7.3 Internationalisation &
Reports..............................................................................
305
7.4 Directory
Structure................................................................................................
309
7.5 Startup and
Shutdown...........................................................................................
315
8 Charity
Support.............................................................................................................
327

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 08:51:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner insecurity with Postfix
Message-ID: <mailman.1979.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:21 15/09/2004, you wrote:
>Someone recently mentioned on the postfix-users list that Mailscanner is
>not secure to run with Postfix.   I can't recal whom this was, but
>perhaps someone here could comment on this?

The Postfix author doesn't like MailScanner, as I dared to use his software
in a way he hadn't intended. This has been discussed many times in the
past, there will be mentions in the archives. Though the "not secure" tends
to imply that at least they have gotten over their rant about "it doesn't
work" when quite plainly it does.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From davidj at synaq.com  Wed Sep 15 09:15:37 2004
From: davidj at synaq.com (David Jacobson)
Date: Thu Jan 12 21:26:53 2006
Subject: OT:  Gmail Invites
Message-ID: <mailman.1980.1137101213.24926.mailscanner@lists.mailscanner.info>

Yes Please :)

On Tue, 2004-09-14 at 01:20, Mike Kercher wrote:
> I have 4 Gmail invites if anyone wants them.  First 4 to reply get them.
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
Regards,

David Jacobson
Technical Director
SYNAQ (PTY) LTD

Tel:    011 290 6388
Cell:   083 235 0760
Mail:   davidj@synaq.com
WWW:    http://www.synaq.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Wed Sep 15 09:20:43 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner insecurity with Postfix
Message-ID: <mailman.1981.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, September 15, 2004 8:21, Forrest Aldrich said:
> Someone recently mentioned on the postfix-users list that Mailscanner is
> not secure to run with Postfix.   I can't recal whom this was, but
> perhaps someone here could comment on this?
>
Having run MS with Postfix now for as long as it's been available (Can't
remember exactly but at least 12 months and more like 18) and some of that
on some very old kit, I can say that not only does it work but stability
and security (Of data) are great. I have had all sorts of hardware
failures (CPU, RAM, HDD) and the one thing that I could rely on was that
once the crashed hardware was fixed (With the exception of the HDD, which
shattered making data recovery more difficult!), life went on as if
nothing had happened. No message loss or corruption. Even when half my
network was not working properly, mail still was delivered with only a
slight increase in the spam levels due to RBL lookups failing.

Personally, MailScanner works with Postfix and works well.

<Rose tinted glasses>

It's a shame that the Postfix development team won't recognise MS fully
and work to make the software combination better as they share a common
theme of constant development with very active creators and authors, well
documented and easy to configure config files and a desire to make the
best and most secure software available.

</Rose tinted glasses>

Regards

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 15 09:37:00 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:53 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.1982.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
What extra rules have you got installed for Spamassassin?

alot of the SARE rules in www.rulesemporium.com should cover this sort
of spam...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> I keep getting spam from mortgage and software sales.....
>
> Anyone have a tip for not letting these guys through?
>
> I can send headers, but last 2 times I did my email never got through to
> the list, I guess cuz the mail server thought it was spam..
>
> :)
>
> MS 4.28
> SA.2.63
> using /surbl.org/
> //
> /Thanks/
>
> Rob....
>
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 15 09:42:10 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:53 2006
Subject: OT - more filetype problems
Message-ID: <mailman.1983.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
All

Well no sooner does Julian update the 'dodgey' file types according to
M$ list than do M$ have a problem with jpegs (!)..

http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

includes not only IE, but w2k, Office, works(!), Visio, Project...

hope everyone has an automated patch distribution system...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From john at TRADOC.FR  Wed Sep 15 10:12:29 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:26:53 2006
Subject: OT - more filetype problems
Message-ID: <mailman.1984.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, 15 Sep 2004 09:42:10 +0100, Martin Hepworth wrote:
> Well no sooner does Julian update the 'dodgey' file types according to
> M$ list than do M$ have a problem with jpegs (!)..
> 
> http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
> 
> includes not only IE, but w2k, Office, works(!), Visio, Project...

And worse still (hidden in the FAQ section of the bulletin), a note that
even after applying all MS's recommended updates you may still be
vulnerable due to third party software using old versions of
gdiplus.dll! 

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 10:31:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.1985.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released a new beta version, 4.34.2.

This version contains the new MIME-Base64 and MIME-tools packages, so you
will definitely need to run the install scripts, and not just copy over the
new MailScanner code.
This version of MailScanner will *not* work securely with older versions of
the MIME-tools or MIME-Base64 packages.

The Change Log currently looks like this:

* New Features and Improvements *
- Updated the Qmail support. See opencomputing.sf.net for more info on Qmail.
- Changed default supplied values for a few settings. This will have no effect
   on upgraded installations, but will improve resource use for new
   installations, such as not quarantining silent viruses which is pretty
   much a waste of disk space and i/o load.
- Added POSIX back-compatibility switches to scripts wanting to use "tail".
- Added "Remove These Headers" setting to allow arbitrary headers, such as
   delivery receipt requests, to be removed from mail.
- Implemented MCP support for SpamAssassin 3.0.0.
- Published packages for RPM and non-RPM systems to install ClamAV and
   SpamAssassin 3.
- Adapted code to run with MIME-tools 5.412.
- Removed most of the MIME-tools version checks as the new code doesn't
   specify versions for its components.
- Added a load more optional modules to the version number list so we get
   all the modules required by SpamAssassin 3 and Mail::ClamAV.
- Added MIME-tools 5.412 and MIME-Base64 3.03. You must have 3.01 or newer now.
- Updated Catalan reports.
- Added support for NOD32 2.04.

* Fixes *
- Fixed another Postfix perl buffering error on a few OS's.
- Added remaining MCP definitions to languages.conf files.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 10:31:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.1986.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released a new beta version, 4.34.2.

This version contains the new MIME-Base64 and MIME-tools packages, so you
will definitely need to run the install scripts, and not just copy over the
new MailScanner code.
This version of MailScanner will *not* work securely with older versions of
the MIME-tools or MIME-Base64 packages.

The Change Log currently looks like this:

* New Features and Improvements *
- Updated the Qmail support. See opencomputing.sf.net for more info on Qmail.
- Changed default supplied values for a few settings. This will have no effect
   on upgraded installations, but will improve resource use for new
   installations, such as not quarantining silent viruses which is pretty
   much a waste of disk space and i/o load.
- Added POSIX back-compatibility switches to scripts wanting to use "tail".
- Added "Remove These Headers" setting to allow arbitrary headers, such as
   delivery receipt requests, to be removed from mail.
- Implemented MCP support for SpamAssassin 3.0.0.
- Published packages for RPM and non-RPM systems to install ClamAV and
   SpamAssassin 3.
- Adapted code to run with MIME-tools 5.412.
- Removed most of the MIME-tools version checks as the new code doesn't
   specify versions for its components.
- Added a load more optional modules to the version number list so we get
   all the modules required by SpamAssassin 3 and Mail::ClamAV.
- Added MIME-tools 5.412 and MIME-Base64 3.03. You must have 3.01 or newer now.
- Updated Catalan reports.
- Added support for NOD32 2.04.

* Fixes *
- Fixed another Postfix perl buffering error on a few OS's.
- Added remaining MCP definitions to languages.conf files.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 15 10:52:17 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:53 2006
Subject: OT - more filetype problems
Message-ID: <mailman.1987.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John

snigger - DLL hell...

I wonder if they've got this sorted yet - ie how to manage libraries -
in Longwait^H^H^H^Hhorn yet?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


John Wilcock wrote:
> On Wed, 15 Sep 2004 09:42:10 +0100, Martin Hepworth wrote:
>
>>Well no sooner does Julian update the 'dodgey' file types according to
>>M$ list than do M$ have a problem with jpegs (!)..
>>
>>http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
>>
>>includes not only IE, but w2k, Office, works(!), Visio, Project...
>
>
> And worse still (hidden in the FAQ section of the bulletin), a note that
> even after applying all MS's recommended updates you may still be
> vulnerable due to third party software using old versions of
> gdiplus.dll!
>
> John.
>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at blacknightsolutions.com  Wed Sep 15 11:27:20 2004
From: michele at blacknightsolutions.com (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: [MAILSCANNER] ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.1988.1137101213.24926.mailscanner@lists.mailscanner.info>

<snip>

Julian

Any chance of you making available online a "clean" copy of
MailScanner.conf, even as a text file?

Michele



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 11:27:20 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.1989.1137101213.24926.mailscanner@lists.mailscanner.info>

<snip>

Julian

Any chance of you making available online a "clean" copy of
MailScanner.conf, even as a text file?

Michele



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Mathias.Koerber at LIGHTSPEED.COM.SG  Wed Sep 15 12:41:47 2004
From: Mathias.Koerber at LIGHTSPEED.COM.SG (Mathias Koerber)
Date: Thu Jan 12 21:26:53 2006
Subject: Archive rules: sequence and negation?
Message-ID: <mailman.1990.1137101213.24926.mailscanner@lists.mailscanner.info>

HI,

I would like to solicit further information on the rules, especially
those used for Archiving email.

1. How to I negate a condition?

Will this work to keep a copy of mail for all outgoing email?

From: user@localdomain and ! To: @localdomain   /backup


How does the system decide whether a mail is intended for a user?

Assume:
        To: user1@localdomain, user2@localdomain
        Cc: user3:localdomain
        Bcc: user4@localdomain

and the following rules:

To: user1@localdomain           /user1
To: user2@localdomain           /user2
To: user3@localdomain           /user3
To: user4@localdomain           /user4

which rule(s) will be applied? If all, how can I tell it to stop
processing rules?

thanks and regards
-- 
Mathias Körber
mathias@lightspeed.com.sg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 13:52:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: Archive rules: sequence and negation?
Message-ID: <mailman.1991.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:41 15/09/2004, you wrote:
>HI,
>
>I would like to solicit further information on the rules, especially
>those used for Archiving email.
>
>1. How to I negate a condition?

You can't at the moment, sorry.

>How does the system decide whether a mail is intended for a user?
>
>Assume:
>         To: user1@localdomain, user2@localdomain
>         Cc: user3:localdomain
>         Bcc: user4@localdomain
>
>and the following rules:
>
>To: user1@localdomain           /user1
>To: user2@localdomain           /user2
>To: user3@localdomain           /user3
>To: user4@localdomain           /user4
>
>which rule(s) will be applied? If all, how can I tell it to stop
>processing rules?

Most of the rules match on a "first match" basis, but there are some that
work on an "all matches" basis. If you take a look in ConfigDefs.pl, it is
all defined there in a fairly simple structure.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Wed Sep 15 14:04:19 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:53 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.1992.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks , I am not using them, I will  add some stuff though... thanks....

Rob....



----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 15, 2004 4:37 AM
Subject: Re: Damm mortage and software spam


> What extra rules have you got installed for Spamassassin?
>
> alot of the SARE rules in www.rulesemporium.com should cover this sort
> of spam...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I keep getting spam from mortgage and software sales.....
>>
>> Anyone have a tip for not letting these guys through?
>>
>> I can send headers, but last 2 times I did my email never got through to
>> the list, I guess cuz the mail server thought it was spam..
>>
>> :)
>>
>> MS 4.28
>> SA.2.63
>> using /surbl.org/
>> //
>> /Thanks/
>>
>> Rob....
>>
>>
>>
>> ------------------------ MailScanner list ------------------------ To
>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jeff at IMAGE-SRC.COM  Wed Sep 15 14:47:08 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:26:53 2006
Subject: filename rules inside of an archive
Message-ID: <mailman.1993.1137101213.24926.mailscanner@lists.mailscanner.info>

You're right. I tested it again. Works as expected...

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Friday, September 10, 2004 6:39 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: filename rules inside of an archive


At 19:33 09/09/2004, you wrote:
>I thought that setting it to 0 would also turn off virus checking...

No, the archive will still have its content checked for viruses.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From smlists at SHAW.CA  Wed Sep 15 14:49:35 2004
From: smlists at SHAW.CA (Steve Mason)
Date: Thu Jan 12 21:26:53 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.1994.1137101213.24926.mailscanner@lists.mailscanner.info>

I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the software messages.
I haven't seen any mortgage messages  yet...

Steve

>I keep getting spam from mortgage and software sales.....
>Anyone have a tip for not letting these guys through?
>I can send headers, but last 2 times I did my email never got through to the list, I >guess cuz the mail server thought it was spam..

>Rob....

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Wed Sep 15 15:30:54 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:53 2006
Subject: smtptrapd for fake secondary MX
Message-ID: <mailman.1995.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Gang,

I am experimenting with the use of smtptrapd
(http://smtptrapd.inodes.org/) on a box that has been
declared as a secondary MX for our domain.  The idea
here is that spambots that gravitate to higher MX servers
go to smtptrapd and get tmpfail rejected, instead of going
to our real primary MX and clogging up our mailer software.
There was an article about this code in a recent issue of
SysAdmin magazine.

I've got it installed and working for our domain, and I'm
watching the syslogging.  And I'm waiting for the phone to
ring with complaints.  Anybody else tried this approach?

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Wed Sep 15 15:42:34 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:53 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.1996.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I do not see these rules on www.rulesemporium.com   where are they?

And after I added rules from www.rulesemporium.com  I still get these
irritating emails with subject "your meeting on"

and it has just a graphic and a remove link

URGH!

Rob....



----- Original Message -----
From: "Steve Mason" <smlists@SHAW.CA>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 15, 2004 9:49 AM
Subject: Re: Damm mortage and software spam


> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
> software messages.
> I haven't seen any mortgage messages  yet...
>
> Steve
>
>>I keep getting spam from mortgage and software sales.....
>>Anyone have a tip for not letting these guys through?
>>I can send headers, but last 2 times I did my email never got through to
>>the list, I >guess cuz the mail server thought it was spam..
>
>>Rob....
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From davidb at UNIQUEPHOTO.COM  Wed Sep 15 16:11:58 2004
From: davidb at UNIQUEPHOTO.COM (David Ballengee)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.1997.1137101213.24926.mailscanner@lists.mailscanner.info>

I am new to mailscanner, and SA.

Anyway I have been playing with both, and have had some mail marked as spam.
There is still alot getting through.

>From what I can tell my spam.list.conf needs some changes.(I think I need to
add more url's for spam searches.   right now it looks like this

ORDB-RBL                        relays.ordb.org.
spamcop.net                     bl.spamcop.net.
spamhaus.org                    sbl.spamhaus.org


what are other good ones to add???

David Ballengee
IT Supervisor
Unique Photo
(973) 377-5555 x259

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lars+lister.mailscanner at ADVENTURAS.NO  Wed Sep 15 16:23:12 2004
From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen)
Date: Thu Jan 12 21:26:53 2006
Subject: perl trouble
Message-ID: <mailman.1998.1137101213.24926.mailscanner@lists.mailscanner.info>

Hei!
In the process of trying to migrate to freebsd, i have installed
mailscanner from port.

But when starting mailscanner, it returns the following messages:

# /usr/local/etc/rc.d/mailscanner.sh start
Starting MailScanner...
Can't locate object method "SWASHNEW" via package "utf8" (perhaps you
forgot to load "utf8"?) at
/usr/local/lib/perl5/site_perl/5.6.1/MIME/Parser/Filer.pm line 362.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.6.1/MIME/Parser.pm line 152.
BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.6.1/MIME/Parser.pm line 152.
Compilation failed in require at
/usr/local/lib/MailScanner/MailScanner/MCPMessage.pm line 40.
BEGIN failed--compilation aborted at
/usr/local/lib/MailScanner/MailScanner/MCPMessage.pm line 40.
Compilation failed in require at
/usr/local/libexec/MailScanner/MailScanner line 51.
BEGIN failed--compilation aborted at
/usr/local/libexec/MailScanner/MailScanner line 51.
#

Can someone tell what makes this happen?

My setup is like this:
freebsd 5.2.1
perl-5.6.1_15 from port
sendmail+tls+sasl2-8.13.1 from port
MailScanner-4.33.3 from port
p5-Mail-SpamAssassin-2.64 from port
and so on...

--
Lars



----------------------------------------------------------------
Tjenesten mail.adventuras.no ble levert av Adventuras Web Agency
http://www.adventuras.no/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at gmail.com  Wed Sep 15 16:25:04 2004
From: tonioli at gmail.com (Felipe Tonioli)
Date: Thu Jan 12 21:26:53 2006
Subject: Spam List, I doubt
Message-ID: <mailman.1999.1137101213.24926.mailscanner@lists.mailscanner.info>

Hi All,

I have a doubt. in my Mailscanner.conf i have :

Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)

its means that only

ORDB-RBL                        relays.ordb.org.
SBL+XBL                         sbl-xbl.spamhaus.org.

are used for checks ? if i want to use spamcop.net i will need to
include it in :

Spam List = ORDB-RBL SBL+XBL spamcop.net

or others that are defined in spam.list.conf ?


best regards,
Felipe Tonioli

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 16:29:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2000.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The spam.lists.conf file defines the mapping from "Spam List" name in
MailScanner.conf to DNS domain name. The one you should definitely add to
this list is
SBL+XBL sbl-xbl.spamhaus.org

and then in MailScanner.conf, use this:
Spam List = ORDB-RBL SBL+XBL
I would recommend not using spamcop.net for outright tagging, it has too
many false positives. It works well in a well-balanced (e.g. default)
SpamAssassin setup though.

At 16:11 15/09/2004, you wrote:
>I am new to mailscanner, and SA.
>
>Anyway I have been playing with both, and have had some mail marked as spam.
>There is still alot getting through.
>
> >From what I can tell my spam.list.conf needs some changes.(I think I need to
>add more url's for spam searches.   right now it looks like this
>
>ORDB-RBL                        relays.ordb.org.
>spamcop.net                     bl.spamcop.net.
>spamhaus.org                    sbl.spamhaus.org
>
>
>what are other good ones to add???

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 16:33:34 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2001.1137101213.24926.mailscanner@lists.mailscanner.info>

> I am new to mailscanner, and SA.
>
> Anyway I have been playing with both, and have had some mail marked
> as spam. There is still alot getting through.
>
>> From what I can tell my spam.list.conf needs some changes.(I think I
>> need to
> add more url's for spam searches.   right now it looks like this
>
> ORDB-RBL                        relays.ordb.org.
> spamcop.net                     bl.spamcop.net.
> spamhaus.org                    sbl.spamhaus.org
>
>
> what are other good ones to add???

I think you have misunderstood how things work.

I would highly recommend you read either the manual or have a look through
the MAQ etc., You probably need to add in a few custom rulesets and SURBL
You DO NOT want to add lines in spam.list.conf as that won't have any direct
effect on your system's effectiveness and would only be of use if you were
blocking based on DNS lists - something I would dissuade you from doing.




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 16:35:59 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2002.1137101213.24926.mailscanner@lists.mailscanner.info>

> The spam.lists.conf file defines the mapping from "Spam List"
> name in MailScanner.conf to DNS domain name. The one you
> should definitely add to this list is
> SBL+XBL sbl-xbl.spamhaus.org
>
> and then in MailScanner.conf, use this:
> Spam List = ORDB-RBL SBL+XBL
> I would recommend not using spamcop.net for outright tagging,
> it has too many false positives. It works well in a
> well-balanced (e.g. default) SpamAssassin setup though.
Although I would agree about spamcop I would tend to disagree with the use
of SBL+XBL directly in MailScanner.conf

I ran a little test on one of our servers the other day for a laugh.

The test was totally random and not that scientific, but of the 20 odd
emails that had been scored on spamhaus I found that at least 2 of them
should not have been blocked outright



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 16:45:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: Spam List, I doubt
Message-ID: <mailman.2003.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:25 15/09/2004, you wrote:
>Hi All,
>
>I have a doubt. in my Mailscanner.conf i have :
>
>Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)
>
>its means that only
>
>ORDB-RBL                        relays.ordb.org.
>SBL+XBL                         sbl-xbl.spamhaus.org.
>
>are used for checks ?

Correct.

>  if i want to use spamcop.net i will need to
>include it in :
>
>Spam List = ORDB-RBL SBL+XBL spamcop.net
>
>or others that are defined in spam.list.conf ?

Correct. The "spam.lists.conf" file just contains the definitions of the
nicknames used in the "Spam List =" setting in MailScanner.conf.

As a general rule, I wouldn't use more than 2 domains in "Spam List =" as
it will affect your system's speed. If you want to do more than 1 or
perhaps 2, then you should use them via SpamAssassin. "spamcop.net" is a
particularly good case for this as it tends to deliver more false positives
than any other list I've seen. A smallish score in SpamAssassin is the
right thing for spamcop.net.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rurqueta at MUNILASERENA.CL  Wed Sep 15 17:05:59 2004
From: rurqueta at MUNILASERENA.CL (Raul Urqueta S)
Date: Thu Jan 12 21:26:53 2006
Subject: consulta...
Message-ID: <mailman.2004.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C49B1C.5CE04E10">
<link rel=Edit-Time-Data href="cid:editdata.mso@01C49B1C.5CE04E10">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Print</w:View>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:Tahoma;
        mso-fareast-font-family:"Times New Roman";
        mso-bidi-font-family:"Times New Roman";
        color:navy;
        font-weight:bold;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 22.0pt 70.85pt 22.0pt;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Tabla normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=ES link=blue vlink=purple style='tab-interval:35.4pt'>

<div class=Section1>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=navy face=Tahoma><span
style='font-size:12.0pt'>Como lleno estos campos en <span class=SpellE>webMin</span>
bajo <span class=SpellE>redhat</span> 9, con <span class=SpellE>MailScanner</span>
4.32.5-1<o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=black face=Tahoma><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=black face=Tahoma><span
style='font-size:12.0pt;color:black'><img width=708 height=411 id="_x0000_i1025"
src="cid:image001.jpg@01C49B1C.5CE04E10"><o:p></o:p></span></font></b></p>

<p class=MsoPlainText><b><font size=3 color=black face=Tahoma><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></b></p>

<p class=MsoPlainText><span class=GramE><b><font size=3 color=black
face=Tahoma><span style='font-size:12.0pt;color:black'>gracias</span></font></b></span><font
color=black><span style='color:black'>, <o:p></o:p></span></font></p>

<p class=MsoPlainText><span class=SpellE><b><font size=3 color=black
face=Tahoma><span style='font-size:12.0pt;color:black'>raul</span></font></b></span><font
color=black><span style='color:black'>.-<o:p></o:p></span></font></p>

<p class=MsoPlainText><b><font size=3 color=black face=Tahoma><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></b></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>
Embedded Content: image00129.jpg: 00000001,7a8dc1d8,00000000,00000000

From rich at MAIL.WVNET.EDU  Wed Sep 15 17:06:32 2004
From: rich at MAIL.WVNET.EDU (Richard Lynch)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2005.1137101213.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight Solutions wrote:

>>The spam.lists.conf file defines the mapping from "Spam List"
>>name in MailScanner.conf to DNS domain name. The one you
>>should definitely add to this list is
>>SBL+XBL sbl-xbl.spamhaus.org
>>
>>and then in MailScanner.conf, use this:
>>Spam List = ORDB-RBL SBL+XBL
>>I would recommend not using spamcop.net for outright tagging,
>>it has too many false positives. It works well in a
>>well-balanced (e.g. default) SpamAssassin setup though.
>>
>>
>Although I would agree about spamcop I would tend to disagree with the use
>of SBL+XBL directly in MailScanner.conf
>
>I ran a little test on one of our servers the other day for a laugh.
>
>The test was totally random and not that scientific, but of the 20 odd
>emails that had been scored on spamhaus I found that at least 2 of them
>should not have been blocked outright
>
>
>
I ended up totally disabling RBLs in MailScanner and letting
Spamassassin do it.  I just didn't like RBLs having that much
authority.  That is, a hit in a RBL makes the message spam, period.  In
SpamAssissin it just contributes to the score so a RBL hit isn't enough,
by itself, to cause a rejection -- yet, being in a RBL still means
something.  But, different sites have different requirements so I
understand people using RBLs in MS directly.

-- Rich


--



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "rich.vcf")  13 lines. ]
    [ Unable to print this part. ]


From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 17:15:15 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2006.1137101213.24926.mailscanner@lists.mailscanner.info>

> I ended up totally disabling RBLs in MailScanner and letting
> Spamassassin do it.  I just didn't like RBLs having that much
> authority.  That is, a hit in a RBL makes the message spam,
> period.  In SpamAssissin it just contributes to the score so
> a RBL hit isn't enough, by itself, to cause a rejection --
> yet, being in a RBL still means something.  But, different
> sites have different requirements so I understand people using RBLs
> in MS directly.

Of course. The problem is more acute with people who see RBLs as being this
"magical" solution and end up regretting it :)

>From our experience I can safely say that if I cut off a website the client
*may* complain, but they might not notice for hours or even days.
If I screw with their mail they'll be on the phone to us in 5 minutes.


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From KGoods at AIAINSURANCE.COM  Wed Sep 15 17:37:10 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2007.1137101213.24926.mailscanner@lists.mailscanner.info>

Michele Neylon :: Blacknight Solutions scribbled on Wednesday, September 15,
2004 8:36 AM:

<*snip*>

> Although I would agree about spamcop I would tend to disagree
> with the use
> of SBL+XBL directly in MailScanner.conf
>
> I ran a little test on one of our servers the other day for a laugh.
>
> The test was totally random and not that scientific, but of the 20 odd
> emails that had been scored on spamhaus I found that at least 2 of
> them should not have been blocked outright
>

Michele,
You'd be horrified then to learn that I use SBL+XBL in sendmail before it
even hits MailScanner. It's been this way since May of this year and I've
not received one complaint. I process 3-8k messages a day for 25 users and
75%+ of that is spam, lets say an average of 3375 spams a day. SBL+XBL
through sendmail rejects about 60% of those, or  say an average of 2025
spams. This is 2025 messages that do not have to be processed by MS, SA, and
ClamAV greatly reducing the load on the server. It is, after all, a lowly
P233 with only 196MB of memory. :) Of course this how it works for me and I
couldn't recommend it for everyone. As you said, you need to test which I
did extensively before I went this route. (Watched it carefully for two
weeks with no false positives here.)

I can only say what works for me, YMMV, but anyone experiencing load
problems should at least take a look at how SBL+XBL performs in their
environment and *consider* (carefully) using SBL+XBL at the MTA.

IOW... "SBL+XBL been bery bery good to me" - Chico Carrasquel :)

SBL+XBL and SURBL catch the vast majority of the spams we get here with
MailScanner's content blocker pulling it's weight as well.

Kind regards,
Ken

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin at MICA.NET  Wed Sep 15 17:47:03 2004
From: Kevin at MICA.NET (Kevin Hanser)
Date: Thu Jan 12 21:26:53 2006
Subject: Msre v0.2 available
Message-ID: <mailman.2008.1137101213.24926.mailscanner@lists.mailscanner.info>

I have just finished up some changes to msre (MailScanner Ruleset
Editor) and uploaded v0.2 to SourceForge.  As always, you can get the
latest version from msre.sourceforge.net.  I have tested this out on my
own systems and everything seems to be working good.  This is still BETA
software however, and may contain bugs, etc, etc, etc.  Let me know if
anyone finds any problems, or if you find this useful, or if there's
something you'd like added, etc...

k

v0.2 includes the following changes:
-----------------------------------------

tracker item #979955    A way to disable rules

Instead of just deleting rules, you can now disable them as well.
The delete checkbox has been replaced with a drop-down select 
box that will allow you to disable active rules, or enable deactivated
ones.  The drop down can also be used to delete rules.  
When a rule is disabled, it shows up "greyed out", and cannot 
be edited until you enable it again.


tracker item #1006091   Get rid of the "service" references

any references to the RedHat/Fedora specific "service" command 
have been replaced with /etc/init.d references instead.  
/etc/init.d should work on a wider variety of systems besides 
redhat/fedora.  If there's other systems that this will not work 
on, please send me an email with the proper command for 
your distro, and I will try to implement it in a future release.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hermit921 at YAHOO.COM  Wed Sep 15 18:05:16 2004
From: hermit921 at YAHOO.COM (hermit921)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2009.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 09:37 AM 9/15/2004, Ken Goods wrote:
>Michele Neylon :: Blacknight Solutions scribbled on Wednesday, September 15,
>2004 8:36 AM:
>
><*snip*>
>
> > Although I would agree about spamcop I would tend to disagree
> > with the use
> > of SBL+XBL directly in MailScanner.conf
> >
> > I ran a little test on one of our servers the other day for a laugh.
> >
> > The test was totally random and not that scientific, but of the 20 odd
> > emails that had been scored on spamhaus I found that at least 2 of
> > them should not have been blocked outright
> >
>
>Michele,
>You'd be horrified then to learn that I use SBL+XBL in sendmail before it
>even hits MailScanner. It's been this way since May of this year and I've
>not received one complaint. I process 3-8k messages a day for 25 users and
>75%+ of that is spam, lets say an average of 3375 spams a day. SBL+XBL
>through sendmail rejects about 60% of those, or  say an average of 2025
>spams. This is 2025 messages that do not have to be processed by MS, SA, and
>ClamAV greatly reducing the load on the server.
>
>I can only say what works for me, YMMV, but anyone experiencing load
>problems should at least take a look at how SBL+XBL performs in their
>environment and *consider* (carefully) using SBL+XBL at the MTA.

various bits deleted above.

We started using CBL (part of XBL) in postfix several months ago.  We have
three systems, each handling about 35K incoming messages per day.  Last
time I counted, we rejected 35% of incoming connection attempts based on
CBL.  No complaints, either.  I hope to expand to the rest of XBL, but CBL
was the easiest to check at the time.

hermit921

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Wed Sep 15 18:15:25 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2010.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>
>> Michele,
>> You'd be horrified then to learn that I use SBL+XBL in sendmail before it
>> even hits MailScanner. It's been this way since May of this year and I've
>> not received one complaint. I process 3-8k messages a day for 25 users
>> and ....

>
> various bits deleted above.
>
I am also using it at entry with Sendmail. I have days where the spam is
over 90% and no complaints for over 9 months. My only thought was to
just use SBL to avoid some of the dynamic IP checks. But I am not sure I
want mail from anyone not relaying through their ISP or at least a host
with a MX record.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mikes at HARTWELLCORP.COM  Wed Sep 15 18:31:08 2004
From: mikes at HARTWELLCORP.COM (Michael St. Laurent)
Date: Thu Jan 12 21:26:53 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2011.1137101213.24926.mailscanner@lists.mailscanner.info>

Rob <> wrote:
> Thanks , I am not using them, I will  add some stuff though...
> thanks....

Have a look at the RulesDuJour script.  It will automatically keep selected
rulesets up to date for you and references a number of very useful ones.

http://www.exit0.us/index.php/RulesDuJour

--
Michael St. Laurent
Hartwell Corporation

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 18:40:16 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2012.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:15 15/09/2004, you wrote:
>I am also using it at entry with Sendmail. I have days where the spam is
>over 90% and no complaints for over 9 months. My only thought was to
>just use SBL to avoid some of the dynamic IP checks. But I am not sure I
>want mail from anyone not relaying through their ISP or at least a host
>with a MX record.

Please don't start blocking mail coming from servers that aren't MX's. We,
along with many other large sites, treat incoming and outgoing mail as
different services and run them on different servers. Obviously my outgoing
relays don't have MX records as they do not listen for mail from outside
our site, that's the job of the incoming mail servers.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 19:04:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2013.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:57 15/09/2004, you wrote:
> > I have just released a new beta version, 4.34.2.
> > - Published packages for RPM and non-RPM systems to install ClamAV and
> >    SpamAssassin 3.
>
>Julian, I must have missed it but why do we have an rpm package for
>ClamAV?  Is this different from the tar ClamAV package or is it just a
>convenience for the rpm based folks?

It's just a convenience to make life easier for the RPM-based folks.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Wed Sep 15 19:17:10 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner insecurity with Postfix
Message-ID: <mailman.2014.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 15, 2004 at 08:51:34AM +0100, Julian Field wrote:
> At 08:21 15/09/2004, you wrote:
> >Someone recently mentioned on the postfix-users list that Mailscanner is
> >not secure to run with Postfix.   I can't recal whom this was, but
> >perhaps someone here could comment on this?
>
> The Postfix author doesn't like MailScanner, as I dared to use his software
> in a way he hadn't intended. This has been discussed many times in the
> past, there will be mentions in the archives. Though the "not secure" tends
> to imply that at least they have gotten over their rant about "it doesn't
> work" when quite plainly it does.

We've been using Postfix with MailScanner for well over a year now.
There has never been a problem between the two applications for us. We
process 35k-50k messages per day for ~300 users on an athlon 1.3 GHz
box.

I have a good deal of respect for Wietse Venema's work on Postfix. The
documentation is very very good. For anyone who hasn't, it's worthwhile
to take a look at these docs even if you don't intend to ever use it as
your MTA. I learned a lot about email just from studying this stuff:

http://www.postfix.org/documentation.html

Previous versions had a great diagram that showed how all the pieces of
the system fit together and the various routes a given messages could
take.

Having said that though, Wietse has a reputation for being a bit
grouchy. Julian is a very much more personable guy and much more
approachable. :) I wouldn't even think of asking Wietse to change
something for fear of getting my head bitten off[0]. MailScanner and
this list are great, regardless of what Wietse thinks of them.

-Eric Rz.

[0] disclaimer: I haven't had reason to approach Wietse about anything
either. This is intended with tongue in cheek. I would be intimidated if
I ever had a reason to contact him, nonetheless.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Wed Sep 15 19:22:47 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2015.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> At 18:15 15/09/2004, you wrote:
>
>> I am also using it at entry with Sendmail. I have days where the spam is
>> over 90% and no complaints for over 9 months. My only thought was to
>> just use SBL to avoid some of the dynamic IP checks. But I am not sure I
>> want mail from anyone not relaying through their ISP or at least a host
>> with a MX record.
>
>
> Please don't start blocking mail coming from servers that aren't MX's. We,
> along with many other large sites, treat incoming and outgoing mail as
> different services and run them on different servers. Obviously my outgoing
> relays don't have MX records as they do not listen for mail from outside
> our site, that's the job of the incoming mail servers.
I didn't mean to block all non-MX mail relays. I am just a little
concerned about mail comming from machines that "have no business"
sending mail directly.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Wed Sep 15 19:25:53 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner-MRTG - new 'unstable' version
Message-ID: <mailman.2016.1137101213.24926.mailscanner@lists.mailscanner.info>

I've just released a new 'unstable' version of MailScanner-MRTG.
Assuming there are no serious problems with this release I intend to
make a stable release based on it in the next week or two.  Download as
usual from http://mailscannermrtg.sourceforge.net

This 0.09.02 release adds two new graphs, Batch Size and Processing
Speed. It also completes the improvements to the quarantine counting
method started in 0.09.00. This should no longer cause problems for
people with large quarantines. The option to log to syslog, instead of
stdout, has also been added (that should stop those pesky emails!) There
are also a number of bux fixes and cosmetic changes, see the full
changelog for details.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Wed Sep 15 19:27:42 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2017.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,

Please don't flame me :-\

I would like to bounce messages to my users only.  I have 2 MS servers 
that only accept email from my domains (iptables block).

On those servers I would like to bounce all spam back to my users 
instead of dropping or delivering it to the outside world (tagging a 
message as spam and sending it nonetheless to its destination may not 
give a good impression of our University).

I have it working OK in my test setup but I was trying unsuccessfully to 
include the $longspamreport in the report.  Is there some way of 
achieving this?  I tested it with mailscanner-4.29.7-1.

Thanks!

Denis
PS: if you think that bouncing email back to my users is bad for some 
reason I didn't think of, you may say so... :-)

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 19:36:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2018.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:27 15/09/2004, you wrote:
>I have it working OK in my test setup but I was trying unsuccessfully to
>include the $longspamreport in the report.  Is there some way of achieving
>this?  I tested it with mailscanner-4.29.7-1.

What is the problem? Which report are you trying to use it in?
I may not have put the code in to use this in the specific report you are
using.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 19:45:48 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2019.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-15 at 14:27 -0400, Denis Beauchemin wrote:

It sounds like a very valid reason to bounce the spam :)


--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vguerrero at minar.com  Wed Sep 15 19:58:07 2004
From: vguerrero at minar.com (Vicente Guerrero M.)
Date: Thu Jan 12 21:26:53 2006
Subject: consulta...
Message-ID: <mailman.2020.1137101213.24926.mailscanner@lists.mailscanner.info>

Que tal Raul,

tanto en el manual como en la pagina de MailScanner esta detallada la
informacion que buscas, solo es cuestion de que te tomes un tiempo para
leer.

Una recomendacion, por favor la proxima vez no incluyas imagenes ni formato
html cuando envies mensajes a esta lista.

Por otra parte, si necesitas ayuda en espanol (esta lista es principalmente
en ingles) enviame mensajes fuera de la lista y te ayudare con gusto en lo
que pueda.


Saludos,

Vicente Guerrero

PS: sorry everybody else for answering in spanish.

----- Original Message -----
From: Raul Urqueta S
To: MAILSCANNER@JISCMAIL.AC.UK
Sent: Wednesday, September 15, 2004 11:05 AM
Subject: consulta...



Como lleno estos campos en webMin bajo redhat 9, con MailScanner 4.32.5-1



gracias,
raul.-

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Wed Sep 15 19:58:57 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2021.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Julian,

>> I am also using it at entry with Sendmail. I have days where the spam is
>> over 90% and no complaints for over 9 months. My only thought was to
>> just use SBL to avoid some of the dynamic IP checks. But I am not sure I
>> want mail from anyone not relaying through their ISP or at least a host
>> with a MX record.

> Please don't start blocking mail coming from servers that aren't MX's. We,
> along with many other large sites, treat incoming and outgoing mail as
> different services and run them on different servers. Obviously my outgoing
> relays don't have MX records as they do not listen for mail from outside
> our site, that's the job of the incoming mail servers.

Why dont you simply set an MX for those outgoing servers to your incoming
MX ?

Bye,
Raymond

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike at CAMAROSS.NET  Wed Sep 15 20:02:46 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:53 2006
Subject: consulta...
Message-ID: <mailman.2022.1137101213.24926.mailscanner@lists.mailscanner.info>

Vicente Guerrero M. wrote:
> Que tal Raul,
> 
> tanto en el manual como en la pagina de MailScanner esta detallada la
> informacion que buscas, solo es cuestion de que te tomes un tiempo
> para leer.  
> 
> Una recomendacion, por favor la proxima vez no incluyas imagenes ni
> formato html cuando envies mensajes a esta lista. 
> 
> Por otra parte, si necesitas ayuda en espanol (esta lista es
> principalmente en ingles) enviame mensajes fuera de la lista y te
> ayudare con gusto en lo que pueda.  
> 
> 
> Saludos,
> 
> Vicente Guerrero
> 
> PS: sorry everybody else for answering in spanish.
> 
> ----- Original Message -----
> From: Raul Urqueta S
> To: MAILSCANNER@JISCMAIL.AC.UK
> Sent: Wednesday, September 15, 2004 11:05 AM
> Subject: consulta...
> 
> 
> 
> Como lleno estos campos en webMin bajo redhat 9, con MailScanner
> 4.32.5-1 
> 

it's aceptable... nadie dicho esto era una lista del inglés solamente :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 20:06:42 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: consulta...
Message-ID: <mailman.2023.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-15 at 14:02 -0500, Mike Kercher wrote:

> it's aceptable... nadie dicho esto era una lista del inglés solamente :)
My sentiments also - puedes pedir ayuda en castellano quando quieras
-- 
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Wed Sep 15 20:07:34 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2024.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 19:27 15/09/2004, you wrote:
>
>> I have it working OK in my test setup but I was trying unsuccessfully to
>> include the $longspamreport in the report.  Is there some way of 
>> achieving
>> this?  I tested it with mailscanner-4.29.7-1.
>
>
> What is the problem? Which report are you trying to use it in?
> I may not have put the code in to use this in the specific report you are
> using.

The report being used is sender.spam.sa.report.txt.

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 20:14:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2025.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:22 15/09/2004, you wrote:
>Julian Field wrote:
>>At 18:15 15/09/2004, you wrote:
>>
>>>I am also using it at entry with Sendmail. I have days where the spam is
>>>over 90% and no complaints for over 9 months. My only thought was to
>>>just use SBL to avoid some of the dynamic IP checks. But I am not sure I
>>>want mail from anyone not relaying through their ISP or at least a host
>>>with a MX record.
>>
>>
>>Please don't start blocking mail coming from servers that aren't MX's. We,
>>along with many other large sites, treat incoming and outgoing mail as
>>different services and run them on different servers. Obviously my outgoing
>>relays don't have MX records as they do not listen for mail from outside
>>our site, that's the job of the incoming mail servers.
>I didn't mean to block all non-MX mail relays. I am just a little
>concerned about mail comming from machines that "have no business"
>sending mail directly.

I spam-tag everything coming from a MAPS-DUL host as I don't think they
have any business sending me mail either :)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 20:15:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2026.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:58 15/09/2004, you wrote:
>Hi Julian,
>
>>>I am also using it at entry with Sendmail. I have days where the spam is
>>>over 90% and no complaints for over 9 months. My only thought was to
>>>just use SBL to avoid some of the dynamic IP checks. But I am not sure I
>>>want mail from anyone not relaying through their ISP or at least a host
>>>with a MX record.
>
>>Please don't start blocking mail coming from servers that aren't MX's. We,
>>along with many other large sites, treat incoming and outgoing mail as
>>different services and run them on different servers. Obviously my outgoing
>>relays don't have MX records as they do not listen for mail from outside
>>our site, that's the job of the incoming mail servers.
>
>Why dont you simply set an MX for those outgoing servers to your incoming
>MX ?

I probably will when I find someone blocking mail from non-MX's.
Fortunately it hasn't happened yet. I just have a domain-wide set of MX
records, I don't have MX records for any individual machines.

Good idea though.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep 15 20:18:49 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2027.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>>> Please don't start blocking mail coming from servers that aren't MX's. We,
>>> along with many other large sites, treat incoming and outgoing mail as
>>> different services and run them on different servers. Obviously my
>>> outgoing
>>> relays don't have MX records as they do not listen for mail from outside
>>> our site, that's the job of the incoming mail servers.

>> Why dont you simply set an MX for those outgoing servers to your incoming
>> MX ?

> I probably will when I find someone blocking mail from non-MX's.
> Fortunately it hasn't happened yet. I just have a domain-wide set of MX
> records, I don't have MX records for any individual machines.
>
> Good idea though.

It will also help with the analyze for example that spamcop does, that
also looks for MX records, so it wont harm to add a couple asap ;) Did it
some months ago for my outgoing MXes.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From David.While at UCE.AC.UK  Wed Sep 15 20:22:17 2004
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2028.1137101213.24926.mailscanner@lists.mailscanner.info>

I had this problem with freeuk.net - our sending mail server was not our inbound mail server. They perform a check to see that the mail they have just received came from a machine with an MX record - if not they reject the mail.
 
I tried to point out the error of their ways but I think it fell on deaf ears.
 
David While
School of Computing & Information
University of Central England
Brimingham UK.

	-----Original Message----- 
	From: MailScanner mailing list on behalf of Julian Field 
	Sent: Wed 15/09/2004 20:15 
	To: MAILSCANNER@JISCMAIL.AC.UK 
	Cc: 
	Subject: Re: spam getting through.
	
	

	At 19:58 15/09/2004, you wrote:
	>Hi Julian,
	>
	>>>I am also using it at entry with Sendmail. I have days where the spam is
	>>>over 90% and no complaints for over 9 months. My only thought was to
	>>>just use SBL to avoid some of the dynamic IP checks. But I am not sure I
	>>>want mail from anyone not relaying through their ISP or at least a host
	>>>with a MX record.
	>
	>>Please don't start blocking mail coming from servers that aren't MX's. We,
	>>along with many other large sites, treat incoming and outgoing mail as
	>>different services and run them on different servers. Obviously my outgoing
	>>relays don't have MX records as they do not listen for mail from outside
	>>our site, that's the job of the incoming mail servers.
	>
	>Why dont you simply set an MX for those outgoing servers to your incoming
	>MX ?
	
	I probably will when I find someone blocking mail from non-MX's.
	Fortunately it hasn't happened yet. I just have a domain-wide set of MX
	records, I don't have MX records for any individual machines.
	
	Good idea though.
	--
	Julian Field
	www.MailScanner.info
	Professional Support Services at www.MailScanner.biz
	MailScanner thanks transtec Computers for their support
	Buy the MailScanner book at www.MailScanner.info/store
	
	PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
	
	------------------------ MailScanner list ------------------------
	To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
	'leave mailscanner' in the body of the email.
	Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
	the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
	
	

From jaearick at COLBY.EDU  Wed Sep 15 20:26:01 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2029.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

    You may already know this, but there is apparently a MIME-tools 5.4.13 now,
though my attempt to download it from CPAN failed.  I attempted to upgrade
MIME-tools and MIME-Base64 for my 4.33.3 version, and got the following
message at MS startup:

FATAL: Newer MIME-tools module needed: 1.4  is only MIME::Words -- 5.404 required at /opt/MailScanner/bin/MailScanner line 886
255

So I reinstalled MIME-tools-5.411-patched.tar.gz and the problem went away.
Hold that thought on deleting this tarfile...  4.33.3 works fine with
MIME-Base64 3.03

Jeff Earickson
Colby College

On Wed, 15 Sep 2004, Julian Field wrote:

> - Added MIME-tools 5.412 and MIME-Base64 3.03. You must have 3.01 or newer
> now.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 20:31:18 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2030.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:07 15/09/2004, you wrote:
>Julian Field wrote:
>
>>At 19:27 15/09/2004, you wrote:
>>
>>>I have it working OK in my test setup but I was trying unsuccessfully to
>>>include the $longspamreport in the report.  Is there some way of achieving
>>>this?  I tested it with mailscanner-4.29.7-1.
>>
>>
>>What is the problem? Which report are you trying to use it in?
>>I may not have put the code in to use this in the specific report you are
>>using.
>
>The report being used is sender.spam.sa.report.txt.

Here is a little patch for Message.pm that should do what you want. If it
works, let me know and I'll put it in the next release.

-----SNIP-----
--- Message.pm.old 2004-09-14 09:40:48.000000000 +0100
+++ Message.pm  2004-09-15 20:18:47.000000000 +0100
@@ -656,7 +656,7 @@
  sub HandleSpamBounce {
    my $this = shift;

-  my($from,$to,$subject,$date,$spamreport,$hostname);
+  my($from,$to,$subject,$date,$spamreport,$longspamreport,$hostname);
    my($emailmsg, $line, $messagefh, $filename, $localpostmaster, $id);

    $from = $this->{from};
@@ -692,6 +692,7 @@
    $subject = $this->{subject};
    $date = scalar localtime;
    $spamreport = $this->{spamreport};
+  $longspamreport = $this->{salongreport};

    my($to, %tolist);
    foreach $to (@{$this->{to}}) {
-----SNIP-----
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 20:41:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2031.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:26 15/09/2004, you wrote:
>Julian,
>
>    You may already know this, but there is apparently a MIME-tools 5.4.13
> now,
>though my attempt to download it from CPAN failed.  I attempted to upgrade
>MIME-tools and MIME-Base64 for my 4.33.3 version, and got the following
>message at MS startup:

The only difference between 5.412 and 5.413 is the version number, he got
the version number wrong in a few of the files. There is no difference in
the functionality at all.

The new MIME-tools code won't work with current stable MailScanners as a
load of version numbers have been removed where they weren't relevant. This
is why I released it as a whole package, you need the MailScanner,
MIME-tools and MIME-Base64 to match as a set.

>FATAL: Newer MIME-tools module needed: 1.4  is only MIME::Words -- 5.404
>required at /opt/MailScanner/bin/MailScanner line 886

That's caused by having an older MailScanner than is possible with the new
MIME-tools.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 15 20:42:14 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:53 2006
Subject: spam getting through.
Message-ID: <mailman.2032.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-15 at 20:22 +0100, David While wrote:
> I had this problem with freeuk.net - our sending mail server was not our inbound mail server. They perform a check to see that the mail they have just received came from a machine with an MX record - if not they reject the mail.
>
> I tried to point out the error of their ways but I think it fell on deaf ears.
>

I would have thought that a sane check would be for a PTR not an MX

>
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vguerrero at minar.com  Wed Sep 15 20:49:01 2004
From: vguerrero at minar.com (Vicente Guerrero M.)
Date: Thu Jan 12 21:26:53 2006
Subject: consulta...
Message-ID: <mailman.2033.1137101213.24926.mailscanner@lists.mailscanner.info>

I'm starting to feel bad,   I just said "is mainly in english" not english
at all.

Anyway, español o ingles... it's all about help people.

Saludos!


Vicente Guerrero


----- Original Message ----- 
From: "Michele Neylon : Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 15, 2004 2:06 PM
Subject: Re: consulta...


> On Wed, 2004-09-15 at 14:02 -0500, Mike Kercher wrote:
>
> > it's aceptable... nadie dicho esto era una lista del inglés solamente :)
> My sentiments also - puedes pedir ayuda en castellano quando quieras
> -- 
> Mr Michele Neylon
> Blacknight Solutions
> http://www.blacknight.ie
> 059 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Wed Sep 15 20:49:36 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2034.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> At 20:07 15/09/2004, you wrote:
>
>> Julian Field wrote:
>>
>>> At 19:27 15/09/2004, you wrote:
>>>
>>>> I have it working OK in my test setup but I was trying 
>>>> unsuccessfully to
>>>> include the $longspamreport in the report.  Is there some way of 
>>>> achieving
>>>> this?  I tested it with mailscanner-4.29.7-1.
>>>
>> The report being used is sender.spam.sa.report.txt.
>
>
> Here is a little patch for Message.pm that should do what you want. If it
> works, let me know and I'll put it in the next release.
>
> -----SNIP-----
> --- Message.pm.old 2004-09-14 09:40:48.000000000 +0100
> +++ Message.pm  2004-09-15 20:18:47.000000000 +0100
> @@ -656,7 +656,7 @@
>  sub HandleSpamBounce {
>    my $this = shift;
>
> -  my($from,$to,$subject,$date,$spamreport,$hostname);
> +  my($from,$to,$subject,$date,$spamreport,$longspamreport,$hostname);
>    my($emailmsg, $line, $messagefh, $filename, $localpostmaster, $id);
>
>    $from = $this->{from};
> @@ -692,6 +692,7 @@
>    $subject = $this->{subject};
>    $date = scalar localtime;
>    $spamreport = $this->{spamreport};
> +  $longspamreport = $this->{salongreport};
>
>    my($to, %tolist);
>    foreach $to (@{$this->{to}}) {
> -----SNIP-----

Julian,

It didn't work on my older MS (4.29.7-1).  I applied the patch manually 
and restarted MS (I made sure no MS process was still running before 
relaunching).  I got a blank line where I put $longspamreport in the report.

Here is the diff for my version:
--- Message.pm  2004-09-15 15:38:30.000000000 -0400
+++ Message.pm.20040915 2004-09-15 15:34:55.000000000 -0400
@@ -738,5 +738,5 @@
   my $this = shift;

-  
my($from,$to,$subject,$date,$spamreport,$longspamreport,$hostname,$day,$month,$year);
+  my($from,$to,$subject,$date,$spamreport,$hostname,$day,$month,$year);
   my($emailmsg, $line, $messagefh, $filename, $localpostmaster, $id);

@@ -773,5 +773,4 @@
   $date = scalar localtime;
   $spamreport = $this->{spamreport};
-  $longspamreport = $this->{salongreport};
   # And let them put the date number in there too
   ($day, $month, $year) = (localtime)[3,4,5];

> -- 
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From paddy at PANICI.NET  Wed Sep 15 20:52:37 2004
From: paddy at PANICI.NET (paddy)
Date: Thu Jan 12 21:26:53 2006
Subject: Merging Configurations ...
Message-ID: <mailman.2035.1137101213.24926.mailscanner@lists.mailscanner.info>

Hi,

Julian, Thanks again for that last patch, I really am wowed by quantity,
quality and timeliness of your work on mailscanner.

I've been nursing some (probably rather braindead) ideas for
some time, and the time has come to bring them to the list
to be put out their misery.

This is where I am:

        Problem Statement:

                Have a virtual hosting system serving MailScanned mail.
                        (kudos to Julian, and the thousands of other
                        developers who make this possible)

                Want a per-site/per-user (web)gui.

        Ideas:

                1. somehow use or extend the existing webmin interface

                First thought was to extend, putting all the funtionality
                in the webmin fe, I guess that would get fairly complex.

                (just looked at the webpage,
                        Is this on the todo list, Richard?)

                When I first looked at MailScanner I half expected
                to find per-user .mailscanner.conf files.  Given that
                this seems to be no.1 FAQ on the list (rulesets, dammit!)
                I'd guess I'm probably not alone.  By the time I got the
                clue, I was already nursing this idea.  At first I looked
                at modifying Config.pm to make that a viable method of
                configuration, encouraged by the comment

# Read the configuration file. Doesn't allow includes yet...

                but then I gave up on that.  Somewhere along the way,
                I (perhaps erroneously) recall Julian making a comment
                along the lines of 'write a config compiler' which I
                may or may not have misinterpreted, but I got to thinking
                along a line I wouldn't normally pursue:

                What if there were a program that could merge mailscanner
                configurations?

                Perhaps such a thing might be useful for migrating users
                from one system to another, and it has a nice feeling of
                implementing a 'mathematical' operation on the object
                'a configuration', but of course I'm thinking of per-user
                .mailscanner.conf files again.  Which would make using
                the existing webmin code that much easier.  Really
                attractive was independence from the main program easing
                implementation. (I abandonned the previous line of development
                largely because the changes got so intrusive, that I
                couldn't imagine anyone wanting to include them). Until
                I got to the implementation stage.  Feel free to correct
                me, but I've concluded that the only sane way to implement
                this is to re-use Config.pm, but (my perl is too weak to
                know if it's just me) I fancy it would need to change a bit.
                For example I would need to be able to read more than one
                configuration, and get access to the contents of vars
                like StaticScalars.

                Can these be done without change?

                Does such a purpose/program sound worthwhile enough to
                make changes for?

                (Not so long ago I posted something on comp.sendmail along the
                lines of "when I do this it hurts", and when I got the
                inevitable reply, I still persisted with "but it should be
                like this ...".  Hopefully I'm not doing that here.)

        or      2. use the LDAP conf, and put a gui on that.

                I guess this is probably the right thing to do, but my
                experience with ldap is minimal, and I've yet
                to track down the relevant mailscanner-specific
                howto, schema, etc.  Any pointers ?

                besides which I imagine the ldap option to be less lightweight.

        or      3. it already exists, and I've missed.

                I can wear the red-face, if someone can point me in
                the right dirtection.

Sorry for such a long email, but, again, I am driven by a specific
requirement.  Given the popularity of platforms like the cobalt,
I would imagaine there are a lot of other potential users.

Oh, and Congratulations on 200,000!

Regards,


Paddy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 21:09:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: Merging Configurations ...
Message-ID: <mailman.2036.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you looked at rulesets? They are explained in the MAQ (address at the
bottom of every posting), the files in /etc/MailScanner/rules and in The Book.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Wed Sep 15 21:22:18 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2037.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Denis Beauchemin wrote:

> Julian Field wrote:
>
>> At 20:07 15/09/2004, you wrote:
>>
>>> Julian Field wrote:
>>>
>>>> At 19:27 15/09/2004, you wrote:
>>>>
>>>>> I have it working OK in my test setup but I was trying 
>>>>> unsuccessfully to
>>>>> include the $longspamreport in the report.  Is there some way of 
>>>>> achieving
>>>>> this?  I tested it with mailscanner-4.29.7-1.
>>>>
>>>>
>>> The report being used is sender.spam.sa.report.txt.
>>
>>
>>
>> Here is a little patch for Message.pm that should do what you want. 
>> If it
>> works, let me know and I'll put it in the next release.
>>
>> -----SNIP-----
>> --- Message.pm.old 2004-09-14 09:40:48.000000000 +0100
>> +++ Message.pm  2004-09-15 20:18:47.000000000 +0100
>> @@ -656,7 +656,7 @@
>>  sub HandleSpamBounce {
>>    my $this = shift;
>>
>> -  my($from,$to,$subject,$date,$spamreport,$hostname);
>> +  my($from,$to,$subject,$date,$spamreport,$longspamreport,$hostname);
>>    my($emailmsg, $line, $messagefh, $filename, $localpostmaster, $id);
>>
>>    $from = $this->{from};
>> @@ -692,6 +692,7 @@
>>    $subject = $this->{subject};
>>    $date = scalar localtime;
>>    $spamreport = $this->{spamreport};
>> +  $longspamreport = $this->{salongreport};
>>
>>    my($to, %tolist);
>>    foreach $to (@{$this->{to}}) {
>> -----SNIP-----
>
>
> Julian,
>
> It didn't work on my older MS (4.29.7-1).  I applied the patch 
> manually and restarted MS (I made sure no MS process was still running 
> before relaunching).  I got a blank line where I put $longspamreport 
> in the report.
>

Julian,

It does work when I apply the changes to the right function <blush>... I 
should go home...

Thanks again!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 21:23:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: bouncing mail
Message-ID: <mailman.2038.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:49 15/09/2004, you wrote:
>Julian Field wrote:
>
>>At 20:07 15/09/2004, you wrote:
>>
>>>Julian Field wrote:
>>>
>>>>At 19:27 15/09/2004, you wrote:
>>>>
>>>>>I have it working OK in my test setup but I was trying unsuccessfully to
>>>>>include the $longspamreport in the report.  Is there some way of achieving
>>>>>this?  I tested it with mailscanner-4.29.7-1.
>>>The report being used is sender.spam.sa.report.txt.
>>
>>
>>Here is a little patch for Message.pm that should do what you want. If it
>>works, let me know and I'll put it in the next release.
>>
>>-----SNIP-----
>>--- Message.pm.old 2004-09-14 09:40:48.000000000 +0100
>>+++ Message.pm  2004-09-15 20:18:47.000000000 +0100
>>@@ -656,7 +656,7 @@
>>  sub HandleSpamBounce {
>>    my $this = shift;
>>
>>-  my($from,$to,$subject,$date,$spamreport,$hostname);
>>+  my($from,$to,$subject,$date,$spamreport,$longspamreport,$hostname);
>>    my($emailmsg, $line, $messagefh, $filename, $localpostmaster, $id);
>>
>>    $from = $this->{from};
>>@@ -692,6 +692,7 @@
>>    $subject = $this->{subject};
>>    $date = scalar localtime;
>>    $spamreport = $this->{spamreport};
>>+  $longspamreport = $this->{salongreport};
>>
>>    my($to, %tolist);
>>    foreach $to (@{$this->{to}}) {
>>-----SNIP-----
>
>I got a blank line where I put $longspamreport in the report.

Now if only I could remember how to get around all the restrictions and
actually get a spam bounce to happen, I might be able to test it properly :-(

Does your Message.pm set "salongreport" anywhere? Just do a
         grep salongreport Message.pm
and let me know what it finds.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Wed Sep 15 21:43:06 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:53 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2039.1137101213.24926.mailscanner@lists.mailscanner.info>

Would limiting the message and or attachment size of an email something you
could do in MailScanner or would that be something better accomplished in
Sendmail?

Cheers

Dave

Dave Filchak - President
Zuka Inc. | ScreamingMedia
www.zuka.net | www.screamingmedia.ca

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Leonard.Hermens at POTLATCHCORP.COM  Wed Sep 15 22:02:28 2004
From: Leonard.Hermens at POTLATCHCORP.COM (Leonard Hermens)
Date: Thu Jan 12 21:26:53 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2040.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In MailScanner.conf, you will want to look at
Maximum Attachment Size =
Maximum Message Size =

-- Leonard

At 01:43 PM 9/15/2004, Dave Filchak wrote:
>Would limiting the message and or attachment size of an email something you
>could do in MailScanner or would that be something better accomplished in
>Sendmail?
>
>Cheers
>
>Dave
>
>Dave Filchak - President
>Zuka Inc. | ScreamingMedia
>www.zuka.net | www.screamingmedia.ca
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Leonard Hermens
Manager, Information Systems Security
Potlatch Corporation
805 Mill Road, Lewiston, ID 83501
Voice:  208.799.2031
Leonard.Hermens@potlatchcorp.com
http://www.potlatchcorp.com/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hywel at BURRIS.ORG.UK  Wed Sep 15 22:04:57 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:26:53 2006
Subject: MailScanner-MRTG - new 'unstable' version
Message-ID: <mailman.2041.1137101213.24926.mailscanner@lists.mailscanner.info>

Hi Kevin,

I just noticed the following, the Number Of Files / Messages In Quarantine
graph has changed a lot I know you said there were changes in this area but
should this drop be expected?

http://www.burris.org.uk/mailscanner-mrtg/quarantine/quarantine.html

Thanks

Hywel

-----Original Message-----
From: Kevin Spicer [mailto:kevins@bmrb.co.uk]
Sent: 15 September 2004 21:33
To: Hywel Burris
Subject: RE: MailScanner-MRTG - new 'unstable' version

On Wed, 2004-09-15 at 20:32, Hywel Burris wrote:
> Hi Kevin,
>
> So far seems pretty good here :)
>
> With regards to the Processing Speed what results are people getting?

I really don't know.  I only put it on my production (work) server this
evening, and totally forgot to set Log Sped=yes in MailScanner.conf - so
I won't really have any idea until some load hits tomorrow morning.

My development box is my own home machine which handles mail for three
personal domains, but these are all very low traffic - so although I can
see the figures working there isn't enough mail for them to mean
anything.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From mike at CAMAROSS.NET  Wed Sep 15 22:11:06 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2042.1137101213.24926.mailscanner@lists.mailscanner.info>

Sorry for sending this to you directly the first time Julian!

Mike


Julian Field wrote:
> I have just released a new beta version, 4.34.2.
>
> This version contains the new MIME-Base64 and MIME-tools packages, so
> you will definitely need to run the install scripts, and not just copy
> over the new MailScanner code. This version of MailScanner will
> *not* work securely with older versions of the MIME-tools or
> MIME-Base64 packages.
>
> The Change Log currently looks like this:

I just installed this on a test server.  Everything was chugging along fine
(ran about 5000 or so emails though it and then I started seeing this in the
log:

Sep 15 16:05:54 relic MailScanner[28571]: New Batch: Found 38 messages
waiting Sep 15 16:05:54 relic MailScanner[28571]: New Batch: Scanning 30
messages, 230660 bytes Sep 15 16:06:04 relic MailScanner[28592]: MailScanner
E-Mail Virus Scanner version 4.34.2 starting...
Sep 15 16:06:04 relic MailScanner[28592]: Using locktype = flock Sep 15
16:06:04 relic MailScanner[28592]: New Batch: Found 38 messages waiting Sep
15 16:06:04 relic MailScanner[28592]: New Batch: Scanning 30 messages,
230660 bytes Sep 15 16:06:14 relic MailScanner[28614]: MailScanner E-Mail
Virus Scanner version 4.34.2 starting...
Sep 15 16:06:14 relic MailScanner[28614]: Using locktype = flock Sep 15
16:06:14 relic MailScanner[28614]: New Batch: Found 38 messages waiting Sep
15 16:06:14 relic MailScanner[28614]: New Batch: Scanning 30 messages,
230660 bytes Sep 15 16:06:24 relic MailScanner[28635]: MailScanner E-Mail
Virus Scanner version 4.34.2 starting...
Sep 15 16:06:24 relic MailScanner[28635]: Using locktype = flock Sep 15
16:06:24 relic MailScanner[28635]: New Batch: Found 38 messages waiting Sep
15 16:06:24 relic MailScanner[28635]: New Batch: Scanning 30 messages,
230660 bytes Sep 15 16:06:34 relic MailScanner[28656]: MailScanner E-Mail
Virus Scanner version 4.34.2 starting...
Sep 15 16:06:34 relic MailScanner[28656]: Using locktype = flock Sep 15
16:06:34 relic MailScanner[28656]: New Batch: Found 38 messages waiting Sep
15 16:06:34 relic MailScanner[28656]: New Batch: Scanning 30 messages,
230660 bytes

and nothing is being delivered.  So I turned on Debugging and I get this:

Can't locate object method "new" via package
"MIME::Parser::FileInto::MailScanner" (perhaps you forgot to load
"MIME::Parser::FileInto::MailScanner"?) at
/usr/lib/MailScanner/MailScanner/Message.pm line 1263, <GEN225> line 41.

Thoughts?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Wed Sep 15 22:12:31 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:53 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2043.1137101213.24926.mailscanner@lists.mailscanner.info>

Dave Filchak wrote:
> Would limiting the message and or attachment size of an email
> something you could do in MailScanner or would that be something
> better accomplished in Sendmail?
>
> Cheers
>
> Dave
>
> Dave Filchak - President
> Zuka Inc. | ScreamingMedia
> www.zuka.net | www.screamingmedia.ca

Do it at the MTA and save yourself a little horsepower and bandwidth :)

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 15 22:13:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2044.1137101213.24926.mailscanner@lists.mailscanner.info>

At 20:58 15/09/2004, you wrote:
>Hi Julian,
>
>>This version contains the new MIME-Base64 and MIME-tools packages, so you
>>will definitely need to run the install scripts, and not just copy over the
>>new MailScanner code.
>>This version of MailScanner will *not* work securely with older versions of
>>the MIME-tools or MIME-Base64 packages.
>
>Tried to install this one, but i got:
>Now to install MailScanner itself.
>
>error: Failed dependencies:
>         perl(MIME::QuotedPrint) >= 3.03 is needed by (installed)
> perl-MIME-tools-5.412-1

Attached is a replacement install.sh for RPM-based systems. There is a
clash between perl's packaging and redhat's.

This one avoids the version number check on MIME::Base64 which overcomes
the problem as the rpm for this module is then installed, satisfying the
build requirements of the MIME-tools rpm.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "install.sh")  11KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From mailscanner at ecs.soton.ac.uk  Wed Sep 15 22:19:12 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2045.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:11 15/09/2004, you wrote:
>Julian Field wrote:
> > I have just released a new beta version, 4.34.2.
> >
> > This version contains the new MIME-Base64 and MIME-tools packages, so
> > you will definitely need to run the install scripts, and not just copy
> > over the new MailScanner code. This version of MailScanner will
> > *not* work securely with older versions of the MIME-tools or
> > MIME-Base64 packages.
> >
> > The Change Log currently looks like this:
>
>Can't locate object method "new" via package
>"MIME::Parser::FileInto::MailScanner" (perhaps you forgot to load
>"MIME::Parser::FileInto::MailScanner"?) at
>/usr/lib/MailScanner/MailScanner/Message.pm line 1263, <GEN225> line 41.

Edit line 1263 of Message.pm and remove
         ::MailScanner
Here is a patch to do it:
-----SNIP-----
--- Message.pm.old 2004-09-15 21:36:50.000000000 +0100
+++ Message.pm  2004-09-15 22:17:46.000000000 +0100
@@ -1261,7 +1261,7 @@

              # Setup everything for the MIME parser
              my $parser = MIME::Parser->new;
-            my $filer  =
MIME::Parser::FileInto::MailScanner->new($explodeinto);
+            my $filer  = MIME::Parser::FileInto->new($explodeinto);

              # Over-ride the default default character set handler so it
does it
              # much better than the MIME-tools default handling.
-----SNIP-----

I'll put out a new beta in the morning, want to go to bed now :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Wed Sep 15 22:23:04 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:53 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2046.1137101213.24926.mailscanner@lists.mailscanner.info>

Humm ...

Why would less horsepower be used limiting message and attachment size using
the MTA rather than MailScanner.  Just curious.

Dave

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher
> Sent: September 15, 2004 5:13 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Limit message size or attachment size
>
> Dave Filchak wrote:
> > Would limiting the message and or attachment size of an email
> > something you could do in MailScanner or would that be something
> > better accomplished in Sendmail?
> >
> > Cheers
> >
> > Dave
> >
> > Dave Filchak - President
> > Zuka Inc. | ScreamingMedia
> > www.zuka.net | www.screamingmedia.ca
>
> Do it at the MTA and save yourself a little horsepower and
> bandwidth :)
>
> Mike
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Wed Sep 15 22:26:41 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:53 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2047.1137101213.24926.mailscanner@lists.mailscanner.info>

On Wed, Sep 15, 2004 at 05:23:04PM -0400, Dave Filchak wrote:
> Humm ...
> Why would less horsepower be used limiting message and attachment size using
> the MTA rather than MailScanner.  Just curious.

Postfix at least, and probably most other MTAs, will abort the
connection once the max message size is reached, not even accepting the
rest of it. The message never even gets queued this way. It doesn't get
saved to disk, the MTA forgets about it and MailScanner never sees it.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Wed Sep 15 22:28:26 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2048.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> Tried to install this one, but i got:
>> Now to install MailScanner itself.
>>
>> error: Failed dependencies:
>>         perl(MIME::QuotedPrint) >= 3.03 is needed by (installed)
>> perl-MIME-tools-5.412-1
>
> Attached is a replacement install.sh for RPM-based systems. There is a clash
> between perl's packaging and redhat's.
>
> This one avoids the version number check on MIME::Base64 which overcomes the
> problem as the rpm for this module is then installed, satisfying the build
> requirements of the MIME-tools rpm.

It installs now, but! :)

When i try to start MS:

          MailScanner:       FATAL: Newer MIME-tools module needed: 1.4  is
only MIME::Words -- 5.404 required at /usr/sbin/MailScanner line 886

Same one as posted easlier on.

Bye,
Raymond

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep 15 22:43:54 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:53 2006
Subject: ANNOUNCE: Beta 4.34.2
Message-ID: <mailman.2049.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> This one avoids the version number check on MIME::Base64 which overcomes
>> the problem as the rpm for this module is then installed, satisfying the
>> build requirements of the MIME-tools rpm.

> It installs now, but! :)
>
> When i try to start MS:

Ignore ;) Its getting late. Installed the wrong version. OOPS. Just did a
reinstall with the new installer script. On FC1, runs just fine it seems.
Will also apply the other patch in a few.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Wed Sep 15 22:46:47 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:54 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2050.1137101213.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Eric Dantan Rzewnicki wrote:
> On Wed, Sep 15, 2004 at 05:23:04PM -0400, Dave Filchak wrote:
>
>>Humm ...
>>Why would less horsepower be used limiting message and attachment size using
>>the MTA rather than MailScanner.  Just curious.
>
>
> Postfix at least, and probably most other MTAs, will abort the
> connection once the max message size is reached, not even accepting the
> rest of it. The message never even gets queued this way. It doesn't get
> saved to disk, the MTA forgets about it and MailScanner never sees it.

If both servers support the size extension they will not even start the
transfer at all. Even better.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Thu Sep 16 00:15:53 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:54 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2051.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> I do not see these rules on www.rulesemporium.com   where are they?

Uhm, check http://www.surbl.org or upgrade to SA3, installed by default
there.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From scoyazo at ISI.EDU  Thu Sep 16 01:16:18 2004
From: scoyazo at ISI.EDU (Sheila Coyazo)
Date: Thu Jan 12 21:26:54 2006
Subject: Truncated long subject lines
Message-ID: <mailman.2052.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

We've gotten customer complaints because MailScanner appears to be
truncating very long subject lines under certain circumstances.

When a message has a subject line that a) is continued on a second line
(i.e., contains a LF or CR) and b) has a space at the end of the _first_
line of the subject, the subject line is truncated at the end of the first
line as it passes through MailScanner.  For multi-line subjects with _no_
space at the end of the first line, the subject line is not truncated.

We've tested this on a couple different versions of MailScanner, including
4.33.3-1, and it happens every time.  On servers that aren't running
MailScanner, the subject lines aren't truncated.

Any hints on how to fix this?

Thanks,

Sheila Coyazo
USC-Information Sciences Institute
IPC Computing Services

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Thu Sep 16 03:02:30 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:26:54 2006
Subject: Limit message size or attachment size
Message-ID: <mailman.2053.1137101214.24926.mailscanner@lists.mailscanner.info>

OK ... I have been convinced .... I will indeed use the MTA. Just wanted to
understand and now I certainly do ;-) Thanks for the replies.

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Peter Bonivart
Sent: Wednesday, September 15, 2004 5:47 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Limit message size or attachment size

Eric Dantan Rzewnicki wrote:
> On Wed, Sep 15, 2004 at 05:23:04PM -0400, Dave Filchak wrote:
>
>>Humm ...
>>Why would less horsepower be used limiting message and attachment size
>>using the MTA rather than MailScanner.  Just curious.
>
>
> Postfix at least, and probably most other MTAs, will abort the
> connection once the max message size is reached, not even accepting
> the rest of it. The message never even gets queued this way. It
> doesn't get saved to disk, the MTA forgets about it and MailScanner never
sees it.

If both servers support the size extension they will not even start the
transfer at all. Even better.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 08:46:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Truncated long subject lines
Message-ID: <mailman.2054.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This is intentional behaviour, I'm afraid.
If you get an attachment that happens not to have a filename, Outlook (and
OE) give it a filename which is a copy of the subject line. So all the
exploits that you can perform in attachment filenames can also be triggered
by putting the nasty filename in the subject line of the message instead.

So I have to do a load of mangling on the subject line (particularly very
long subject lines) to avoid exploits against the attachments.

Blame Microsoft for that one :(

At 01:16 16/09/2004, you wrote:
>Hi,
>
>We've gotten customer complaints because MailScanner appears to be
>truncating very long subject lines under certain circumstances.
>
>When a message has a subject line that a) is continued on a second line
>(i.e., contains a LF or CR) and b) has a space at the end of the _first_
>line of the subject, the subject line is truncated at the end of the first
>line as it passes through MailScanner.  For multi-line subjects with _no_
>space at the end of the first line, the subject line is not truncated.
>
>We've tested this on a couple different versions of MailScanner, including
>4.33.3-1, and it happens every time.  On servers that aren't running
>MailScanner, the subject lines aren't truncated.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep 16 09:11:38 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2055.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob
to be pedantic (sp?)..

http://www.rulesemporium.com/rules.htm

don;t use the bigevil.cf it's really really huge and could well have a
massive performance impact - use the surbl.org/spam_uri plugin instead.

you can also add in rules_du_jour (as previously mentioned), an
surbl.org and the spamcop_uri pluging (and bayes:-).

But I'd do lots of small changes to the config rather than a couple of
large ones, so you can see any benefit from a particular ruleset or
other SA changes.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> I do not see these rules on www.rulesemporium.com   where are they?
>
> And after I added rules from www.rulesemporium.com  I still get these
> irritating emails with subject "your meeting on"
>
> and it has just a graphic and a remove link
>
> URGH!
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Steve Mason" <smlists@SHAW.CA>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Wednesday, September 15, 2004 9:49 AM
> Subject: Re: Damm mortage and software spam
>
>
>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>> software messages.
>> I haven't seen any mortgage messages  yet...
>>
>> Steve
>>
>>> I keep getting spam from mortgage and software sales.....
>>> Anyone have a tip for not letting these guys through?
>>> I can send headers, but last 2 times I did my email never got through to
>>> the list, I >guess cuz the mail server thought it was spam..
>>
>>
>>> Rob....
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 09:17:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: ANNOUNCE: Beta 4.34.3 released
Message-ID: <mailman.2056.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I believe I have now fixed the installation problems that occurred with
previous versions of 4.34. I have installed this on a FC2 system and it now
installs cleanly.

I have also fixed errors with the "FileInto" class.

Download as usual from
         www.mailscanner.info
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 09:17:53 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: ANNOUNCE: Beta 4.34.3 released
Message-ID: <mailman.2057.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I believe I have now fixed the installation problems that occurred with
previous versions of 4.34. I have installed this on a FC2 system and it now
installs cleanly.

I have also fixed errors with the "FileInto" class.

Download as usual from
         www.mailscanner.info
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From john at TRADOC.FR  Thu Sep 16 09:18:55 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:26:54 2006
Subject: Truncated long subject lines
Message-ID: <mailman.2058.1137101214.24926.mailscanner@lists.mailscanner.info>

On Thu, 16 Sep 2004 08:46:24 +0100, Julian Field wrote:
> This is intentional behaviour, I'm afraid.
> If you get an attachment that happens not to have a filename, Outlook (and
> OE) give it a filename which is a copy of the subject line. So all the
> exploits that you can perform in attachment filenames can also be triggered
> by putting the nasty filename in the subject line of the message instead.
> 
> So I have to do a load of mangling on the subject line (particularly very
> long subject lines) to avoid exploits against the attachments.

Wouldn't it be easier (and less disruptive) to name any nameless
attachments instead?

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Lionel.David at RAP.PRD.FR  Thu Sep 16 11:13:12 2004
From: Lionel.David at RAP.PRD.FR (Lionel David)
Date: Thu Jan 12 21:26:54 2006
Subject: Spam Report in header but not in body
Message-ID: <mailman.2059.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body>
Hello, <br>
 <br>
I use MailScanner-4.33.3 which is configured for to use  Sendmail-8.12.10
+ SpamAssassin-2.64 + Mc-affee, on my server under Solaris8.<br>
It works fine except for one point :&nbsp; The SA report doesn't appear in  the
body of tagged spam mails. <br>
 <br>
The options by default in the configuration (Mailscanner.conf and  spam.assassin.prefs.conf)
says to insert the report at the top of the  body, and my configuration are
the same as default. However, in the header of each tagged spam mail, i've
a report ( X-Mailscanner-SpamCheck: ...spamassassin...score...required...)<br>
 <br>
I've verified the options, my configuration files don't specify to make  report
only for header. I can send my configuration files. I've tried many options
in the configuration  files and I still don't have any report in the body.
<br>
<br>
I've found a partial answer in FAQ (number 25 - jointed at the end of this
e-mail) but is there not an issue ? <br>
Have I missed the answer in the archives, if yes could you send me the good
archive sample ?<br>
 <br>
Thanks for reply. <br>
 <br>
Lionel. <br>
 <br>
<br>
<br>
<br>
<br>
<br>
#############################################################<br>
<i>Sample of MailScanner FAQ :<br>
<br>
25 .Why can't I get MailScanner to process some SpamAssassin options?<br>
<br>
MailScanner only uses 3 pieces of information returned from SpamAssassin:
</i>
<ol>
  <li><i>The number of hits scored </i></li>
  <li><i>The threshold above which a message is deemed to be spam </i></li>
  <li><i>The list of matching rule names </i></li>
</ol>

<p><i> So changing SpamAssassin items like the report style (use_terse_report)
will have no effect as everything else is discarded. </i></p>

<p><i> This was coded by design to reduce the number of headers MailScanner
has to parse.</i> </p>
</body>
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From massctrl at SKYNET.BE  Thu Sep 16 11:32:25 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2060.1137101214.24926.mailscanner@lists.mailscanner.info>

Hi all,

I just can't seem to get a straight answer from mcafee about which license
policy they use if the mcafee command line scanner is used in combination
with mailscanner.
Is there's someone who's using mcafee on his mailscannerbox in a corporate
environment and allready knows what's the license policy?

Thanks in advance

J


ps : yes i do use clamav and yes clamav hasn't let any virus go through.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 16 11:33:59 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:54 2006
Subject: Spam Report in header but not in body
Message-ID: <mailman.2061.1137101214.24926.mailscanner@lists.mailscanner.info>

MailScanner doesn't normally put Spam reports in the body of emails.

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Thu Sep 16 12:03:26 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2062.1137101214.24926.mailscanner@lists.mailscanner.info>

J wrote:

> I just can't seem to get a straight answer from mcafee about
> which license policy they use if the mcafee command line
> scanner is used in combination with mailscanner.
> Is there's someone who's using mcafee on his mailscannerbox
> in a corporate environment and allready knows what's the license
> policy?
>
> Thanks in advance
>
> J
>
>
> ps : yes i do use clamav and yes clamav hasn't let any virus go
> through.

What licence have you currently got?

When you log in at
https://secure.nai.com/us/forms/downloads/upgrades/login.asp with your
Grant Number does it allow you to download the Virusscan Commandline
Scanners?

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Thu Sep 16 13:22:44 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:54 2006
Subject: Spam Report in header but not in body
Message-ID: <mailman.2063.1137101214.24926.mailscanner@lists.mailscanner.info>

> From: Michele Neylon :: Blacknight Solutions
[mailto:michele@BLACKNIGHTSOLUTIONS.COM] 

> MailScanner doesn't normally put Spam reports in the body of emails.

...unless you use the attachment spam action.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From paddy at PANICI.NET  Thu Sep 16 13:23:39 2004
From: paddy at PANICI.NET (paddy)
Date: Thu Jan 12 21:26:54 2006
Subject: Merging Configurations ...
Message-ID: <mailman.2064.1137101214.24926.mailscanner@lists.mailscanner.info>

Julian,

Thanks for responding.  Especially when this seems so FAQ.

On Wed, Sep 15, 2004 at 09:09:20PM +0100, Julian Field wrote:
> Have you looked at rulesets? They are explained in the MAQ (address at the
> bottom of every posting), the files in /etc/MailScanner/rules and in The
> Book.

Yes.  I already use rulesets.  Rulesets are great, I recommend them to all
my friends (okay then, both of them).  Rulesets *by themselves*, don't solve
the problem I'm considering, which is how to delegate *some* control to
other admins and even users - a *user* interface (admin interface is already great).

That is unless I missed something.  I just re-read the MAQ/FAQ. I don't
have the book, yet.  I do use the source. I still miss things.
Stubbornly so sometimes.

I'm *not* suggesting that this is a problem that MailScanner should solve,
to the contrary in fact.  I'm not even advocating it as a good idea.

As much as anything, I found the search for a way to get at %StaticScalars etc.
tantalising and frustrating and I'm hoping to either confirm
"you can't access lexicals from outside" or learn the wicked magic that does so!

But also I'm hoping that I've missed a posting on howto use the new ldap
configuration stuff that does all the hard work so I don't have to! :)
Them I can go away and play with that.

Who knows, maybe even get a little feedback from other users and yourself
on the very idea of an *end-user* interface and possible implementations.

Regards,


Paddy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 14:15:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Merging Configurations ...
Message-ID: <mailman.2065.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:23 16/09/2004, you wrote:
>But also I'm hoping that I've missed a posting on howto use the new ldap
>configuration stuff that does all the hard work so I don't have to! :)
>Them I can go away and play with that.

Do a search of the list archive for "ldif" or "ldap" and you should find
some useful information.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Thu Sep 16 14:26:34 2004
From: mkehler at WRHA.MB.CA (M Kehler)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2066.1137101214.24926.mailscanner@lists.mailscanner.info>

I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
server's maillog never shows anything pertaining to RBL whatsoever.
Everything else seems to work fine.

Where do I start looking for whats wrong? I have compared both
MailScanner.conf files, everything seems fine.  spam.assassin.prefs are
identical as well.  Its weird that I don't even see an error in my
maillog..so I don't really know where to start.  Any pointers would be
appreciated.

thx
Matt

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 15:15:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2067.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:26 16/09/2004, you wrote:
>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>server's maillog never shows anything pertaining to RBL whatsoever.
>Everything else seems to work fine.

Have you checked they both have these 2 defined in spam.lists.conf?
Is the /etc/resolv.conf on both machines the same, and the /etc/nsswitch.conf?
Is all other DNS working the same on the 2 machines?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Thu Sep 16 15:19:37 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2068.1137101214.24926.mailscanner@lists.mailscanner.info>

FYI, I was using Net::DNS v0.42, and have now upgraded that to Net::DNS v0.48.  Still no go.

Matt

>>> mkehler@WRHA.MB.CA 09/16/04 08:26AM >>>
I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
server's maillog never shows anything pertaining to RBL whatsoever.
Everything else seems to work fine.

Where do I start looking for whats wrong? I have compared both
MailScanner.conf files, everything seems fine.  spam.assassin.prefs are
identical as well.  Its weird that I don't even see an error in my
maillog..so I don't really know where to start.  Any pointers would be
appreciated.

thx
Matt




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Thu Sep 16 15:25:52 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2069.1137101214.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/16/04 09:15AM >>>
At 14:26 16/09/2004, you wrote:
>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>server's maillog never shows anything pertaining to RBL whatsoever.
>Everything else seems to work fine.

>Have you checked they both have these 2 defined in spam.lists.conf?
>Is the /etc/resolv.conf on both machines the same, and the /etc/nsswitch.conf?
>Is all other DNS working the same on the 2 machines?
>--
>Julian Field
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Both spam.lists.conf are identical.  Servers are configured the same DNS wise (same resolv.conf, nsswitch.conf, etc).  Everything else on the 2nd server other than the RBL function is working (ie, spamassassin, bayes, etc)

Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Sep 16 15:33:12 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2070.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> Where do I start looking for whats wrong? I have compared both
> MailScanner.conf files, everything seems fine.  spam.assassin.prefs are
> identical as well.  Its weird that I don't even see an error in my
> maillog..so I don't really know where to start.  Any pointers would be
> appreciated.

Do you have Net::DNS installed ?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From smlists at shaw.ca  Thu Sep 16 15:38:39 2004
From: smlists at shaw.ca (SMLists)
Date: Thu Jan 12 21:26:54 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2071.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This is part of  SURBL
When I finally got around to using SURBL (and Mailwatch for that matter)
I was kicking myself for not doing it sooner.

Check the getting started section of http://www.surbl.org/
I'm using the plugin for Spam Assassin 2.x but apparently it's built in
to ver 3.  I've been too lazy to try the release candidates of version 3.


Rob wrote:

> I do not see these rules on www.rulesemporium.com   where are they?
>
> And after I added rules from www.rulesemporium.com  I still get these
> irritating emails with subject "your meeting on"
>
> and it has just a graphic and a remove link
>
> URGH!
>
> Rob....
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent at MIRABITO.COM  Thu Sep 16 15:46:22 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:26:54 2006
Subject: New dangerous attachment filenames
Message-ID: <mailman.2072.1137101214.24926.mailscanner@lists.mailscanner.info>

In light of the new windows GDI vulnerability should we add 'jpg' and
'jpeg' to the list?

I am until I can get all of our machines patched.

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Brent Strignano
System Administrator
Granite Capital Holdings
Sidney, NY
 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Thursday, September 09, 2004 11:43 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: New dangerous attachment filenames


Microsoft have apparently expanded their list of "High-risk file types"
with the release of Windows XP SP2. The new list of high-risk dangerous
attachments they have added are: .ade .adp .app .asp .bas .bat .cer .chm
.cmd .com .cpl .crt .csh .exe .fxp .hlp .hta .inf .ins .isp .its .js
.jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw
.mda .mdb .mde .mdt .mdw .mdz .msc .msi .msp .mst .ops .pcd .pif .prf
.prg .pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs
.vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh

I have added what are apparently the worst of these to the default
filename.rules.conf file. The new file is attached.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Thu Sep 16 15:50:42 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:54 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.2073.1137101214.24926.mailscanner@lists.mailscanner.info>

Where I can find this option?

I use MS4.25-14

Thanks

-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
nombre de j2
Enviado el: martes, 14 de septiembre de 2004 22:31
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: Allow extensions in zips?


> Just set the archive depth setting to 0 and it will do exactly what you
> want.

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Thu Sep 16 16:04:04 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner -V
Message-ID: <mailman.2074.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<STYLE>BODY {
        BACKGROUND-POSITION: left top; MARGIN-TOP: 7em; FONT-WEIGHT: normal; FONT-SIZE: 8pt; MARGIN-BOTTOM: 0em; MARGIN-LEFT: 1em; COLOR: #000000; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: "Verdana"; BACKGROUND-COLOR: #ffffff
}
</STYLE>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY 
background="C:\Documents and Settings\RICARDO\Datos de programa\Microsoft\Stationery\file:Corporativo.gif">
<DIV><SPAN class=437030215-16092004><FONT face='"Verdana"' size=1>What happen in 
my system?</FONT></SPAN></DIV>
<DIV><SPAN class=437030215-16092004><FONT size=1></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=437030215-16092004><FONT size=1>When I do MailScanner -V? I 
received this message:</FONT></SPAN></DIV>
<DIV><SPAN class=437030215-16092004><FONT face='"Verdana"' 
size=1></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=437030215-16092004><FONT face='"Verdana"' 
size=1>[root@servnozar root]# MailScanner -V<BR>Cannot open config file -V, No 
existe el fichero o el directorio at /usr/lib/MailScanner/MailScanner/Config.pm 
line 456.<BR>[root@servnozar root]#<BR></FONT></SPAN></DIV>
<DIV><SPAN class=437030215-16092004><FONT face='"Verdana"' size=1><FONT 
face='"Verdana"'></FONT></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=437030215-16092004><FONT face='"Verdana"' size=1><FONT 
face='"Verdana"'>Thanks in advanced</FONT></DIV></FONT></SPAN><BR><BR>
<TABLE cellSpacing=0 cellPadding=0 width=400 border=0>
  <TBODY>
  <TR>
    <TD vAlign=top align=left width=1><FONT size=1>&nbsp;</FONT></TD>
    <TD vAlign=top align=left width=290>
      <P><FONT face=Verdana size=1><!--  CAMBIAR EL NOMBRE DEL USUARIO  --><!-- Si existen Acentos sustituir & acute; por la letra acentuada
        La letra que lleva el acento va entre el & y acute; --><STRONG>Ricardo 
      Luis Cañavate García</STRONG><BR></FONT><FONT face=Verdana size=1><!--  CAMBIAR EL CARGO DEL USUARIO  -->Dpto. de 
      Informática<BR><FONT color=#a90034><STRONG>NOZAR</STRONG><I>&nbsp;Grupo 
      Inmobiliario</I></FONT><BR><!--  CAMBIAR EL NUMERO DE TELEFONO Y FAX  --><FONT 
      color=#666666>Tel: 91 758 96 30 | Fax: 91 559 85 82</FONT><BR><A 
      href="http://www.nozar.es/" target=_blank><FONT 
      color=#a90034><STRONG>www.nozar.es</STRONG></FONT></A></FONT></P></TD></TR></TBODY></TABLE>
<DIV>&nbsp;</DIV></BODY><br />=========================================================<br />
<font size="2" face="Arial, Helvetica, sans-serif" justify="justify">Usted recibe este mensaje porque su dirección e-mail se encuentra en<br /> 
nuestra base de datos al haber tenido contactos anteriores con nosotros,<br /> 
por lo que entendemos que contamos con su autorización para enviarle<br /> 
información profesional. No obstante, si no desea seguir recibiéndola<br /> 
basta con hacérnoslo saber.<br />
Este mensaje se dirige exclusivamente a su destinatario y puede contener<br /> 
información privilegiada o confidencial. Si no es vd. el destinatario<br /> 
indicado, queda notificado de que la utilización, divulgación y/o copia<br /> 
sin autorización está prohibida en virtud de la legislación vigente.<br />
Si ha recibido este mensaje por error, le rogamos que nos lo comunique<br /> 
inmediatamente por esta misma vía y proceda a su destrucción.<br /><br />
You are receiving this message because your e-mail address is listed in<br /> 
our database due to previous communications with us,<br />
so we have assumed that we have your permission to send you professional<br />
information. However, if you do not wish to continue to receive such<br />
information then please let us know.<br />
This message is intended exclusively for its addressee and may contain<br />
information that is CONFIDENTIAL and protected by professional privilege.<br />
If you are not the intended recipient you are hereby notified that any<br />
dissemination, copy or disclosure of this communication is strictly<br />
prohibited by law. If this message has been received in error, please<br />
immediately notify us via e-mail and delete it.</font><br />
==========================================================<br />
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 16 16:04:08 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:54 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.2075.1137101214.24926.mailscanner@lists.mailscanner.info>

> Where I can find this option?
>
> I use MS4.25-14

Open MailScanner.conf in vi and look through it. It should be in or around
line 298



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Thu Sep 16 16:11:35 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: Allow extensions in zips?
Message-ID: <mailman.2076.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ricardo

I believe you'll need version 4.29.5-1 or later.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Ricardo Luis Cañavate wrote:
> Where I can find this option?
> 
> I use MS4.25-14
> 
> Thanks
> 
> -----Mensaje original-----
> De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
> nombre de j2
> Enviado el: martes, 14 de septiembre de 2004 22:31
> Para: MAILSCANNER@JISCMAIL.AC.UK
> Asunto: Re: Allow extensions in zips?
> 
> 
> 
>>Just set the archive depth setting to 0 and it will do exactly what you
>>want.
> 
> 
> Thanks!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> =========================================================================
> Usted recibe este mensaje porque su dirección e-mail se encuentra en 
> nuestra base de datos al haber tenido contactos anteriores con nosotros, 
> por lo que entendemos que contamos con su autorización para enviarle 
> información profesional. No obstante, si no desea seguir recibiéndola 
> basta con hacérnoslo saber.
> Este mensaje se dirige exclusivamente a su destinatario y puede contener 
> información privilegiada o confidencial. Si no es vd. el destinatario 
> indicado, queda notificado de que la utilización, divulgación y/o copia 
> sin autorización está prohibida en virtud de la legislación vigente. 
> Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
> inmediatamente por esta misma vía y proceda a su destrucción.
> 
> 
> You are receiving this message because your e-mail address is listed in 
> our database due to previous communications with us, 
> so we have assumed that we have your permission to send you professional 
> information. However, if you do not wish to continue to receive such 
> information then please let us know.
> This message is intended exclusively for its addressee and may contain 
> information that is CONFIDENTIAL and protected by professional privilege. 
> If you are not the intended recipient you are hereby notified that any 
> dissemination, copy or disclosure of this communication is strictly 
> prohibited by law. If this message has been received in error, please 
> immediately notify us via e-mail and delete it.
> =======================================================================
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 16:27:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner -V
Message-ID: <mailman.2077.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:04 16/09/2004, you wrote:
>What happen in my system?
>
>When I do MailScanner -V? I received this message:
>
>[root@servnozar root]# MailScanner -V
>Cannot open config file -V, No existe el fichero o el directorio at
>/usr/lib/MailScanner/MailScanner/Config.pm line 456.
>[root@servnozar root]#

You need a newer version that supports this option, I only added it quite
recently (4.32 according to my ChangeLog).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rich at MAIL.WVNET.EDU  Thu Sep 16 16:31:48 2004
From: rich at MAIL.WVNET.EDU (Richard Lynch)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2078.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Kehler wrote:

>>>>mailscanner@ECS.SOTON.AC.UK 09/16/04 09:15AM >>>
>>>>
>>>>
>At 14:26 16/09/2004, you wrote:
>
>
>>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>>server's maillog never shows anything pertaining to RBL whatsoever.
>>Everything else seems to work fine.
>>
>>
>
>
>
>>Have you checked they both have these 2 defined in spam.lists.conf?
>>Is the /etc/resolv.conf on both machines the same, and the /etc/nsswitch.conf?
>>Is all other DNS working the same on the 2 machines?
>>--
>>Julian Field
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>
>Both spam.lists.conf are identical.  Servers are configured the same DNS wise (same resolv.conf, nsswitch.conf, etc).  Everything else on the 2nd server other than the RBL function is working (ie, spamassassin, bayes, etc)
>
>Matt
>
>

I'm having a similar problem on my test system.  I, obviously, use the
test system for new versions or significant configuration changes.
Generally, I use a .forward file on my mail server (imap) user and
forward mail to myself and then to my test id on the MS test system --
that way I get mail in both places.   When I was moving from MS doing
all the RBL checks to Spamassassin doing all the RBL checks, mail would
pass through MS on the gateway to my mail server and then get forwarded
to MS on the test box and my test id there.  On the test system I would
get two Spamassassin reports in the mail headers
(X-MailScanner-SpamCheck).  The first report was from the production
system, which did the RBL checks in MS, and the second report was from
the test system with SA doing the RBL checks.  That worked great and I
could compare the results of the two different configurations.

Last weekend I changed the prod systems to do all of the RBL checks in
SA.  I changed the test system back to the old way where MS did RBL
checks and SA did not.  It's a pretty simple configuration change and
I'm reasonably sure it's correct.  I did this so I could continue to
compare results and make sure my change to SA doing RBLs had the desired
effect.  However, now the test system never does an RBL check even
though it's configured to do them.  I've wondered if MS decided not to
do RBL checks because the message already contained MS headers from the
initial scan on the production system.  Is that perhaps the reason MS is
not doing RBL checks even though I've configured it to do them?  I have
no idea.  Here's an example of the SpamCheck header.

  X-MailScanner-SpamCheck: spam, SpamAssassin (score=20.9, required 6,
        autolearn=spam, BAYES_99 5.40, DCC_CHECK 2.91, HTML_FONT_BIG 0.27,
        HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32, MIME_HTML_ONLY_MULTI 1.10,
        MSGID_FROM_MTA_HEADER 0.70, RCVD_IN_BL_SPAMCOP_NET 1.50,
        RCVD_IN_DYNABLOCK 1.50, RCVD_IN_SORBS 0.10, SPAMCOP_URI_RBL 3.50,
        WS_URI_RBL 3.50), spam, SpamAssassin (score=12.4, required 5,
        DCC_CHECK 2.91, HTML_FONT_BIG 0.27, HTML_MESSAGE 0.10,
        MIME_HTML_ONLY 0.32, MIME_HTML_ONLY_MULTI 1.10,
        MSGID_FROM_MTA_HEADER 0.70, SPAMCOP_URI_RBL 3.50, WS_URI_RBL 3.50)

Note that the first report from the prod system shows SA is getting RBL
hits.  The second report (test system) shows no RBL hits from SA or MS.
I do have the surbl stuff installed on both systems so the second report
does show those.  Perhaps this message isn't a good example -- I'm not
certain.  But I can say that I never get a MS RBL hit on the test
system.  I've triple checked the configs and I don't understand why.
The config differences are fairly simple.  On the prod systems in
MailScanner.conf I set "Spam List =" with an empty list.  On the test
system this setting points to a ruleset which contains...

FromOrTo:       default         ORDB-RBL spamcop.net NJABL SBL+XBL
SORBS-DNSBL

The other change is in /etc/MailScanner/spam.assassin.prefs.conf.  On
the test system I have "skip_rbl_checks 1" and on the prod system I have
"skip_rbl_checks 0".  That's pretty much it.  I also upped the spam
score on the prod system to 6.

Sorry for the long winded description.  I just don't understand why MS
on the test system never does an RBL check even though it's configured
to do them.  I've assumed it has something to do with the MS headers
that are already there from the production system.

-- Rich

--



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 16:46:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2079.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:31 16/09/2004, you wrote:
>I've wondered if MS decided not to
>do RBL checks because the message already contained MS headers from the
>initial scan on the production system.  Is that perhaps the reason MS is
>not doing RBL checks even though I've configured it to do them?

No, MailScanner never uses the contents of the message to decide to avoid
doing any checks. The only time the message content is used is to avoid
multiple signatures on clean messages.

>Note that the first report from the prod system shows SA is getting RBL
>hits.  The second report (test system) shows no RBL hits from SA or MS.
>I do have the surbl stuff installed on both systems so the second report
>does show those.  Perhaps this message isn't a good example -- I'm not
>certain.  But I can say that I never get a MS RBL hit on the test
>system.  I've triple checked the configs and I don't understand why.
>The config differences are fairly simple.  On the prod systems in
>MailScanner.conf I set "Spam List =" with an empty list.  On the test
>system this setting points to a ruleset which contains...

Have you tried
         Debug = yes
         Debug SpamAssassin = yes
and seeing what the SA output on the system shows? This should do a few DNS
checks to prove that its DNS is working, and then tell you what it is
looking up.

>The other change is in /etc/MailScanner/spam.assassin.prefs.conf.  On
>the test system I have "skip_rbl_checks 1" and on the prod system I have
>"skip_rbl_checks 0".

Errr... won't have have rather a large effect on the SA checks on the test
system?
It won't affect the MS checks though.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From karl.bailey at LANDMARK-INFORMATION.CO.UK  Thu Sep 16 16:52:43 2004
From: karl.bailey at LANDMARK-INFORMATION.CO.UK (Karl Bailey)
Date: Thu Jan 12 21:26:54 2006
Subject: whitelisting
Message-ID: <mailman.2080.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=948464515-16092004><FONT face=Arial size=2>Is there a way of 
white listing based on a to address AND from address at the same time... so only 
mail from Joe snudge is white listed when sent to Mary snudge.. but mail from 
Joe snudge to john smith is spam checked as normal.</FONT></SPAN></DIV>
<DIV><SPAN class=948464515-16092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=948464515-16092004><FONT face=Arial 
size=2>Thanks...</FONT></SPAN></DIV>
<DIV><SPAN class=948464515-16092004><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=948464515-16092004><FONT face=Arial 
size=2>Regards</FONT></SPAN></DIV>
<DIV><SPAN class=948464515-16092004><FONT face=Arial size=2>Karl 
Bailey</FONT></SPAN></DIV></BODY>
<pre>=====================================
This email and any files transmitted
with it are confidential and intended
solely for the use of the individual
or entity to whom they are addressed.

If you have received this email in 
error please notify Landmark 
Information  Group on +44(0)1392 441700

For more information about the 
Landmark Information Group visit
www.landmark-information.co.uk

This email and any attachments have
been scanned for viruses and to the
best of our knowledge are clean.<BR>
====================================</pre>

</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 17:08:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: The Book at Amazon
Message-ID: <mailman.2081.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just discovered that you can type "MailScanner" into Amazon and get a
sensible response.
(Bit more expensive than from my website though).

Cool! :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ricardo.canavate at nozar.es  Thu Sep 16 17:21:01 2004
From: ricardo.canavate at nozar.es (Ricardo Luis Canavate)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner -V
Message-ID: <mailman.2082.1137101214.24926.mailscanner@lists.mailscanner.info>

Thanks Julian

-----Mensaje original-----
De: Julian Field [mailto:mailscanner@ecs.soton.ac.uk]
Enviado el: jueves, 16 de septiembre de 2004 17:28
Para: ricardo.canavate@nozar.es
CC: mailscanner@jiscmail.ac.uk
Asunto: Re: MailScanner -V


At 16:04 16/09/2004, you wrote:
>What happen in my system?
>
>When I do MailScanner -V? I received this message:
>
>[root@servnozar root]# MailScanner -V
>Cannot open config file -V, No existe el fichero o el directorio at 
>/usr/lib/MailScanner/MailScanner/Config.pm line 456.
>[root@servnozar root]#

You need a newer version that supports this option, I only added it quite 
recently (4.32 according to my ChangeLog).
-- 
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 17:42:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: whitelisting
Message-ID: <mailman.2083.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, use a rule like this
From: Joe@snudge and To: Mary@snudge    yes
From: Joe@snudge and To: John@smith     no
i.e. just use the "and" keyword.
You can only have 1 "and" in a rule, it's not a general expression evaluator.

At 16:52 16/09/2004, you wrote:
>Is there a way of white listing based on a to address AND from address at
>the same time... so only mail from Joe snudge is white listed when sent to
>Mary snudge.. but mail from Joe snudge to john smith is spam checked as normal.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Thu Sep 16 18:01:00 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:54 2006
Subject: The Book at Amazon
Message-ID: <mailman.2084.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> Just discovered that you can type "MailScanner" into Amazon and get a
> sensible response.
> (Bit more expensive than from my website though).


Unless you go to the US site (www.amazon.com), then you get "The Last
Prophecy"

--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Thu Sep 16 18:38:48 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner-MRTG - new 'unstable' version
Message-ID: <mailman.2085.1137101214.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-15 at 22:04, Hywel Burris wrote:
> Hi Kevin,
>
> I just noticed the following, the Number Of Files / Messages In Quarantine
> graph has changed a lot I know you said there were changes in this area but
> should this drop be expected?

For anyone else experiencing this issue please apply the attached short
patch to /usr/lib/MailScanner/Data.pm





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/X-PATCH (charset: ISO-8859-1 "Latin 1 (Western ]
    [ Europe)") (Name: "Data.patch")  10 lines. ]
    [ Unable to print this part. ]


From massctrl at SKYNET.BE  Thu Sep 16 18:54:02 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2086.1137101214.24926.mailscanner@lists.mailscanner.info>

Thanks for the reply,


Well we don't have any mcafee licenses, products and or agreements,..
Sorry if my post was a bit misleading.
I was just wondering if it's legally possible to use their linux command
line scanner, and if so, which kind of licensing they will use, per domain,
per server or per user,....

For example i got an answer from Panda AV telling me that if i wanted to
use the panda commandline scanner in mailscanner, i had to buy a +- 9.50^À
license per user.

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 16 18:59:34 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2087.1137101214.24926.mailscanner@lists.mailscanner.info>

On Thu, 2004-09-16 at 18:54 +0100, J wrote:

> 
> For example i got an answer from Panda AV telling me that if i wanted to
> use the panda commandline scanner in mailscanner, i had to buy a +- 9.50â^¬
> license per user.

Panda are very badly organised.
We bought a license last year but we could never get the updates or
anything else to work!

> 
-- 
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Thu Sep 16 19:02:45 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2088.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
J wrote:
> Well we don't have any mcafee licenses, products and or agreements,..
> Sorry if my post was a bit misleading.
> I was just wondering if it's legally possible to use their linux command
> line scanner, and if so, which kind of licensing they will use, per domain,
> per server or per user,....

You can use Clam (think you did already) and Bitdefender for free. And
CA eTrust is licensed per server, not per user, it's very cheap. Check
it out.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Thu Sep 16 19:12:29 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2089.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> Hi all,
>
> I just can't seem to get a straight answer from mcafee about which license
> policy they use if the mcafee command line scanner is used in combination
> with mailscanner.
> Is there's someone who's using mcafee on his mailscannerbox in a corporate
> environment and allready knows what's the license policy?
>
> Thanks in advance
My company has a license pack for the Windows desktops, and the command
line scanner is included in our purchase. Bot there are a few free
scanners if you are just looking for some redundancy. ClamAV which you
already use, BitDefender is also good (and free), Im sure there are more
. I have all three running, just in case one is a little late with an
update.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Thu Sep 16 19:15:21 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2090.1137101214.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/16/04 09:15AM >>>
At 14:26 16/09/2004, you wrote:
>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>server's maillog never shows anything pertaining to RBL whatsoever.
>Everything else seems to work fine.

>Have you checked they both have these 2 defined in spam.lists.conf?
>Is the /etc/resolv.conf on both machines the same, and the /etc/nsswitch.conf?
>Is all other DNS working the same on the 2 machines?
>--
>Julian Field
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Sorry, one thing I forgot..is that the boxes are virtually identially BUT the non-working-RBL box is a relay, and forwards email to another server inside our LAN.  It still uses public DNS servers though, so I don't see how this could make a difference.  The working server just has local accounts.  (these two servers do not interact with each other in any way; they are different companies)

Anyone have another idea?

thx!
Matt




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 19:17:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2091.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:02 16/09/2004, you wrote:
>You can use Clam (think you did already) and Bitdefender for free. And
>CA eTrust is licensed per server, not per user, it's very cheap. Check
>it out.

I have had reports that CA have changed their licensing, now requiring a
per-user licence.
Don't take that as gospel, these are second-hand reports.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From NPaterson at OCC.AC.UK  Thu Sep 16 19:17:52 2004
From: NPaterson at OCC.AC.UK (Nigel Paterson)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question {OCC Scanned}
Message-ID: <mailman.2092.1137101214.24926.mailscanner@lists.mailscanner.info>

When I enquired, I was told by a McAfee reseller that the licencing
would be based on the number of user mailboxes that were receiving email
via the virus scanner. 

We are using ClamAV with MailScanner and it is proving to be very
effective.

Nigel P.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of J
Sent: 16 September 2004 11:32
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Mcafee license question {OCC Scanned}

Hi all,

I just can't seem to get a straight answer from mcafee about which
license policy they use if the mcafee command line scanner is used in
combination with mailscanner.
Is there's someone who's using mcafee on his mailscannerbox in a
corporate environment and allready knows what's the license policy?

Thanks in advance

J


ps : yes i do use clamav and yes clamav hasn't let any virus go through.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

-- 

== Oxford & Cherwell College Email Gateway MX1 == This message has been
scanned using MailScanner
(www.mailscanner.info) and is believed to be free of viruses and other
dangerous content.


-- 
Notice: The contents of this message are confidential and
may be legally privileged.  If you are not the intended
recipient any disclosure, copying, printing or distribution
of the contents is prohibited and may be unlawful. If you have
received this message in error please inform the sender
and remove it from your system. Any views or opinions
expressed in this message are the responsibility
of the originator and do not necessarily reflect those of
Oxford and Cherwell College, unless explicitly stated otherwise.

This message has been scanned at the Oxford and Cherwell
College email gateway using MailScanner (www.mailscanner.info)
and is believed to be free of viruses and dangerous content.
You are advised, however, to carry out your own checks before
opening any attachment(s).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From krausem at gmail.com  Thu Sep 16 19:42:33 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.2093.1137101214.24926.mailscanner@lists.mailscanner.info>

When someone gets this book and has a chance to flip through it, I
wouldn't mind seeing a review/synopsis of the book.   Is the
information contained within it more detailed than what is on the web?
 Stuff like that.

Thanks.

Matt


On Wed, 15 Sep 2004 08:49:23 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> At 02:57 15/09/2004, you wrote:
> >Can I have the table of content of  the book. I can't find it in the above
> >site.
>
> Chapter
> Introduction..........................................................................
> 7
> A Brief History of
> MailScanner....................................................................7
> How MailScanner
> Works..............................................................................7
> 2 Chapter
> Planning the
> Installation...................................................... 13
> System Requirements
> ................................................................................13
> Firewall and Network
> Requirements.........................................................14
> Installing Red Hat Enterprise
> Linux..........................................................14
> Installing the Message Transfer
> Agent......................................................15
> Installing sendmail
> .....................................................................................15
> Installing Exim
> ...........................................................................................15
> Installing
> Postfix.........................................................................................15
> Installing MailScanner
> ...............................................................................15
> Installing
> SpamAssassin.............................................................................16
> 3 Chapter
> MailScanner Configuration.................................................. 19
> MailScanner
> Files.......................................................................................19
> Getting Started with MailScanner Configuration
> .....................................20
> Before you
> start..........................................................................................20
> MailScanner.conf
> Parameters....................................................................21
> General settings
> .........................................................................................21
> System
> Settings..........................................................................................22
> Incoming Work Dir
> Settings.......................................................................23
> Quarantine and Archive
> Settings...............................................................24
> Processing Incoming Mail
> ..........................................................................25
> Virus Scanning and Vulnerability Testing
> .................................................28
> Options specific to Sophos
> Anti-Virus........................................................31
> Options specific to ClamAV Anti-Virus
> ......................................................32
> Removing/Logging dangerous or potentially offensive content ...............32
> Attachment Filename
> Checking.................................................................35
> 4
> Reports and
> Responses..............................................................................
> 36
> Changes to Message Headers
> ................................................................... 39
> Notifications back to the senders of blocked messages
> ........................... 42
> Changes to the Subject:
> line...................................................................... 43
> Changes to the Message
> Body................................................................... 45
> Mail Archiving and
> Monitoring.................................................................. 46
> Notices to System Administrators
> ............................................................. 46
> Spam Detection and Virus Scanner Definitions
> ........................................ 47
> Spam Detection and Spam Lists (DNS blocklists)
> .................................... 48
> SpamAssassin.............................................................................................
> 50
> What to do with spam
> ................................................................................
> 53
> Logging.......................................................................................................
> 56
> Advanced SpamAssassin Settings
> ............................................................. 57
> Advanced Settings
> .....................................................................................
> 58
> 4 Chapter
> SpamAssassin Configuration.............................................. 63
> spam.assassin.prefs.conf
> ........................................................................... 64
> SpamAssassin and DNS
> .............................................................................
> 64
> White and Black
> Listing.............................................................................
> 64
> Bayesian Filtering
> ......................................................................................
> 65
> Network
> Checks.........................................................................................
> 66
> Adding SpamAssassin Rules
> ...................................................................... 67
> Changing SpamAssassin Rule
> Scores........................................................ 68
> SpamAssassin SURBL
> rules....................................................................... 68
> 5 Chapter
> Advanced Configuration via Rulesets ................................. 71
> Ruleset Formats
> .........................................................................................
> 71
> Direction.....................................................................................................
> 71
> Pattern........................................................................................................
> 72
> Result..........................................................................................................
> 73
> 6 Chapter
> Related Applications
> ........................................................... 75
> MailWatch for MailScanner
> ....................................................................... 75
> MailScanner Webmin Module
> ................................................................... 76
> Vispan.........................................................................................................
> 76
> MailScanner-mrtg
> ......................................................................................
> 76
> 5
> phplistadmin...............................................................................................77
> Network Spam
> Checks...............................................................................77
> DCC.............................................................................................................77
> Razor...........................................................................................................77
> http://razor.sourceforge.net/......................................................................78
> Pyzor
> ...........................................................................................................78
> Tuning.........................................................................................................79
> Trouble shooting
> ........................................................................................80
> Getting Help
> ...............................................................................................80
> AppendixA
> Installing Red Hat Enterprise Linux.................................. 83
> AppendixB
> Installing Third Party Virus Scanners ............................... 85
> AppendixC
> Practical Ruleset Examples ............................................... 89
> Spam Black
> List..........................................................................................89
> Only Sign Outgoing Messages
> ...................................................................89
> Use Different Signatures for Different Domains
> .......................................90
> Only Virus Scan Some
> Domains.................................................................90
> Send System Administrator Notices to Several People
> ............................90
> Scan for spam only from certain domains
> .................................................91
> Filename and Filetype Checking for Specified Domains
> ..........................92
> AppendixD
> Upgrading MailScanner (rpm Version)............................. 95
> The
> Upgrade...............................................................................................95
> Upgrading Mailscanner.conf
> .....................................................................95
> Installing .rpmnew
> files..............................................................................96
>
> 1 Training Introduction
> ....................................................................................................
> 101
> 2 Email Message Structure
> ..............................................................................................
> 105
> 3 The Mail Delivery
> Process............................................................................................
> 111
> 4 MailScanner: What It
> Does...........................................................................................
> 117
> 5 Detailed Analysis
> ..........................................................................................................
> 123
> 5.1 Child Processes
> .....................................................................................................
> 129
> 5.2 Spam Checking
> .....................................................................................................
> 135
> 5.3 Spam
> Actions........................................................................................................
> 159
> 5.4 Attachment Extraction
> ..........................................................................................
> 171
> 5.5 Attachment Checks
> ...............................................................................................
> 181
> 5.6 Virus
> Scanning......................................................................................................
> 203
> 5.7 HTML Checks
> ......................................................................................................
> 213
> 5.8 Quarantine & Modifying Messages
> ...................................................................... 223
> 5.9 Silent & Non-Forging Viruses
> ..............................................................................
> 245
> 100
> 5.10 Message
> Responses...............................................................................................
> 253
> 5.11 Macro-virus Disinfection
> ......................................................................................
> 261
> 6 Administration
> ..............................................................................................................
> 269
> 7 Configuration
> ................................................................................................................
> 279
> 7.1
> Rulesets.................................................................................................................
> 285
> 7.2 Custom Functions
> .................................................................................................
> 297
> 7.3 Internationalisation &
> Reports..............................................................................
> 305
> 7.4 Directory
> Structure................................................................................................
> 309
> 7.5 Startup and
> Shutdown...........................................................................................
> 315
> 8 Charity
> Support.............................................................................................................
> 327
>
>
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>



--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 16 20:12:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.2094.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Some of it you will have seen before. But I would hope that a thorough read
of the Training Manual part explains how it works in rather more detail
than is available elsewhere. It also puts all the configuration options
into context, so you can start to understand how they relate to each other.
If you are not a highly experienced MailScanner user, it should be a very
useful resource.
That's what I intended, anyway.
It is in a slightly unusual format, part user guide and part training
material, but that's how it got written in the first place.

I will be interested to hear what you think.

At 19:42 16/09/2004, you wrote:
>When someone gets this book and has a chance to flip through it, I
>wouldn't mind seeing a review/synopsis of the book.   Is the
>information contained within it more detailed than what is on the web?
>  Stuff like that.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Thu Sep 16 21:05:22 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:54 2006
Subject: mcafee autoupdate
Message-ID: <mailman.2095.1137101214.24926.mailscanner@lists.mailscanner.info>

I recently updated from MailScanner 4.28.6 to 4.33.3. In
/opt/MailScanner/lib/mcafee-autoupdate PREFIX is set to /opt/uvscan. Is
this new, or did I simply forget I needed to change this when upgrading?

The update script was working correctly, pulling down new DATs to
/opt/uvscan. But, uvscan here is in /usr/local/uvscan. We had a few
Phish-BankFraud.eml trojans slip through today and get caught on users'
desktop PCs by mcafee there, which brought my attention to this problem.

Perhaps more troubling, as far as I can tell the sophos autoupdate is
working correctly and pulling IDEs to the correct place, but sophos
appears to have let this trojan get through anyway.

I'm sorry if any of this has been discussed recently. I did do some
searches in the archives and nothing recent came up.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Thu Sep 16 21:21:19 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:54 2006
Subject: mcafee autoupdate
Message-ID: <mailman.2096.1137101214.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 16, 2004 at 04:05:22PM -0400, Eric Dantan Rzewnicki wrote:
> I recently updated from MailScanner 4.28.6 to 4.33.3. In
> /opt/MailScanner/lib/mcafee-autoupdate PREFIX is set to /opt/uvscan. Is
> this new, or did I simply forget I needed to change this when upgrading?
> The update script was working correctly, pulling down new DATs to
> /opt/uvscan. But, uvscan here is in /usr/local/uvscan. We had a few
> Phish-BankFraud.eml trojans slip through today and get caught on users'
> desktop PCs by mcafee there, which brought my attention to this problem.
> Perhaps more troubling, as far as I can tell the sophos autoupdate is
> working correctly and pulling IDEs to the correct place, but sophos
> appears to have let this trojan get through anyway.
> I'm sorry if any of this has been discussed recently. I did do some
> searches in the archives and nothing recent came up.

Ugh. I see that if I were using update_virus_scanners this wouldn't have
happened since that script checks virus.scanners.conf and calls each
autoupdate script with the ${PACKAGEDIR} it pulls out of the .conf file
as a commanline argument.

I guess that's what I get for being different.

I suppose it is not recommended to use the individual autoupdate
scripts, but is it necessarily wrong to do so?

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent.bolin at gmail.com  Thu Sep 16 21:28:20 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:54 2006
Subject: Don't want to scan local person for unwanted spam
Message-ID: <mailman.2097.1137101214.24926.mailscanner@lists.mailscanner.info>

Hi All,

I have a local user that dosen't want his email scanned for spam.

Do I just add something like this to
/usr/local/etc/MailScanner/rules/spam.whitelist.rules

To: user@someplace.com yes

The someplace is our local domain.

btb

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Thu Sep 16 21:59:15 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:54 2006
Subject: Don't want to scan local person for unwanted spam
Message-ID: <mailman.2098.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
BB wrote:

>Hi All,
>
>I have a local user that dosen't want his email scanned for spam.
>
>Do I just add something like this to
>/usr/local/etc/MailScanner/rules/spam.whitelist.rules
>
>To: user@someplace.com yes
>
>

Correct.  You should include the default rule also:

FromOrTo:    default                 no

Dustin

p.s. Technically, if you don't want email scanned for spam, you would
create a ruleset for "SpamChecks" and say "no" for user@someplace.com
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rvanwijn at XS4ALL.NL  Thu Sep 16 22:48:40 2004
From: rvanwijn at XS4ALL.NL (Reinier van Wijngaarden)
Date: Thu Jan 12 21:26:54 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2099.1137101214.24926.mailscanner@lists.mailscanner.info>

I saw a lot of people here having trouble with some PDFs in conjuction
with MS Outlook & MS Outlook Express which gets corrupted.
I had the same problem, but found a possible fix. I tried it and it worked
perfectly.
I had saved some originel PDF's which gets corrupted the moment I send
them through MailScanner.

They all worked fine now.

The solution I found was in de FreeBSD corner:

http://www.mail-archive.com/mimedefang@lists.roaringpenguin.com/msg05058.html

I picked out the file: QuotedPrint.pm and copied it over the existing file
in:

/usr/lib/perl5/site_perl/5.6.1/MIME/Decoder/QuotedPrint.pm

ofcourse then launch the command: service MailScanner restart

And it worked perfectly. This is a piece out of the file with the code.

BUT CAUTION ....in the next update of MailScanner the Mime-tools are being
updated there is a chance that this will overwrite your newly installed
QuotedPrint.pm.

Good luke hope this one works for you also !! Thanx goes to Martin Blapp !

--- lib/MIME/Decoder/QuotedPrint.pm.orig        Tue Aug 31 17:02:43 2004
+++ lib/MIME/Decoder/QuotedPrint.pm     Tue Aug 31 17:02:38 2004
@@ -85,9 +85,37 @@
 #
 sub decode_it {
     my ($self, $in, $out) = @_;
+    my $init = 0;
+    my $badpdf = 0;

     while (defined($_ = $in->getline)) {
-       $out->print(decode_qp($_));
+       #
+       # Dirty hack to fix QP-Encoded PDFs from MS-Outlook.
+       #
+       # Check if we have a PDF file and if it has been encoded
+       # on Windows. Unix encoded files are fine. If we have
+       # one encoded CR after the PDF init string but are missing
+       # an encoded CR before the newline this means the PDF is broken.
+       #
+       if (!$init) {
+               $init = 1;
+               if ($_ =~ /^%PDF-[0-9\.]+=0D/ && $_ !~ /(?!=0D)\n$/) {
+                       $badpdf = 1;
+               }
+       }
+       #
+       # Decode everything with decode_qp() except corrupted PDFs.
+       #
+       if ($badpdf) {
+               my $output = $_;
+               $output =~ s/[ \t]+?(\r?\n)/$1/g;
+               $output =~ s/=\r?\n//g;
+               $output =~ s/(^$|[^\r])\n\Z/$1\r\n/;
+               $output =~ s/=([\da-fA-F]{2})/pack("C", hex($1))/ge;
+               $out->print($output);
+       } else {
+               $out->print(decode_qp($_));
+       }
     }
     1;
 }

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Thu Sep 16 23:33:46 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:54 2006
Subject: Perl syslog problem with Solaris
Message-ID: <mailman.2100.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm setting up a new system to go along with a previous one. Both are
Solaris 9 on Fire V210 servers. The difference is that the old one runs
MS 4.32 and Perl 5.8.0 while the new one has MS 4.33 and Perl 5.8.5.

So far I have only seen the problem with Clams update script that
utilizes Sys::Syslog which produces nothing on the new system. Using the
logger command works fine so the wrapper script logs that Clam is found
but I get no logs from Clams own script about the result of the update.

I ran it directly to get all output and got this:

root@ajax[root]# date
Thu Sep 16 17:22:41 CEST 2004
root@ajax[root]# /usr/local/bin/perl ./clamav-autoupdate
unix dgram connect: Socket operation on non-socket at
./clamav-autoupdate line
53
no connection to syslog available at ./clamav-autoupdate line 53
root@ajax[root]# tail -1 /var/log/syslog
Sep 16 17:20:59 ajax ClamAV-autoupdate[25059]: ClamAV did not need updating

Note that nothing was written to the log (last line was from a previous
test, see timestamp).

I then changed the connection method from unix to udp in the script and
it works:

root@ajax[root]# date
Thu Sep 16 17:23:44 CEST 2004
root@ajax[root]# /usr/local/bin/perl ./clamav-autoupdate
root@ajax[root]# tail -1 /var/log/syslog
Sep 16 17:23:47 ajax ClamAV-autoupdate[25076]: ClamAV did not need updating

Now I get the log message and no error message. Nothing is messed with
in /etc/syslog.conf and syslogd is not started with -t which has caused
trouble for some others.

Since the Clam script has not changed between 4.32 and 4.33 I have to
assume something is different between Perl 5.8.0 and 5.8.5.

I will investigate more tomorrow but would like some input from people.
I know Solaris admins have posted here before complaining about
syslogging but I didn't pay much attention to it since I never
experienced any problems myself.

Julian? Will I have to change this in more places for MS own logging to
work? Could the default be changed to udp without breaking stuff for
others? Could it be configurable if different systems need different
settings?

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rzewnickie at RFA.ORG  Fri Sep 17 01:31:21 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:54 2006
Subject: mcafee autoupdate
Message-ID: <mailman.2101.1137101214.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 16, 2004 at 04:21:19PM -0400, Eric Dantan Rzewnicki wrote:
> On Thu, Sep 16, 2004 at 04:05:22PM -0400, Eric Dantan Rzewnicki wrote:
> > I recently updated from MailScanner 4.28.6 to 4.33.3. In
> > /opt/MailScanner/lib/mcafee-autoupdate PREFIX is set to /opt/uvscan. Is
> > this new, or did I simply forget I needed to change this when upgrading?
<snip>
> I guess that's what I get for being different.
> I suppose it is not recommended to use the individual autoupdate
> scripts, but is it necessarily wrong to do so?

In case anyone else has had or has in the future issues similar to this,
below is my changelog entry for what I did to get my stuff up to snuff.
Any comments or suggestions are welcome. Running update_virus_scanners
3x/hour seems excessive to me personally, but frequent checks were
requested by management.

-Eric Rz.


2004-0916-1909 EDT rzewnickie@rfa.org
updated sophos engine to SophosSAVI 3.85 / engine 2.22 (from 3.82/2.20)
  got linux.intel.libc6.glibc.2.2.tar.Z from
    http://www.sophos.com/support/updates/
  unpacked in scotty:/tmp/
  stopped MailScanner
  edited: /opt/MailScanner/bin/Sophos.install.linux
    SCRIPTS=/opt/MailScanner/lib
  cd /tmp/sav-install
  ran /opt/MailScanner/bin/Sophos.install.linux
  restarted MailScanner

Changed to using supplied scripts in /opt/MailScanner/bin/cron/ instead
of calling check_MailScanner and individual virus scanner autoupdate
scripts directly. These new wrapper scripts have better error handling,
lock checking and logging. They are now the recommended way to automate
these tasks for MailScanner, but were not available when we initially
installed last year.

The scripts they call are maintained with the assumption that they will
be called from these .cron scripts rather than individually. Using the
.cron scripts should avoid the problem we had with the mcafee DATs
updating into the wrong directory. Additionally, the
update_virus_scanners.cron script includes a randomized delay so that
various MailScanner installations are unlikely to all hit the virus
vendor's sites at the same time. Since both sophos and mcafee will be
checked everytime this is run, we now run this 3 times per hour.
Previously we checked each 2 times per hour, alternating so that we
checked one or the other every 15 minutes.
  crontab -e:
    # check_mailscanner starts mailscanner or restarts it if it fails
    # for some reason
    @reboot
/opt/MailScanner/bin/cron/check_MailScanner.cron >/dev/null 2>&1
    */20 *    *    *     *
/opt/MailScanner/bin/cron/check_MailScanner.cron >/dev/null 2>&1
    # check for new virus scanner DATs (mcafee) or IDEs (sophos)
    */20 *    *    *     *
/opt/MailScanner/bin/cron/update_virus_scanners.cron >/dev/null 2>&1

2004-0916-1554 EDT rzewnickie@rfa.org
edited /opt/MailScanner/lib/mcafee-autoupdate
  PREFIX=/usr/local/uvscan
this is the script that updates mcafee dats. It is run via cron. It was
working and pulling the dats, but putting them in the wrong directory.
This variable was set to /opt/uvscan in mailscanner 4.33.3. I don't know
why this was done, but I will ask on the mailscanner list. The latest
dat is in place and in use now.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 08:40:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: mcafee autoupdate
Message-ID: <mailman.2102.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:21 16/09/2004, you wrote:
>Ugh. I see that if I were using update_virus_scanners this wouldn't have
>happened since that script checks virus.scanners.conf and calls each
>autoupdate script with the ${PACKAGEDIR} it pulls out of the .conf file
>as a commanline argument.
>
>I guess that's what I get for being different.
>
>I suppose it is not recommended to use the individual autoupdate
>scripts, but is it necessarily wrong to do so?

The recommended route is update_virus_scanners as that will do it
correctly. You are welcome to call the individual scripts directly if you
want to (I can't stop you), but if I need to change the command-line
arguments in the future for some reason, you are inviting trouble.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 08:41:42 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2103.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The new version of MIME-tools has this all built in. You don't need to
patch anything.
I have been working on this with Martin and a couple of other folks for the
past few weeks.

At 22:48 16/09/2004, you wrote:
>I picked out the file: QuotedPrint.pm and copied it over the existing file
>in:
>/usr/lib/perl5/site_perl/5.6.1/MIME/Decoder/QuotedPrint.pm
>ofcourse then launch the command: service MailScanner restart
>And it worked perfectly. This is a piece out of the file with the code.
>
>BUT CAUTION ....in the next update of MailScanner the Mime-tools are being
>updated there is a chance that this will overwrite your newly installed
>QuotedPrint.pm.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 08:42:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Perl syslog problem with Solaris
Message-ID: <mailman.2104.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you told the new machine's syslogd to listen on a port? In Solaris, by
default, it doesn't.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ricardo.canavate at nozar.es  Fri Sep 17 10:03:11 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:54 2006
Subject: Signing Rules
Message-ID: <mailman.2105.1137101214.24926.mailscanner@lists.mailscanner.info>

Hi;

I have one rule to sign all the messages processed from *@mydomain to all
the world. When I do a reply the message are signed again.

Could I do something to delete it or not sign the message who previously was
signed?

Thanks.


 Ricardo Luis Cañavate García
Dpto. de Informática
NOZAR Grupo Inmobiliario
Tel: 91 758 96 30 | Fax: 91 559 85 82
www.nozar.es


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Fri Sep 17 10:17:14 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:54 2006
Subject: Mcafee license question
Message-ID: <mailman.2106.1137101214.24926.mailscanner@lists.mailscanner.info>

J wrote:
> Thanks for the reply,
> 
> 
> Well we don't have any mcafee licenses, products and or agreements,..
> Sorry if my post was a bit misleading.
> I was just wondering if it's legally possible to use their
> linux command line scanner, and if so, which kind of
> licensing they will use, per domain, per server or per user,....
> 
> For example i got an answer from Panda AV telling me that if
> i wanted to use the panda commandline scanner in mailscanner,
> i had to buy a +- 9.50â^¬ license per user.
> 
> Thanks

A quick look through our virus alerts shows that the only thing McAfee's
picking up as malware which Bitdefender and ClamAV aren't is a phishing
scam email, but spamassassin is getting that anyway, so you're not
losing much from not having it.  Until McAfee wakes up and starts
releasing daily production DAT files they are not of much use anyhow.
Too little, too late syndrome.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From David.While at UCE.AC.UK  Fri Sep 17 10:17:48 2004
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:26:54 2006
Subject: RIP act
Message-ID: <mailman.2107.1137101214.24926.mailscanner@lists.mailscanner.info>

This is really for UK people:

What are people's thoughts about the use of quaratining messages which
then need to be manually viewed by someone other than the intended
recipient?

Is this legal under the RIP act?

--------------------------------------------
David While BSc CEng MBCS CITP
Technical Development Manager
School of Computing & Information
University of Central England
Tel: 0121 331 6211
--------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Fri Sep 17 10:34:25 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:54 2006
Subject: RIP act
Message-ID: <mailman.2108.1137101214.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> This is really for UK people:
>
> What are people's thoughts about the use of quaratining
> messages which then need to be manually viewed by someone
> other than the intended recipient?
>
> Is this legal under the RIP act?

Given the assinine laws we have these days, probably not, unless you're
a member of the SS (Security Services, but sometimes I wonder) or
police.

Bad laws make good people criminals.  Sighs...

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 17 10:41:43 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: RIP act
Message-ID: <mailman.2109.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
David

Depends on what the email policy says, and if this is signed up by the
user. An actual bit of paper with their signature helps. We have this in
the standard staff handbook which evreyone signs up on working here.

If you've got a clause about monitoring for complaince/abuse purposes
for email/internet/telehpone/fax then you'll be OK.

*But* given that RIP and the Human Rights Acts contradict each other, it
all a bit grey until this is clarified by a judge in a court case (ie
the current laws are interpretted).


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


David While wrote:
> This is really for UK people:
>
> What are people's thoughts about the use of quaratining messages which
> then need to be manually viewed by someone other than the intended
> recipient?
>
> Is this legal under the RIP act?
>
> --------------------------------------------
> David While BSc CEng MBCS CITP
> Technical Development Manager
> School of Computing & Information
> University of Central England
> Tel: 0121 331 6211
> --------------------------------------------
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 10:59:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: RIP act
Message-ID: <mailman.2110.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:17 17/09/2004, you wrote:
>This is really for UK people:
>
>What are people's thoughts about the use of quaratining messages which
>then need to be manually viewed by someone other than the intended
>recipient?

The best source of information for all of this in the UK is
http://www.jisclegal.ac.uk/publicationspage.htm

It is written primarily for educational institutions, but it is all very
good reading.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From howard at HARPER-ADAMS.AC.UK  Fri Sep 17 11:12:29 2004
From: howard at HARPER-ADAMS.AC.UK (Howard Robinson)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2111.1137101214.24926.mailscanner@lists.mailscanner.info>

Dear all,
My Mailscanner box is struggling and is getting upto its sell by
date - its only a matter of time before it fails.
It looks like I may be able to get hold of a new Dell poweredge
2850 with 1 Xeon 3.2 ghZ processor, 4gb ram, 5x36gb SCSI disks
and red hat enterprise advanced server V3 (with s/w support).
I intend to run latest versions of MailScanner,sendmail, sophos,
Spamassassin & spam cop - possibly a second virus scanner.

Is the version of red hat mention the best bet for this or should I
stick with v9? Dell don't mention SUSE as supported.

Also if I go ahead should I raid 5 all the disks or do what I have with
some MS2000 boxes and raid 0 two disk for the 'system' and raid 5
three disks for the data? The disk space is not critical as currently
the mailscanner box has a single 20gb disk and 512mb Ram.




I'm exited but  is what I plan to do sound?



Regards

Howard Robinson
(Senior Technical Development Officer)
Harper Adams University College
Edgmond
Newport
Shropshire
TF10 8NB UK

E-mail: hrobinson@harper-adams.ac.uk
Tel.  : +44(0)1952 820280 Via switchboard
      : +44(0)1952 815253 Direct line
Fax.  : +44(0)1952 814783
College Web site http://www.harper-adams.ac.uk

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 17 11:13:27 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: RIP act
Message-ID: <mailman.2112.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Prob this one then..


http://www.jisclegal.ac.uk/pdfs/eMonitoring_FE.pdf

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Julian Field wrote:
> At 10:17 17/09/2004, you wrote:
>
>> This is really for UK people:
>>
>> What are people's thoughts about the use of quaratining messages which
>> then need to be manually viewed by someone other than the intended
>> recipient?
>
>
> The best source of information for all of this in the UK is
> http://www.jisclegal.ac.uk/publicationspage.htm
>
> It is written primarily for educational institutions, but it is all very
> good reading.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dh at UPTIME.AT  Fri Sep 17 11:21:57 2004
From: dh at UPTIME.AT (David HXhn)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2113.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Howard Robinson wrote:

| Dear all,
| My Mailscanner box is struggling and is getting upto its sell by
| date - its only a matter of time before it fails.
| It looks like I may be able to get hold of a new Dell poweredge
| 2850 with 1 Xeon 3.2 ghZ processor, 4gb ram, 5x36gb SCSI disks
<snip>

Personally I would go with IBM xSeries :)

|
| Also if I go ahead should I raid 5 all the disks or do what I have with
| some MS2000 boxes and raid 0 two disk for the 'system' and raid 5
| three disks for the data? The disk space is not critical as currently
| the mailscanner box has a single 20gb disk and 512mb Ram.
|
RAID 5 is not a good choice for a MailServer. There are very long
discussions on that topic in the respecitive Usenet groups so I will
spare you the details. The break down is, that you will have around 50%
writes with a mailserver and RAID 5 scale up well to about 20% writes
versus reads.

Personally I would run a Mailserver using Raid1+0 but that is very
expensive as you will need an enourmous amount of disks and a very good
RAID Controller. RAID 1 is a good choice. A Good RAID controller will
compensate for the technical shortcomings and the security level is
extremely high :)

- -d

|


- --
nee anata wo mitsukete soshite nidoto wasurezu
~      donna ni munega itakutemo soba ni iru no
~                         zutto...zutto...zutto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBSrrFPMoaMn4kKR4RA8CXAJ9vJOQ2Din77XKHY6cD3q1uhT95mwCdFAKW
8jQUWiNKiErfwSONBhKowPI=
=f32r
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From prandal at HEREFORDSHIRE.GOV.UK  Fri Sep 17 11:23:25 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2114.1137101214.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> Dear all,
> My Mailscanner box is struggling and is getting upto its sell
> by date - its only a matter of time before it fails.
> It looks like I may be able to get hold of a new Dell
> poweredge 2850 with 1 Xeon 3.2 ghZ processor, 4gb ram, 5x36gb
> SCSI disks and red hat enterprise advanced server V3 (with
> s/w support).
> I intend to run latest versions of MailScanner,sendmail,
> sophos, Spamassassin & spam cop - possibly a second virus scanner.
>
> Is the version of red hat mention the best bet for this or
> should I stick with v9? Dell don't mention SUSE as supported.
>
> Also if I go ahead should I raid 5 all the disks or do what I
> have with some MS2000 boxes and raid 0 two disk for the
> 'system' and raid 5 three disks for the data? The disk space
> is not critical as currently the mailscanner box has a single 20gb
> disk and 512mb Ram.
>
>
>
>
> I'm exited but  is what I plan to do sound?
>
>
>
> Regards
>
> Howard Robinson
> (Senior Technical Development Officer)
> Harper Adams University College
> Edgmond
> Newport
> Shropshire
> TF10 8NB UK

Redhat Enterprise 3 should be fine.  We're happily running Fedora Core 1
on a Dell 2650 here.

I'd be tempted to do hardware RAID-5 for everything.  But see the MAQ
(http://www.mailscanner.biz/maq/#optimize) for MailScanner optimisation
tips.

I'd run ClamAV and Bitdefender for Linux as well.

We're handling over 10,000 emails a day on a lower spec'd box without
any problems.

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 11:30:18 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2115.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:23 17/09/2004, you wrote:
>MailScanner mailing list wrote:
> > Dear all,
> > My Mailscanner box is struggling and is getting upto its sell
> > by date - its only a matter of time before it fails.
> > It looks like I may be able to get hold of a new Dell
> > poweredge 2850 with 1 Xeon 3.2 ghZ processor, 4gb ram, 5x36gb
> > SCSI disks and red hat enterprise advanced server V3 (with
> > s/w support).
> > I intend to run latest versions of MailScanner,sendmail,
> > sophos, Spamassassin & spam cop - possibly a second virus scanner.
> >
> > Is the version of red hat mention the best bet for this or
> > should I stick with v9? Dell don't mention SUSE as supported.

Seeing as you can get RedHat V3 for $50, I would definitely recommend it.
You don't get phone support for $50 but you get everything else. RedHat
call it their "Academic Server" but it's the same product as the enterprise
server.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 17 11:31:29 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2116.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Howard

this is a little OT, but hwta extra rules are you running on the SA? If
you are running big/midevil this is probably where the performance has
gone. Setup surbl.org and the spamcop_uri plugin and you'll get the
performance back.

I also reject any unknown users at the MTA so I don't get DDOS'ed by all
the spam/virus engines using old or non-existant addresses to try and
sell/infect me their stuff.

back on topic

You don't mention how many messages to need to process...

Also why the RAID/lots of disks.

For me I'd run a couple of boxes with *maybe* a single RAID 1 set. The
you can load balance them by using the same value MX record. That way if
one box dies, you've still got the other one, and more protection and a
fancy RAID setup

Unless of course this machine merely falls into your lap as it's a spare:-)

In which case running a RAID 5 setup with 3 disks doesn't give brilliant
I/O performance, even with hardware RAID help. BUT if you can live with
aa 3 disk RAID 5 then I'd RAID1 the system disks as if you RAID 0 then
you are effectively halving the MTBF rather than adding any protection.

Just my 2pence worth..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Howard Robinson wrote:
> Dear all,
> My Mailscanner box is struggling and is getting upto its sell by
> date - its only a matter of time before it fails.
> It looks like I may be able to get hold of a new Dell poweredge
> 2850 with 1 Xeon 3.2 ghZ processor, 4gb ram, 5x36gb SCSI disks
> and red hat enterprise advanced server V3 (with s/w support).
> I intend to run latest versions of MailScanner,sendmail, sophos,
> Spamassassin & spam cop - possibly a second virus scanner.
>
> Is the version of red hat mention the best bet for this or should I
> stick with v9? Dell don't mention SUSE as supported.
>
> Also if I go ahead should I raid 5 all the disks or do what I have with
> some MS2000 boxes and raid 0 two disk for the 'system' and raid 5
> three disks for the data? The disk space is not critical as currently
> the mailscanner box has a single 20gb disk and 512mb Ram.
>
>
>
>
> I'm exited but  is what I plan to do sound?
>
>
>
> Regards
>
> Howard Robinson
> (Senior Technical Development Officer)
> Harper Adams University College
> Edgmond
> Newport
> Shropshire
> TF10 8NB UK
>
> E-mail: hrobinson@harper-adams.ac.uk
> Tel.  : +44(0)1952 820280 Via switchboard
>       : +44(0)1952 815253 Direct line
> Fax.  : +44(0)1952 814783
> College Web site http://www.harper-adams.ac.uk
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From sylvain.phaneuf at IMSU.OXFORD.AC.UK  Fri Sep 17 11:54:36 2004
From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf)
Date: Thu Jan 12 21:26:54 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2117.1137101214.24926.mailscanner@lists.mailscanner.info>

Has someone answered that question yet? I had a look at the archives and
can't find it.

What's the difference between install.sh and install.tar-fns.sh ?

 Thanks in advance

Sylvain



>>> rzewnickie@RFA.ORG 08/09/2004 22:42:31 >>>
On Wed, Sep 08, 2004 at 10:35:50PM +0100, Julian Field wrote:
> At 21:14 08/09/2004, you wrote:
> >what's the difference between:
> >install.rpm-fns.sh  and INSTALL-rpm.sh
> INSTALL-rpm.sh is designed for RPM-based installations and consists
solely
> of RPM packages.
> >install.tar-fns.sh and INSTALL-tar.sh
> INSTALL-tar.sh is designed for non-RPM systems and builds everything
from
> source, not using RPMs at all.

but, I think the OP was asking what's the difference between the -fns
versions and the others.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Sep 17 11:58:21 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:54 2006
Subject: New server spec.
Message-ID: <mailman.2118.1137101214.24926.mailscanner@lists.mailscanner.info>

> Seeing as you can get RedHat V3 for $50, I would definitely recommend
> it. You don't get phone support for $50 but you get everything
> else. RedHat call it their "Academic Server" but it's the
> same product as the enterprise server.

Or go with Whitebox, Tao or Centos

They'll cost you even less :)

The thing to watch out for is RAID cards. If they are very new you may run
into problems

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 12:09:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2119.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The install.tar-fns.sh and install.rpm-fns.sh files are the library of
functions that the main install scripts use. Don't run them.

At 11:54 17/09/2004, you wrote:
>Has someone answered that question yet? I had a look at the archives and
>can't find it.
>
>What's the difference between install.sh and install.tar-fns.sh ?
>
> >>> rzewnickie@RFA.ORG 08/09/2004 22:42:31 >>>
>On Wed, Sep 08, 2004 at 10:35:50PM +0100, Julian Field wrote:
> > At 21:14 08/09/2004, you wrote:
> > >what's the difference between:
> > >install.rpm-fns.sh  and INSTALL-rpm.sh
> > INSTALL-rpm.sh is designed for RPM-based installations and consists
>solely
> > of RPM packages.
> > >install.tar-fns.sh and INSTALL-tar.sh
> > INSTALL-tar.sh is designed for non-RPM systems and builds everything
>from
> > source, not using RPMs at all.
>
>but, I think the OP was asking what's the difference between the -fns
>versions and the others.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From faraz.khan at inboxbiz.com  Fri Sep 17 12:23:04 2004
From: faraz.khan at inboxbiz.com (Faraz Khan)
Date: Thu Jan 12 21:26:54 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2120.1137101214.24926.mailscanner@lists.mailscanner.info>

Julian when do you think the new MIME-tools would be available for download?
I'm anxious- I really like my end signature :(

thanks!
On Fri 17/09/'04 12:41 pm, Julian Field wrote:
> The new version of MIME-tools has this all built in. You don't need to
> patch anything.
> I have been working on this with Martin and a couple of other folks for the
> past few weeks.
>
> At 22:48 16/09/2004, you wrote:
> >I picked out the file: QuotedPrint.pm and copied it over the existing file
> >in:
> >/usr/lib/perl5/site_perl/5.6.1/MIME/Decoder/QuotedPrint.pm
> >ofcourse then launch the command: service MailScanner restart
> >And it worked perfectly. This is a piece out of the file with the code.
> >
> >BUT CAUTION ....in the next update of MailScanner the Mime-tools are being
> >updated there is a chance that this will overwrite your newly installed
> >QuotedPrint.pm.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Faraz Khan
Busines Development Manager
Enterprise Solutions
Inbox Business Technologies (Pvt.) Ltd.
111-551-551
faraz.khan@inboxbiz.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Fri Sep 17 13:44:18 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:54 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2121.1137101214.24926.mailscanner@lists.mailscanner.info>

>>> rich@MAIL.WVNET.EDU 09/16/04 10:31AM >>>
Matt Kehler wrote:

>>>>mailscanner@ECS.SOTON.AC.UK 09/16/04 09:15AM >>>
>>>>
>>>>
>At 14:26 16/09/2004, you wrote:
>
>
>>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>>server's maillog never shows anything pertaining to RBL whatsoever.
>>Everything else seems to work fine.
>>
>>
>
Fixed? Maybe...

Either way, I think I'm on the right path.   I tried to put the RBL directly into sendmail to ensure that it was working there..it wasn't. No errors, just couldn't even see it trying.  Huh? So I took a closer look at my sendmail.mc file... I ended up taking OUT the below line, and now RBL checking works from within sendmail.  But I still don't see MailScanner trying to do RBL's.  Or will it only display a RBL line from within the MailScanner logging if it was *rejected*?  In that case, its most likely fixed; I'll just take the RBL out of sendmail.mc and rebuilt/restart.  Hopefully then I'll see MS start doing the checks.

##  took this out!!!
Other DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')  

Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 14:16:18 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2122.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
They are already. You need to install the latest beta of MailScanner.

At 12:23 17/09/2004, you wrote:
>Julian when do you think the new MIME-tools would be available for download?
>I'm anxious- I really like my end signature :(
>
>thanks!
>On Fri 17/09/'04 12:41 pm, Julian Field wrote:
> > The new version of MIME-tools has this all built in. You don't need to
> > patch anything.
> > I have been working on this with Martin and a couple of other folks for the
> > past few weeks.
> >
> > At 22:48 16/09/2004, you wrote:
> > >I picked out the file: QuotedPrint.pm and copied it over the existing file
> > >in:
> > >/usr/lib/perl5/site_perl/5.6.1/MIME/Decoder/QuotedPrint.pm
> > >ofcourse then launch the command: service MailScanner restart
> > >And it worked perfectly. This is a piece out of the file with the code.
> > >
> > >BUT CAUTION ....in the next update of MailScanner the Mime-tools are being
> > >updated there is a chance that this will overwrite your newly installed
> > >QuotedPrint.pm.
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> > Buy the MailScanner book at www.MailScanner.info/store
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>--
>Faraz Khan
>Busines Development Manager
>Enterprise Solutions
>Inbox Business Technologies (Pvt.) Ltd.
>111-551-551
>faraz.khan@inboxbiz.com
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 17 15:03:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:54 2006
Subject: Fwd: Serious Privilege Escalation Vulnerability in McAfee
    VirusScan (fwd)
Message-ID: <mailman.2123.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
McAfee: gun in pocket. BANG! Ouch! There goes the other foot....

>An error in the programming for McAfee VirusScan can provide privilege
>escalation for normal users logged in interactively to a workstation.
>
>It has been initially tested on McAfee VirusScan version 4.5.1 running on
>Windows 2000 Professional and Windows XP Professional.
>
>You can exploit the vulnerability very easily!
>
>The problem specifically exists because SYSTEM privileges are not
>dropped when accessing the "System Scan" properties from the System
>Tray applet. The vulnerability can be exploited by right-clicking the
>System Tray icon, choosing "Properties", selecting "System Scan",
>then, from the "Report" tab, selecting "Browse...". The opened file
>selected can be abused by navigating to C:\WINDOWS\SYSTEM32\,
>right-clicking cmd.exe, then selecting "Open"; doing so spawns a
>command shell with SYSTEM privileges.
>
>Also it is reported the same problems can occur in version 7.1.0 and 8.0.0
>but I have yet to test these fully in a locked down environment.
>
>So far I have established you can do portbinds but not run a command
>prompt.
>
>Do a new task, for a example "Update" and choose a program to run after
>the task, set this task to run with a schedule, after this task is done
>the chosen program is running with SYSTEM privileges.
>
>Quite a serious hole for the machines running on campus with local access
>restrictions. You need to be able to create a new task though, so limited
>access via passwords could be possible!
>
>This is not remotely exploitable.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From massctrl at SKYNET.BE  Fri Sep 17 15:30:33 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:26:54 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2124.1137101214.24926.mailscanner@lists.mailscanner.info>

Hi all,

Are there some people who want to share the specs of their hardware running
MS and what quantities of mail they are processing?

Thanks in advance

J

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 17 17:35:35 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:54 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2125.1137101214.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
 From the MAQ

http://www.mailscanner.biz/maq/#examples


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


J wrote:
> Hi all,
>
> Are there some people who want to share the specs of their hardware running
> MS and what quantities of mail they are processing?
>
> Thanks in advance
>
> J
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From tonioli at gmail.com  Fri Sep 17 18:14:14 2004
From: tonioli at gmail.com (Felipe Tonioli)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2126.1137101214.24926.mailscanner@lists.mailscanner.info>

taking a ride on that... i run mine in a P III 500 with 256 of ram...

if i stop mailscanner for a while and start again what causes a
"flood" of 20 messages (well, that stop and restart time means about 1
hour) i get a lot of spamassassim time out... that time out occurs in
others case too.

in the normal opperations, everything works fine.

what i need upgrade ? ram ? processor ? i'm running mysql to catch the
logs too in the same machine.


On Fri, 17 Sep 2004 17:35:35 +0100, Martin Hepworth
<martinh@solid-state-logic.com> wrote:
> From the MAQ
>
> http://www.mailscanner.biz/maq/#examples
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>
> J wrote:
> > Hi all,
> >
> > Are there some people who want to share the specs of their hardware running
> > MS and what quantities of mail they are processing?
> >
> > Thanks in advance
> >
> > J
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>



--
Felipe Tonioli

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Fri Sep 17 18:16:40 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:55 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2127.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ok I added all those rules....

Let see what happens now....

:)

Rob....



----- Original Message -----
From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, September 17, 2004 10:42 AM
Subject: Re: Damm mortage and software spam


> Rob,
>
>        It's there: http://www.rulesemporium.com/rules.htm
>        There should be rules for OEM software over there. Read the
> description.
>
>        I first tested it by downloading all the rules (except the
> bigevil). Some of them are overly aggresive. Sending an attachment using a
> IncrediMail will make it spam. (some of our customers like using
> IncrediMail, their html and stuff can't be flagged as spam in my
> scenario).
>
>        I have narrowed it down to using:
> GetRules
> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
> GetRules "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
> GetRules "http://www.emtinc.net/includes/backhair.cf";
> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
> GetRules "http://www.emtinc.net/includes/weeds.cf";
>
>
> Thanks,
> ------------------------
> Rob Robin
> Network Analyst
> Green Apple, Inc.
> 740-653-9890
> rrobin@greenapple.com
> www.greenapple.com
> Internet access, hosting and development solutions since 1995.
>
>
> -----Original Message-----
> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
> Sent: Wednesday, September 15, 2004 10:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Damm mortage and software spam
>
>
> I do not see these rules on www.rulesemporium.com   where are they?
>
> And after I added rules from www.rulesemporium.com  I still get these
> irritating emails with subject "your meeting on"
>
> and it has just a graphic and a remove link
>
> URGH!
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Steve Mason" <smlists@SHAW.CA>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Wednesday, September 15, 2004 9:49 AM
> Subject: Re: Damm mortage and software spam
>
>
>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>> software messages.
>> I haven't seen any mortgage messages  yet...
>>
>> Steve
>>
>>>I keep getting spam from mortgage and software sales.....
>>>Anyone have a tip for not letting these guys through?
>>>I can send headers, but last 2 times I did my email never got through to
>>>the list, I >guess cuz the mail server thought it was spam..
>>
>>>Rob....
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jrudd at UCSC.EDU  Fri Sep 17 18:20:14 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2128.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sep 17, 2004, at 7:30 AM, J wrote:

> Are there some people who want to share the specs of their hardware
> running
> MS and what quantities of mail they are processing?

4 solaris 8 boxes:

    2 sunblade 150's with 1.5 gigs of ram, arranged with pairs of disks
being mirrored in disk suite.

    2 sunfire v150's with 1.5 gigs of ram, arranged with pairs of disks
being mirrored in disk suite.

They're all behind a cisco content switch, but we used to do DNS round
robin for them.

We scan around 200k-300k messages per day, sometimes a little less,
sometimes a little more.

In the near future we expect to upgrade these machines.  I've asked for
4 sunfire v220's (with more ram, dual processors, faster processors,
etc. ... and probably still all mirrored in disk suite, but probably
moving the mailscanner directories off to our BlueArc file server,
which is blindingly fast).  The other thing we plan to do in the future
to impact our capacity is that we're contemplating adding the SBL and
XBL to sendmail (blocking those messages at SMTP time instead of just
marking in spamassassin), and adding in the greet_delay as well.
That'll reduce the amount of traffic that gets through to mailscanner's
queues, reducing that latency.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From krausem at gmail.com  Fri Sep 17 18:41:53 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:55 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2129.1137101215.24926.mailscanner@lists.mailscanner.info>

What is the easiest way to blacklist an entire server?  Thanks.


--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Fri Sep 17 18:44:54 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2130.1137101215.24926.mailscanner@lists.mailscanner.info>

A little background.  To be upfront, I'm a novice user with MailScanner
and all things Linux, so be warned (please be gentle).  I've been a
windows administrator and developer for close to 10 years, working
onsite at MS.  I've recently made the jump to using open source/Linux in
my side business hosting domains, email and web apps on a set of windows
servers sitting in a local datacenter.  The first thing I'm putting into
production is a MailScanner setup.

The machine is a P3 933mhz, 386Meg ram running Fedora2, Postix,
Mailscanner, Spamassassin, ClamAV, Razor, MTRG.  When the machine is
dropped in the datacenter it'll be in front of an Imail server currently
hosting about 80 domains and 500 email addresses.  The volume is light
to moderate.  It'll start by doing virus scans on all email, and spam
filtering for only few domains.

For the last week I've been running the machine in my home on a cable
connection, filtering email for a personal domain.  I'm doing that
mainly to get comfortable with running it, trying out different
settings, etc.  If something breaks, it only effects me for the moment.

So far, everything has been going surprisingly well, I should have tuned
out the anti-open source propaganda much sooner!  There are 2 minor
issues I cant seem to find a solution for by searching the faqs,
archives, google, etc.  I also have a nagging question about postfix and
MS, below.

First, MTRG.  I just installed MTRG and the MailScanner - MTRG package
last night and it seems to be working partially.  You can see the output
at http://greg.blastzone.com for now.  Some graphs have output, others
don't.  For example, the 'Mail Relayed Daily Graph' isn't showing any
mail, but there is mail going through.  Other graphs are correctly
showing the spam and virii being filtered.  Can anyone point me in the
direction of some troubleshooting info for the MailScanner MTRG stuff,
or is there any info I can provide to answer questions on what might be
broken?

The other issue is Bayes filtering in spam assassin.  I've run about
1200 ham and 1700 spam messages through sa-learn, and when I run
'spamassassin -D -lint' it says the bayes database is there and happy.
However, in /var/log/maillog where I have spam logging through
mailscanner turned on to full so I see all the spamassassin rules that
trigger, I don't see any bayes rules ever hit.  I see other things,
including Razor rules in SA after installing razor last night, but still
no bayes stuff.  I've gone through all the faqs on checking if
spamassassin is working, its bayes stuff, etc, but cant seem to get it
to work.  From the command line everything appears like the bayes
filtering is ok, but it never seems to hit through mailscanner.

My nagging question is about using postfix and mailscanner.  I've seen
the posts on forums from the postfix people saying mailscanner is bad,
DON'T use it with postfix, etc.  I've also seen responses from
MailScanner people saying that was only the case in earlier versions, it
works fine now, no problems, etc.  Can anyone give me a final word on
that issue?  Is it ok?  I'm comfortable with postfix and would like to
stick with that, but if its not stable I'll get up to speed on sendmail
and make the switch.

Thank you for your patience with this recent Linux convert, and any help
you can provide.

Greg Deputy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Sep 17 18:46:35 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:55 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2131.1137101215.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-17 at 10:41 -0700, Matt Krause wrote:
> What is the easiest way to blacklist an entire server?  Thanks.

Blacklist the IP and hostname, but if it has multiple IPs you would need
to know them
It's probably easier to do it via iptables rather than letting it even
get to the MTA or MS

--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Sep 17 18:48:28 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2132.1137101215.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-17 at 14:14 -0300, Felipe Tonioli wrote:
> taking a ride on that... i run mine in a P III 500 with 256 of ram...
>
> if i stop mailscanner for a while and start again what causes a
> "flood" of 20 messages (well, that stop and restart time means about 1
> hour) i get a lot of spamassassim time out... that time out occurs in
> others case too.
>
> in the normal opperations, everything works fine.
>
> what i need upgrade ? ram ? processor ? i'm running mysql to catch the
> logs too in the same machine.
>

Have you had a look at some of the optimisation tips in the MAQ?
>
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From krausem at gmail.com  Fri Sep 17 18:52:42 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:55 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2133.1137101215.24926.mailscanner@lists.mailscanner.info>

So what if that server hostname hosts multiple mail domain names and I
want to blacklist the entire dns domain name?  I thought the
*@server.you.want was only for mail domain names?  Thanks.


On Fri, 17 Sep 2004 18:46:35 +0100, Michele Neylon : Blacknight
Solutions <michele@blacknightsolutions.com> wrote:
> On Fri, 2004-09-17 at 10:41 -0700, Matt Krause wrote:
> > What is the easiest way to blacklist an entire server?  Thanks.
>
> Blacklist the IP and hostname, but if it has multiple IPs you would need
> to know them
> It's probably easier to do it via iptables rather than letting it even
> get to the MTA or MS
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> http://www.blacknight.ie
> 059 9137101
>
>



--
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin_Miller at CI.JUNEAU.AK.US  Fri Sep 17 19:25:00 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:55 2006
Subject: MailScanner: Buy The Book!
Message-ID: <mailman.2134.1137101215.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> Yes, you read it right, there is now a MailScanner book.
>
snip

Um, can I wait for the movie? <g>

(Actually I ordered it this morning - looking forward to reading through
it.)

S'later...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wright at CYBERVALE.COM  Fri Sep 17 19:26:26 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:26:55 2006
Subject: Fw: Install-ClamAV-SA3 failed
Message-ID: <mailman.2135.1137101215.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Firstly, I survived hurricane Ivan here in Jamaica and have been under
severe pressure to restore normality. Don't u guys just envy me?
 
Felipe, that didn't work. I grabbed the files from Dag's site and did the
clam by hand. I installed the devel, the db and clam itself. I then tried
the install --noclam and it "Attempt[ed] to build and install
perl-Mail-ClamAV-0.11-1". The error messages are similar to what I posted
before I did "./INSTALL-rpm.sh --noclam > ./install.log" the results are
attached.

 
      You need to install clamav-devel
 
Felipe Tonioli 
 
       
Hey Guys,
 
I'm preparing a box to be used as a mail gateway. I've
installed redHat 9, postfix-2.1.4, MailScanner-4.33.3-1 all
were working fine. Then I tried the Install-Clam-SA by doing
'./INSTALL-rpm.sh' and got the error below:
 
 
Starting "make" Stage
make[1]: Entering directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.8.0/ExtUtils/typemap   ClamAV.xs >
ClamAV.xsc && mv ClamAV.xsc ClamAV.c
gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11
-I/usr/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBUGGING -fno-strict-aliasing -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-I/usr/include/gdbm -O2 -march=i386 -mcpu=i686 -g  
-DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"  
ClamAV.c
ClamAV.xs:11:20: clamav.h: No such file or directory
ClamAV.xs:19: field `limits' has incomplete type
ClamAV.xs:20: field `st' has incomplete type
ClamAV.xs:24: confused by earlier errors, bailing out
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
 
 
 
A problem was encountered while attempting to compile and
install your Inline
C code. The command that failed was:
  make
 
The build directory was:
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV
 
To debug the problem, cd to the build directory, and inspect
the output files.
 
 at
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm
line 159
BEGIN failed--compilation aborted at
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm
line 447.
Compilation failed in require.
BEGIN failed--compilation aborted.
make: *** [ClamAV.inl] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.73585 (%build)
 

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.73585 (%build)
 
 
 
Missing file
/usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.
Maybe it did not build correctly?
*
* This Could Be A Problem. Press Ctrl-S Now!!
 
what should I look for in the build directory? I have also
attached the output of the installation from as far back as
the session would allow.
 
 
 
MailScanner -v output:
 
This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.33.3
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
2.12    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
missing Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV
missing Net::DNS
 
 
So as to not include too much info let me await a reply.
 
Any deas where the problem lies?
 
Thanks Guys

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "install.log")  16KB. ]
    [ Unable to print this part. ]


From sailer at BNL.GOV  Fri Sep 17 19:40:45 2004
From: sailer at BNL.GOV (Tim Sailer)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2136.1137101215.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 17, 2004 at 10:44:54AM -0700, Greg Deputy wrote:
> A little background.  To be upfront, I'm a novice user with MailScanner
> and all things Linux, so be warned (please be gentle).  I've been a

Welcome to Open Source. "We're Gentle."

> windows administrator and developer for close to 10 years, working
> onsite at MS.  I've recently made the jump to using open source/Linux in

It's about time! Walk towards the light! :)

> my side business hosting domains, email and web apps on a set of windows
> servers sitting in a local datacenter.  The first thing I'm putting into
> production is a MailScanner setup.
>
> The machine is a P3 933mhz, 386Meg ram running Fedora2, Postix,
> Mailscanner, Spamassassin, ClamAV, Razor, MTRG.  When the machine is
> dropped in the datacenter it'll be in front of an Imail server currently
> hosting about 80 domains and 500 email addresses.  The volume is light
> to moderate.  It'll start by doing virus scans on all email, and spam
> filtering for only few domains.

Shouldn't be a problem.

> For the last week I've been running the machine in my home on a cable
> connection, filtering email for a personal domain.  I'm doing that
> mainly to get comfortable with running it, trying out different
> settings, etc.  If something breaks, it only effects me for the moment.

Smart move. I use my home systems for the proving ground, before I
break something that will affect thousands of users. You tend to live
longer that way.

> So far, everything has been going surprisingly well, I should have tuned
> out the anti-open source propaganda much sooner!  There are 2 minor

(no comment, as much as I want to)

> issues I cant seem to find a solution for by searching the faqs,
> archives, google, etc.  I also have a nagging question about postfix and
> MS, below.

[clip mrtg]
I din't run mrtg for Mailscanner, so I'm no help.

> The other issue is Bayes filtering in spam assassin.  I've run about
> 1200 ham and 1700 spam messages through sa-learn, and when I run
> 'spamassassin -D -lint' it says the bayes database is there and happy.
> However, in /var/log/maillog where I have spam logging through
> mailscanner turned on to full so I see all the spamassassin rules that
> trigger, I don't see any bayes rules ever hit.  I see other things,
> including Razor rules in SA after installing razor last night, but still
> no bayes stuff.  I've gone through all the faqs on checking if
> spamassassin is working, its bayes stuff, etc, but cant seem to get it
> to work.  From the command line everything appears like the bayes
> filtering is ok, but it never seems to hit through mailscanner.

Is MailScanner an SA both looking in the same place for the files?
Doublecheck.

> My nagging question is about using postfix and mailscanner.  I've seen
> the posts on forums from the postfix people saying mailscanner is bad,
> DON'T use it with postfix, etc.  I've also seen responses from
> MailScanner people saying that was only the case in earlier versions, it
> works fine now, no problems, etc.  Can anyone give me a final word on
> that issue?  Is it ok?  I'm comfortable with postfix and would like to
> stick with that, but if its not stable I'll get up to speed on sendmail
> and make the switch.

I'm a long-time user of Exim for my commercial stuff (speed under load
issues, let's not start a war over this), but at home I'm using postfix
and MailScanner. The way Julian has written here:
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml

worked straight up for me, not counting the RH-isms, as I run Debian. It's
fast, sensible, and just works.

Tim

--
Tim Sailer <sailer@bnl.gov>
Information and Special Technologies Program
Office of CounterIntelligence
Brookhaven National Laboratory  (631) 344-3001

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Fri Sep 17 19:56:37 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2137.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greg Deputy wrote:

><Snip>
>
>First, MTRG.  I just installed MTRG and the MailScanner - MTRG package
>last night and it seems to be working partially.  You can see the output
>at http://greg.blastzone.com for now.  Some graphs have output, others
>don't.  For example, the 'Mail Relayed Daily Graph' isn't showing any
>mail, but there is mail going through.  Other graphs are correctly
>showing the spam and virii being filtered.  Can anyone point me in the
>direction of some troubleshooting info for the MailScanner MTRG stuff,
>or is there any info I can provide to answer questions on what might be
>broken?
>
>
>
 From memory the MailScanner MRTG package is designed to work with
Sendmail so not all the reports 'work'

>The other issue is Bayes filtering in spam assassin.  I've run about
>1200 ham and 1700 spam messages through sa-learn, and when I run
>'spamassassin -D -lint' it says the bayes database is there and happy.
>However, in /var/log/maillog where I have spam logging through
>mailscanner turned on to full so I see all the spamassassin rules that
>trigger, I don't see any bayes rules ever hit.  I see other things,
>including Razor rules in SA after installing razor last night, but still
>no bayes stuff.  I've gone through all the faqs on checking if
>spamassassin is working, its bayes stuff, etc, but cant seem to get it
>to work.  From the command line everything appears like the bayes
>filtering is ok, but it never seems to hit through mailscanner.
>
>
>
Check the permissions of the bayes_* files. They must be rw by the
postfix user

>My nagging question is about using postfix and mailscanner.  I've seen
>the posts on forums from the postfix people saying mailscanner is bad,
>DON'T use it with postfix, etc.  I've also seen responses from
>MailScanner people saying that was only the case in earlier versions, it
>works fine now, no problems, etc.  Can anyone give me a final word on
>that issue?  Is it ok?  I'm comfortable with postfix and would like to
>stick with that, but if its not stable I'll get up to speed on sendmail
>and make the switch.
>
>
>
Providing you have set up MailScanner with Postfix using the 'Hold
queue' method (as described) then you shouldn't have any problems.
Search the archives you will see this has been covered before (Some more
emotionally than others ;-) )

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From paul at PEEL.COM  Fri Sep 17 20:03:11 2004
From: paul at PEEL.COM (Paul Rabinowitz)
Date: Thu Jan 12 21:26:55 2006
Subject: Archive Mail Problem
Message-ID: <mailman.2138.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
hi,

I am having trouble with the archive mail option...

what format are these in?

how do I read these archive files? they appear to be clear text with no
carrage returns...

mutt -f 8991CDFA49 does not work...

how do I forward a message w/ attachement to someone?

for instance:
sendmail -toi paul@peel.com < 8991CDFA49
does not work!

------
in my conf file i have the following line:

Archive Mail = /var/spool/MailScanner/archive

so when I do an ls on that dir I get:

email1:/var/spool/MailScanner/archive# ls
20040831  20040903  20040906  20040909  20040912  20040915
20040901  20040904  20040907  20040910  20040913  20040916
20040902  20040905  20040908  20040911  20040914  20040917

which is peachy.

these are the archived messages:

email1:/var/spool/MailScanner/archive/20040915# ls
0006ADFA89  263E0DFA79  51690DFA89  7934CDFA79  A6764DFA3E  CDA27DFA89
00108DFA87  26EB1DFA36  51813DFA7B  79686DFA87  A6789DFA2A  CDEA9DFA89
008D5DFA89  2788BDFA79  51B0CDFA87  79A3CDFB93  A67FBDFA24  CE09FDFB2A
00DD0DFB2A  27913DFC67  52351DFA87  79B33DFCCE  A6D28DFA53  CE37BDFA79
00E61DFC80  27CB3DFA50  5248DDFA5F  79BB0DFCED  A74A8DFAA9  CE704DFA46
00F86DFA87  28014DFA2B  52527DFA89  7A420DFA79  A75D0DFA89  CE921DFBC4
01138DFA37  28138DFAA9  52B8FDFAA9  7A816DFA79  A7726DFC82  CEC24DFA7C
0195FDF9EB  2861FDFA87  52CB3DFA9A  7B190DFA87  A7886DFA46  CED31DFA8D
019F8DFB83  288A2DFCE4  5304DDFA87  7B263DFA54  A7AA1DFA79  CEDF3DFA54
01D48DFA51  2A020DFA36  53F2EDFA4C  7B33BDFA9A  A7AA5DFA2A  CF8C4DFA36
01E07DFA0D  2A22CDFA10  54010DFA87  7B41CDFA7C  A7CFBDFC6A  CFF78DFA87

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From edu at ICARUS.COM.BR  Fri Sep 17 20:16:38 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:26:55 2006
Subject: Problem with rebuild package
Message-ID: <mailman.2139.1137101215.24926.mailscanner@lists.mailscanner.info>

 Hi,
 I rebuild the mailscanner package from .src.

 When I tried install the rebuilded package this menssagem was shown.

 root@prompt#rpm -ivh mailscanner-4.33.3-1.noarch.rpm
 error: Failed dependencies:
         perl(MailScanner::MCPMessage) is needed by mailscanner-4.33.3-1

 If I use --force ou --nodeps the package install with no problems.


 Some ideia?

 Tnx.

 Ed

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rzewnickie at RFA.ORG  Fri Sep 17 20:27:51 2004
From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki)
Date: Thu Jan 12 21:26:55 2006
Subject: mcafee autoupdate
Message-ID: <mailman.2140.1137101215.24926.mailscanner@lists.mailscanner.info>

On Fri, Sep 17, 2004 at 08:40:19AM +0100, Julian Field wrote:
> At 21:21 16/09/2004, you wrote:
> >Ugh. I see that if I were using update_virus_scanners this wouldn't have
> >happened since that script checks virus.scanners.conf and calls each
> >autoupdate script with the ${PACKAGEDIR} it pulls out of the .conf file
> >as a commanline argument.
> >I guess that's what I get for being different.
> >I suppose it is not recommended to use the individual autoupdate
> >scripts, but is it necessarily wrong to do so?
> The recommended route is update_virus_scanners as that will do it
> correctly. You are welcome to call the individual scripts directly if you
> want to (I can't stop you), but if I need to change the command-line
> arguments in the future for some reason, you are inviting trouble.

Yup. I have realised the error of my ways and now conform to the
recommended path.

-Eric Rz.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Fri Sep 17 20:35:26 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2141.1137101215.24926.mailscanner@lists.mailscanner.info>

> anyone point
> >me in the direction of some troubleshooting info for the MailScanner
> >MTRG stuff, or is there any info I can provide to answer
> questions on
> >what might be broken?
> >
> >
> >
>  From memory the MailScanner MRTG package is designed to work
> with Sendmail so not all the reports 'work'
>

Ok, that explains it, thanks.  Is there any way to get it to work with
postfix, or should I just look for a MTRG package/configuration that
does postix?

> >spamassassin is working, its bayes stuff, etc, but cant seem
> to get it
> >to work.  From the command line everything appears like the bayes
> >filtering is ok, but it never seems to hit through mailscanner.
> >
> >
> >
> Check the permissions of the bayes_* files. They must be rw
> by the postfix user
>

Ok, trying that.  Yup, files are not permissioned correctly.  Fixed,
waiting to see if it works now.

>
> >
> >
> Providing you have set up MailScanner with Postfix using the
> 'Hold queue' method (as described) then you shouldn't have
> any problems. Search the archives you will see this has been
> covered before (Some more emotionally than others ;-) )
>

I set it up as Tim referenced at the page

 http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml

Is that the 'hold queue' method you refer to?


Thanks for the help!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Fri Sep 17 20:39:43 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:55 2006
Subject: bouncing mail
Message-ID: <mailman.2142.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

My postmaster would like the bounced messages to look like the 
spam-identified messages: the error report followed by the long SA 
report (now working), and then the original email in an attachment.

Could this be done?

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From greg at BLASTZONE.COM  Fri Sep 17 20:56:42 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:55 2006
Subject: Mailscanner with postfix,
     seeing lots of 'hashed queue' errors in /var/log/maillog
Message-ID: <mailman.2143.1137101215.24926.mailscanner@lists.mailscanner.info>

I'm getting a lot of these sorts of error messages in /var/log/maillog.
I'm running postfix with mailscanner, SA, razor, clamav.  Am I doing
something wrong?  It is working, filtering email, but the errors below
worry me:


Sep 17 12:26:02 mx MailScanner[13756]: Messages found but no hashed
queue directories. Please enable hashed queues for incoming and deferred
with a depth of 1 or 2. See the Postfix documentation for
hash_queue_names and hash_queue_depth
Sep 17 12:26:07 mx MailScanner[13757]: Messages found but no hashed
queue directories. Please enable hashed queues for incoming and deferred
with a depth of 1 or 2. See the Postfix documentation for
hash_queue_names and hash_queue_depth
Sep 17 12:26:07 mx MailScanner[13755]: Messages found but no hashed
queue directories. Please enable hashed queues for incoming and deferred
with a depth of 1 or 2. See the Postfix documentation for
hash_queue_names and hash_queue_depth
Sep 17 12:26:07 mx MailScanner[13756]: Messages found but no hashed
queue directories. Please enable hashed queues for incoming and deferred
with a depth of 1 or 2. See the Postfix documentation for
hash_queue_names and hash_queue_depth

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Fri Sep 17 20:59:52 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2144.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Greg Deputy wrote:
<blockquote cite="mid058101c49ced$7b9d8700$14140a0a@greg" type="cite">
  <blockquote type="cite">
    <pre wrap="">anyone point
    </pre>
    <blockquote type="cite">
      <pre wrap="">me in the direction of some troubleshooting info for the MailScanner
MTRG stuff, or is there any info I can provide to answer
      </pre>
    </blockquote>
    <pre wrap="">questions on
    </pre>
    <blockquote type="cite">
      <pre wrap="">what might be broken?



      </pre>
    </blockquote>
    <pre wrap=""> From memory the MailScanner MRTG package is designed to work
with Sendmail so not all the reports 'work'

    </pre>
  </blockquote>
  <pre wrap=""><!---->
Ok, that explains it, thanks.  Is there any way to get it to work with
postfix, or should I just look for a MTRG package/configuration that
does postix?
  </pre>
</blockquote>
As I say, 'from memory' (And I suspect that is flawed as on further
thinking I may be getting confused with Vispan) I don't and haven't
used MRTG to monitor MailScanner. It ought to be possible. Looking at
the README file in the source it should be possible to get some form of
output. If I get time I'll have a look further, unless Kevin himself is
able to comment <span class="moz-smiley-s1"><span> :-) </span></span><br>
<blockquote cite="mid058101c49ced$7b9d8700$14140a0a@greg" type="cite">
  <pre wrap="">
  </pre>
  <blockquote type="cite">
    <blockquote type="cite">
      <pre wrap="">spamassassin is working, its bayes stuff, etc, but cant seem
      </pre>
    </blockquote>
    <pre wrap="">to get it
    </pre>
    <blockquote type="cite">
      <pre wrap="">to work.  From the command line everything appears like the bayes
filtering is ok, but it never seems to hit through mailscanner.



      </pre>
    </blockquote>
    <pre wrap="">Check the permissions of the bayes_* files. They must be rw
by the postfix user

    </pre>
  </blockquote>
  <pre wrap=""><!---->
Ok, trying that.  Yup, files are not permissioned correctly.  Fixed,
waiting to see if it works now.
  </pre>
</blockquote>
<blockquote cite="mid058101c49ced$7b9d8700$14140a0a@greg" type="cite">
  <pre wrap="">
  </pre>
  <blockquote type="cite">
    <blockquote type="cite">
      <pre wrap="">
      </pre>
    </blockquote>
    <pre wrap="">Providing you have set up MailScanner with Postfix using the
'Hold queue' method (as described) then you shouldn't have
any problems. Search the archives you will see this has been
covered before (Some more emotionally than others ;-) )

    </pre>
  </blockquote>
  <pre wrap=""><!---->
I set it up as Tim referenced at the page

 <a class="moz-txt-link-freetext" href="http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml">http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml</a>

Is that the 'hold queue' method you refer to?
  </pre>
</blockquote>
Yes!<br>
<blockquote cite="mid058101c49ced$7b9d8700$14140a0a@greg" type="cite">
  <pre wrap="">

Thanks for the help!
  </pre>
</blockquote>
No problems<br>
<br>
Drew<br>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From drew at THEMARSHALLS.CO.UK  Fri Sep 17 21:02:33 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:55 2006
Subject: Mailscanner with postfix,
     seeing lots of 'hashed queue' errors in /var/log/maillog
Message-ID: <mailman.2145.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greg Deputy wrote:

>I'm getting a lot of these sorts of error messages in /var/log/maillog.
>I'm running postfix with mailscanner, SA, razor, clamav.  Am I doing
>something wrong?  It is working, filtering email, but the errors below
>worry me:
>
>
>Sep 17 12:26:02 mx MailScanner[13756]: Messages found but no hashed
>queue directories. Please enable hashed queues for incoming and deferred
>with a depth of 1 or 2. See the Postfix documentation for
>hash_queue_names and hash_queue_depth
>
>
<Snipped>
You have a Razor.log file in /var/spool/postfix. Remove it and these
will go. Then search the archive for this error, it's been discussed
before. You will then find what you have to add to
spam.assassin.prefs.conf to stop Razor logging to the Postfix queue
directory.

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jmarc1 at jemconsult.biz  Sat Sep 18 02:16:48 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:26:55 2006
Subject: New to group Compilation problems on RHEL 3.0
Message-ID: <mailman.2146.1137101215.24926.mailscanner@lists.mailscanner.info>

Hello Everyone,

First thanks for any help I'm about tho recieve. I've been reading the
documentation for this all day for integration into Postfix, Spamassassin and
clamav. I have configured all the proper files and installed via the rpm method.
However I get the following error when trying to start the service:

[root@srv01 BUILD]# service MailScanner start
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:       Can't locate Archive/Zip.pm in @INC (@INC contains:
/usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5
/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/sit
e_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linu
x-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/
lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScan
ner) at /usr/lib/MailScanner/MailScanner/Message.pm line 46.
BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm
 line 46.
Compilation failed in require at /usr/sbin/MailScanner line 52.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
                                                           [  OK  ]

When a service MailScanner status is given, it is not running? Thank goodness
that my postfix is still running.

>From what I can tell it's the perl module Archive::Zip
(perl-Archive-Zip-1.13-1.src.rpm). The install.sh rpm didn't appear to work
during the build so I figured that I would do it from the src tarball (via the
make) which gave an error about the pod2man command (couldn't be found) but was
in /usr/bin. This confused me a bit as it was already included in the PATH
already??? The perl Makefile.PL worked fine but the Makefile didn't look so
good. when I tried to issue the make command I recieved errors. I looked at the
Makefile and found what looked like parts of lines, some lines containing a
single quote at the beginning or end of a statement (like a path statement),
etc. It appeared like syntax errors in the file but I don't know what's valid
and what's not. I looked on the archives and could not find anything that
specifically answers this.

Thanks,
james

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marco at MUW.EDU  Sat Sep 18 02:44:42 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:55 2006
Subject: New to group Compilation problems on RHEL 3.0
Message-ID: <mailman.2147.1137101215.24926.mailscanner@lists.mailscanner.info>

Hi,

Quoting James Marcinek <jmarc1@jemconsult.biz>:

> make) which gave an error about the pod2man command (couldn't be found) but
> was in /usr/bin. This confused me a bit as it was already included in the
> PATH already???

I think your problem is with the infamous Redhat issue discussed here:

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/121.html

Follow the page above and the pod2man issue will go away. Re-run install.sh
again, or install Archive::Zip from CPAN and everything should be fine.

Hope this helps
Marco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Sat Sep 18 03:50:48 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2148.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
  > So far, everything has been going surprisingly well, I should have tuned
> out the anti-open source propaganda much sooner!  There are 2 minor
> issues I cant seem to find a solution for by searching the faqs,
> archives, google, etc.  I also have a nagging question about postfix and
> MS, below.

Have you read the MAQ page?  (URL below), the MailScanner Manual?
(www.fsl.com/support) or the MailScanner Book?  I think you should go
through the MAQ and the manual before putting your machine into production.
>
> First, MTRG.  I just installed MTRG and the MailScanner - MTRG package
>
> The other issue is Bayes filtering in spam assassin.  I've run about
> 1200 ham and 1700 spam messages through sa-learn, and when I run
> 'spamassassin -D -lint' it says the bayes database is there and happy.
> However, in /var/log/maillog where I have spam logging through
> mailscanner turned on to full so I see all the spamassassin rules that
> trigger, I don't see any bayes rules ever hit.  I see other things,
> including Razor rules in SA after installing razor last night, but still
> no bayes stuff.  I've gone through all the faqs on checking if
> spamassassin is working, its bayes stuff, etc, but cant seem to get it
> to work.  From the command line everything appears like the bayes
> filtering is ok, but it never seems to hit through mailscanner.

The correct way of testing spamassassin when used in conjuction with
MailScanner is different from what you did.

You can

1- Enable Debug Spamasssin in MailScanner.conf, set Debug to on, restart
MailScanner and see the output.

2- More simply, use the correct parameter for spamassin (-p).  Search
"lint" in the MAQ.

Hope this helps.

Welcome :) !

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Sat Sep 18 03:53:59 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use?
Message-ID: <mailman.2149.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Felipe Tonioli wrote:

> taking a ride on that... i run mine in a P III 500 with 256 of ram...
>
> if i stop mailscanner for a while and start again what causes a
> "flood" of 20 messages (well, that stop and restart time means about 1
> hour) i get a lot of spamassassim time out... that time out occurs in
> others case too.
>
> in the normal opperations, everything works fine.
>
> what i need upgrade ? ram ? processor ? i'm running mysql to catch the
> logs too in the same machine.
>
I remeber having answered that in the past.  You can probably find that
by searching for "vmstat" in the MAQ (and maybe my name).

But here are the useful tools (on RH linux...)

vmstat
free
top
enable speed loggingg
sar reports...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greg at BLASTZONE.COM  Sat Sep 18 06:10:37 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2150.1137101215.24926.mailscanner@lists.mailscanner.info>

Thanks for the pointers, I'm still working on the bayes issue.

And don't worry.  I am reading all I can find online, and may grab the
book too.  Like I said, the box is currently running at my house on only
my personal domain, and once it moves to the datacenter in a week or so
it'll still only do my stuff for a while.  I wont be switching it on for
all my domains until I'm darn ready to.  :)

Greg Deputy

[snip]
>
> Have you read the MAQ page?  (URL below), the MailScanner Manual?
> (www.fsl.com/support) or the MailScanner Book?  I think you
> should go through the MAQ and the manual before putting your
> machine into production.
> >
[snip]
>
> The correct way of testing spamassassin when used in
> conjuction with MailScanner is different from what you did.
>
> You can
>
> 1- Enable Debug Spamasssin in MailScanner.conf, set Debug to
> on, restart MailScanner and see the output.
>
> 2- More simply, use the correct parameter for spamassin (-p).
>  Search "lint" in the MAQ.
>
> Hope this helps.
>
> Welcome :) !
>
> Ugo
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kmganesh at OPENCOMPT.COM  Sat Sep 18 10:47:18 2004
From: kmganesh at OPENCOMPT.COM (KM Ganesh)
Date: Thu Jan 12 21:26:55 2006
Subject: Mcafee license question
Message-ID: <mailman.2151.1137101215.24926.mailscanner@lists.mailscanner.info>

> You can use Clam (think you did already) and Bitdefender for free. And
> CA eTrust is licensed per server, not per user, it's very cheap. Check
> it out.

Kaspersky Antivirus for OpenProtect also comes in a special per server per
year license.

cheers,
Ganesh, KM.
--
Opencomputing Technologies | http://openprotect.com
Complete Server Side E-Mail Protection

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 13:43:20 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2152.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:35 17/09/2004, you wrote:
> > >spamassassin is working, its bayes stuff, etc, but cant seem
> > to get it
> > >to work.  From the command line everything appears like the bayes
> > >filtering is ok, but it never seems to hit through mailscanner.
> > >
> > >
> > >
> > Check the permissions of the bayes_* files. They must be rw
> > by the postfix user
> >
>
>Ok, trying that.  Yup, files are not permissioned correctly.  Fixed,
>waiting to see if it works now.

Not only do the permissions need to be right, you need to be sure you are
using the right bayes* files in the first place. When MailScanner is
running as the user "postfix", the bayes* files need to be in the
.spamassassin directory inside the user postfix's home directory.

When you are running the spamassassin script manually (or sa-learn) you are
probably running as root, not as postfix, am I right? In that case, all
your learning effort will be in the .spamassassin directory of root's home,
not of postfix's home. You might well need to move your bayes* files into
the right place (i.e. off postfix, not off root).
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 13:46:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: Archive Mail Problem
Message-ID: <mailman.2153.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You are using Postfix and are storing the quarantine files as raw queue files.
These files can be thrown into a Postfix queue, or read with the postcat
command.
If you want plain text quarantine messages, stop saving them as raw queue
files. Look for "Raw" in MailScanner.conf.

At 20:03 17/09/2004, you wrote:
>I am having trouble with the archive mail option...
>
>what format are these in?
>
>how do I read these archive files? they appear to be clear text with no
>carrage returns...
>
>mutt -f 8991CDFA49 does not work...
>
>how do I forward a message w/ attachement to someone?
>
>for instance:
>sendmail -toi paul@peel.com < 8991CDFA49
>does not work!
>
>------
>in my conf file i have the following line:
>
>Archive Mail = /var/spool/MailScanner/archive
>
>so when I do an ls on that dir I get:
>
>email1:/var/spool/MailScanner/archive# ls
>20040902  20040905  20040908  20040911  20040914  20040917
>
>which is peachy.
>
>these are the archived messages:
>
>email1:/var/spool/MailScanner/archive/20040915# ls
>0006ADFA89  263E0DFA79  51690DFA89  7934CDFA79  A6764DFA3E  CDA27DFA89

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 14:03:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: bouncing mail
Message-ID: <mailman.2154.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It's not easy. But I will take a look.

At 20:39 17/09/2004, you wrote:
>Julian,
>
>My postmaster would like the bounced messages to look like the
>spam-identified messages: the error report followed by the long SA report
>(now working), and then the original email in an attachment.
>
>Could this be done?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Sep 18 14:52:42 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:55 2006
Subject: Abuse headers
Message-ID: <mailman.2155.1137101215.24926.mailscanner@lists.mailscanner.info>

This is probably very easy to do, but my brain is a bit slow today :)

What would be the best way of adding X-abuse headers into all mail outgoing
and incoming?

M

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 16:00:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: bouncing mail
Message-ID: <mailman.2156.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Okay. It's done.

There are now 2 extra options:
         Bounce Spam As Attachment
         Bounce MCP As Attachment

The maximum amount of the original message included in the bounce is the
"Max SpamAssassin Size" setting. It needs an upper limit so that it cannot
be used as a denial-of-service attack against the From address in the
original spam message. If it was a genuine message that was mis-tagged as
being spam, this should be quite enough for the original sender to see what
message got bounced.

Do you want a new beta with this included?

At 14:03 18/09/2004, you wrote:
>It's not easy. But I will take a look.
>
>At 20:39 17/09/2004, you wrote:
>>Julian,
>>
>>My postmaster would like the bounced messages to look like the
>>spam-identified messages: the error report followed by the long SA report
>>(now working), and then the original email in an attachment.
>>
>>Could this be done?
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 16:00:56 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: Abuse headers
Message-ID: <mailman.2157.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:52 18/09/2004, you wrote:
>What would be the best way of adding X-abuse headers into all mail outgoing
>and incoming?

In your MTA's settings for what headers to include.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Sep 18 16:53:42 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:55 2006
Subject: Abuse headers
Message-ID: <mailman.2158.1137101215.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> At 14:52 18/09/2004, you wrote:
>> What would be the best way of adding X-abuse headers into all mail
>> outgoing and incoming?
I was afraid you'd say that :)


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jmarc1 at jemconsult.biz  Sat Sep 18 18:45:55 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:26:55 2006
Subject: New to group Compilation problems on RHEL 3.0
Message-ID: <mailman.2159.1137101215.24926.mailscanner@lists.mailscanner.info>

By the way I never configured spamassassin to work with postfix. Do I still need
to do this or will this now be configured by MailScanner?

Thanks,

james

&quot;James Marcinek&quot; &lt;jmarc1@jemconsult.biz&gt; wrote:
> Hello Everyone,
>
> First thanks for any help I'm about tho recieve. I've been reading the
> documentation for this all day for integration into Postfix, Spamassassin and
> clamav. I have configured all the proper files and installed via the rpm
method.
> However I get the following error when trying to start the service:
>
> [root@srv01 BUILD]# service MailScanner start
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:       Can't locate Archive/Zip.pm in @INC (@INC
contains:
> /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi
/usr/lib/perl5
> /5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/sit
> e_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.0/i386-linu
> x-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/
> lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .
/usr/lib/MailScan
> ner) at /usr/lib/MailScanner/MailScanner/Message.pm line 46.
> BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/Message.pm
>  line 46.
> Compilation failed in require at /usr/sbin/MailScanner line 52.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 52.
>                                                            [  OK  ]
>
> When a service MailScanner status is given, it is not running? Thank goodness
> that my postfix is still running.
>
> From what I can tell it's the perl module Archive::Zip
> (perl-Archive-Zip-1.13-1.src.rpm). The install.sh rpm didn't appear to work
> during the build so I figured that I would do it from the src tarball (via the
> make) which gave an error about the pod2man command (couldn't be found) but
was
> in /usr/bin. This confused me a bit as it was already included in the PATH
> already??? The perl Makefile.PL worked fine but the Makefile didn't look so
> good. when I tried to issue the make command I recieved errors. I looked at
the
> Makefile and found what looked like parts of lines, some lines containing a
> single quote at the beginning or end of a statement (like a path statement),
> etc. It appeared like syntax errors in the file but I don't know what's valid
> and what's not. I looked on the archives and could not find anything that
> specifically answers this.
>
> Thanks,
> james
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From paul at PEEL.COM  Sat Sep 18 18:47:57 2004
From: paul at PEEL.COM (Paul Rabinowitz)
Date: Thu Jan 12 21:26:55 2006
Subject: Archive Mail Problem
Message-ID: <mailman.2160.1137101215.24926.mailscanner@lists.mailscanner.info>

thankx julian!

> You are using Postfix and are storing the quarantine files as raw queue
> files.
> These files can be thrown into a Postfix queue, or read with the postcat
> command.
> If you want plain text quarantine messages, stop saving them as raw queue
> files. Look for "Raw" in MailScanner.conf.
>
> At 20:03 17/09/2004, you wrote:
>>I am having trouble with the archive mail option...
>>
>>what format are these in?
>>
>>how do I read these archive files? they appear to be clear text with no
>>carrage returns...
>>
>>mutt -f 8991CDFA49 does not work...
>>
>>how do I forward a message w/ attachement to someone?
>>
>>for instance:
>>sendmail -toi paul@peel.com < 8991CDFA49
>>does not work!
>>
>>------
>>in my conf file i have the following line:
>>
>>Archive Mail = /var/spool/MailScanner/archive
>>
>>so when I do an ls on that dir I get:
>>
>>email1:/var/spool/MailScanner/archive# ls
>>20040902  20040905  20040908  20040911  20040914  20040917
>>
>>which is peachy.
>>
>>these are the archived messages:
>>
>>email1:/var/spool/MailScanner/archive/20040915# ls
>>0006ADFA89  263E0DFA79  51690DFA89  7934CDFA79  A6764DFA3E  CDA27DFA89
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 19:19:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: Beta 4.34.4 released
Message-ID: <mailman.2161.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released a new unstable/beta release 4.34.4.

The new additions are the options
        Bounce Spam As Attachment
        Bounce MCP As Attachment

The spam bouncing option is for those who have pointy-haired bosses who
insist on bouncing spam, especially when it claimed to come from one of the
business partners or important customers.

The MCP bouncing option might be rather more useful for those using MCP a
lot, as the person who sent the message will get to see exactly which
message of theirs was bounced, as previously they would only have seen the
subject line.

The maximum size of the content taken from the original message is limited
by the "Max SpamAssassin Size" setting. Yes, that sounds a bit random, you
are quite right, but it happened to be at hand at the time :-) If you don't
like it, I can create 2 more max size options as well if you like, but the
value is pretty arbitrary.

It just needs to be a sane limit to prevent a denial of service attack
against the site who sent the spam/mcp message that was bounced. Otherwise
you could use this feature to generate huge messages back to the claimed
sender, which they might well let through as they could be made to appear
to come from an important supplier (or business partner) of theirs.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 18 19:21:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: New to group Compilation problems on RHEL 3.0
Message-ID: <mailman.2162.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:45 18/09/2004, you wrote:
>By the way I never configured spamassassin to work with postfix. Do I
>still need
>to do this or will this now be configured by MailScanner?

All you need to do is download SpamAssassin,
         perl Makefile.PL
         make
         make test
         make install
and then set "Use SpamAssassin = yes" in MailScanner.conf. Nothing else is
necessary.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevin at KEVINSPICER.CO.UK  Sat Sep 18 20:21:32 2004
From: kevin at KEVINSPICER.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2163.1137101215.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-17 at 20:59, Drew Marshall wrote:
> > > >    
> > >  From memory the MailScanner MRTG package is designed to work
> > > with Sendmail so not all the reports 'work'
> > > 
> > >     
> > Ok, that explains it, thanks.  Is there any way to get it to work with
> > postfix, or should I just look for a MTRG package/configuration that
> > does postix?
> >   
> As I say, 'from memory' (And I suspect that is flawed as on further
> thinking I may be getting confused with Vispan) I don't and haven't
> used MRTG to monitor MailScanner. It ought to be possible. Looking at
> the README file in the source it should be possible to get some form
> of output. If I get time I'll have a look further, unless Kevin
> himself is able to comment  :-) 

I certainly am.  MSMRTG has been supporting postfix and exim for quite a
while now - in fact it was one of the first new features added when I
started maintaining it (I didn't actually write the postfix stuff
support though, Jesse Lang gets the credit for that).

Have a read through the config file
(/etc/MailScanner/mailscanner-mrtg.conf) and make sure that you have
selected postfix as the MTA and set all the paths to the correct
logfiles.  Looking at your graphs it also looks like you haven't got
snmp set up correctly, take a look at the README.SNMP for some help with
that.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  196bytes. ]
    [ Unable to print this part. ]


From greg at BLASTZONE.COM  Sat Sep 18 20:45:13 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2164.1137101215.24926.mailscanner@lists.mailscanner.info>

Well, heck, for some reason I didn't notice the mailscanner-mrtg.conf
file and its settings in there.  Just switched it for postfix, thanks.
I'm still working on the snmp issues, I'll find that readme.snmp file...

Thanks!

[snip]

> I certainly am.  MSMRTG has been supporting postfix and exim
> for quite a while now - in fact it was one of the first new
> features added when I started maintaining it (I didn't
> actually write the postfix stuff support though, Jesse Lang
> gets the credit for that).
>
> Have a read through the config file
> (/etc/MailScanner/mailscanner-mrtg.conf) and make sure that
> you have selected postfix as the MTA and set all the paths to
> the correct logfiles.  Looking at your graphs it also looks
> like you haven't got snmp set up correctly, take a look at
> the README.SNMP for some help with that.
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From G.Pentland at SOTON.AC.UK  Sun Sep 19 04:17:07 2004
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use? - Also "Should one scan interanlly
    sourced mail for spam?"
Message-ID: <mailman.2165.1137101215.24926.mailscanner@lists.mailscanner.info>

Hi all,

Happy to add to this thread.

For mail from the world coming in...

3 x Dell 2650, 2 Xeons, 4Gb Ram, Redhat Enterprise Linux 3, Sendmail, Mailscanner with Sophos.

These see 300 -> 350 thousand a day and generally have no performance issues at the monent.

Internally...

3 x Dell 2550, 2 Pentium IIIs, 2Gb Ram, Redhat 7.2, Sendmail, Mailscanner Sophos etc...

These see about the same, they are also the smart hosts for outbound mail.  As these only see internally sourced mail they do not currently do spam checks.

All have Mirrored disks on hardware RAID controllers.  I don't use tmpfs as the disks are currently fast enough.  The internal machines also have localhost NIS caches.

This is an example output from one of my log processing scripts, these work on an agregated log from all 6 hosts, there is some double counting for users who have .forward files that cause the mail to move back through the routing servers.

<snip>

Total Mails                 675930
Total Viruses               9413
Total Spam                  175062

Auto-Deleted Spam           11278
Silently Deleted Viruses    2617

Found in MAPS-RBL+          99396
Found in SBL+XBL            106783
Found in DSBL               101026

</snip>

I'd like to ask anyone with an opinion...  Do you think I should scan internally origionating mail for spam?

I work on the assumption that any host sending a significant quantity of mail will be picked by other means and most hosts that do send loads of mail are sending virii not spam.

Hope this of interest and any opinions welcome,

Gary


	-----Original Message----- 
	From: J [mailto:massctrl@SKYNET.BE] 
	Sent: Fri 17/09/2004 15:30 
	To: MAILSCANNER@JISCMAIL.AC.UK 
	Cc: 
	Subject: Which hardware do you use?
	
	

	Hi all,
	
	Are there some people who want to share the specs of their hardware running
	MS and what quantities of mail they are processing?
	
	Thanks in advance
	
	J
	
	------------------------ MailScanner list ------------------------
	To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
	'leave mailscanner' in the body of the email.
	Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
	the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
	

From massctrl at SKYNET.BE  Sun Sep 19 14:20:37 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:26:55 2006
Subject: figures about traffic per domain
Message-ID: <mailman.2166.1137101215.24926.mailscanner@lists.mailscanner.info>

Hi all,

Relaying mail for several domains I want to be able to know exactly how
much mail (in Mb,Kb,..) is processed for each domain.

Does anyone knows any tips,tricks,methods or software for this?

Thanks in advance

J

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From sailer at BNL.GOV  Sun Sep 19 14:42:01 2004
From: sailer at BNL.GOV (Tim Sailer)
Date: Thu Jan 12 21:26:55 2006
Subject: Strange problem
Message-ID: <mailman.2167.1137101215.24926.mailscanner@lists.mailscanner.info>

On one of the commercial machines I manage, they put up a new virtual
host and starting running an auction script. It sends out lots of email
as the web server userid, www-data. (Debian machine running exim3). For
some reason, MailScanner is flagging the locally generated mail as spam,
although I have localhost and the ip of the machine whitelisted.

The Received line shows "Received: from www-data by webhost.com with local (Exim 3.36 #1 (Debian))"

How do I whitelist that?

Tim

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Sun Sep 19 14:58:50 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:55 2006
Subject: bouncing mail
Message-ID: <mailman.2168.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> Okay. It's done.
> 
> There are now 2 extra options:
>         Bounce Spam As Attachment
>         Bounce MCP As Attachment
> 
> The maximum amount of the original message included in the bounce is the
> "Max SpamAssassin Size" setting. It needs an upper limit so that it cannot
> be used as a denial-of-service attack against the From address in the
> original spam message. If it was a genuine message that was mis-tagged as
> being spam, this should be quite enough for the original sender to see what
> message got bounced.
> 
> Do you want a new beta with this included?

Julian, you never cease to amaze me!  Yes, please, do post the beta.  I 
will test it on Monday.

Thanks again!

Denis
-- 
   _
  °v°   Denis Beauchemin, analyste
/(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Sep 19 15:10:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: bouncing mail
Message-ID: <mailman.2169.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:58 19/09/2004, you wrote:
>Julian Field wrote:
>>Okay. It's done.
>>There are now 2 extra options:
>>         Bounce Spam As Attachment
>>         Bounce MCP As Attachment
>>The maximum amount of the original message included in the bounce is the
>>"Max SpamAssassin Size" setting. It needs an upper limit so that it cannot
>>be used as a denial-of-service attack against the From address in the
>>original spam message. If it was a genuine message that was mis-tagged as
>>being spam, this should be quite enough for the original sender to see what
>>message got bounced.
>>Do you want a new beta with this included?
>
>Julian, you never cease to amaze me!  Yes, please, do post the beta.  I
>will test it on Monday.

It's already there. 4.34.4 on the downloads page.


--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Sun Sep 19 15:44:22 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:55 2006
Subject: Strange problem
Message-ID: <mailman.2170.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Tim Sailer wrote:
> On one of the commercial machines I manage, they put up a new virtual
> host and starting running an auction script. It sends out lots of email
> as the web server userid, www-data. (Debian machine running exim3). For
> some reason, MailScanner is flagging the locally generated mail as spam,
> although I have localhost and the ip of the machine whitelisted.
>
> The Received line shows "Received: from www-data by webhost.com with local (Exim 3.36 #1 (Debian))"
>
> How do I whitelist that?

Could you show us the headers or logs of the results?

Thanks,

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Sep 19 19:22:06 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: Heads up
Message-ID: <mailman.2171.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I thought the list might benefit from a copy of a message I sent to the
other members of my Systems Support team at work last weekend. So far
nothing has happened, but the situation has not improved either (another
MyDoom posted again today, which is very unusual for a weekend).

>Just want to give you all a heads-up. The pattern of new virus releases
>over the past few days is very worrying. There have been a little crop of
>MyDoom variants, all of which have been easily stopped. There have also
>been one or two new Bagle variants, which aren't as bad.
>
>This trickle of MyDooms is similar to those seen with other viruses before
>a big hitter.
>
>It is therefore quite possible that there will be a new major virus
>outbreak some time in the near future. There aren't any currently known
>vulnerabilities that I am aware of, but everyone should be on their guard.
>
>Please report any suspicious activity to me a.s.a.p. I will be keeping a
>close eye on virus releases for the next 2 or 3 weeks, but shout loudly
>and quickly if you see something getting through.
>
>I monitor my email pretty much all the time, so should be able to respond
>quickly if something happens.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From maillists at CONACTIVE.COM  Sun Sep 19 19:36:41 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:55 2006
Subject: Strange problem
Message-ID: <mailman.2172.1137101215.24926.mailscanner@lists.mailscanner.info>

Tim Sailer wrote on         Sun, 19 Sep 2004 09:42:01 -0400:

> How do I whitelist that?
>

Tell Exim to put the IP in. (Sorry, I don't know how.)


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Sun Sep 19 19:36:43 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:55 2006
Subject: figures about traffic per domain
Message-ID: <mailman.2173.1137101215.24926.mailscanner@lists.mailscanner.info>

J wrote on         Sun, 19 Sep 2004 14:20:37 +0100:

> Does anyone knows any tips,tricks,methods or software for this?
>

The sendmail logs lists the size of each message. You know this is OT? You 
should ask on a list/group relevant to your mail server.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From maillists at CONACTIVE.COM  Sun Sep 19 19:36:44 2004
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:26:55 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2174.1137101215.24926.mailscanner@lists.mailscanner.info>

Matt Krause wrote on         Fri, 17 Sep 2004 10:52:42 -0700:

> So what if that server hostname hosts multiple mail domain names and I
> want to blacklist the entire dns domain name?  I thought the
> *@server.you.want was only for mail domain names?  Thanks.
>

It's not clear at all what you mean. You can blacklist the name the 
mailserver is using at MTA level. Since usually a machine uses only one 
hostname for this you got it.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jonas.back at pin.se  Sun Sep 19 22:24:47 2004
From: jonas.back at pin.se (Jonas Back)
Date: Thu Jan 12 21:26:55 2006
Subject: SV: Strange corrupted postfix queue file
Message-ID: <mailman.2175.1137101215.24926.mailscanner@lists.mailscanner.info>

Thanx Julian!

Seems like it made the queue more healthy :)

Will the patch go into .34 ?

Cheers,
Jonas

> -----Ursprungligt meddelande-----
> Från: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] För Julian Field
> Skickat: den 14 september 2004 09:44
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: Re: Strange corrupted postfix queue file
> 
> 
> At 23:03 13/09/2004, you wrote:
> >Cheers,
> >
> >I've got Mailscanner 4.33.3-2 and postfix 2.1.4-5 running fine and 
> >working very good. Well.. I thought so anyway.
> >
> >I have now found some corrupted messages in 
> /var/spool/postfix/corrupt
> 
> Please try the attached patch.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' 
> in the body of the email. Before posting, read the MAQ 
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at WEALDCLOSE.CO.UK  Sun Sep 19 23:48:29 2004
From: mailscanner at WEALDCLOSE.CO.UK (Kristian Shaw)
Date: Thu Jan 12 21:26:55 2006
Subject: Which hardware do you use? - Also "Should one scan interanlly
    sourced mail for spam?"
Message-ID: <mailman.2176.1137101215.24926.mailscanner@lists.mailscanner.info>

Hello,

I can't see much reason checking for spam but it perhaps the MCP functions
might be useful to stop offensive content being transmitted internally.

Kris.

----- Original Message -----
From: "Pentland G." <G.Pentland@SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Sunday, September 19, 2004 4:17 AM
Subject: Re: Which hardware do you use? - Also "Should one scan interanlly
sourced mail for spam?"

>
> I'd like to ask anyone with an opinion...  Do you think I should scan
internally origionating mail for spam?
>
> I work on the assumption that any host sending a significant quantity of
mail will be picked by other means and most hosts that do send loads of mail
are sending virii not spam.
>
> Hope this of interest and any opinions welcome,
>
> Gary

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep 20 08:51:48 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:55 2006
Subject: Feature request install-Clam-SA
Message-ID: <mailman.2177.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

For the rpm version there is an option in the install script not to
install clamav.

As the rpm install fails miserably on my RHEL rebuild box (due to a
sheer unendless dependency problem) I install using the tarball version.
I use clamav from rpm however and don't want to overwrite it.

Could we have the --noclam option on the tarball version too?

Thx!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 08:53:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:55 2006
Subject: SV: Strange corrupted postfix queue file
Message-ID: <mailman.2178.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:24 19/09/2004, you wrote:
>Thanx Julian!
>
>Seems like it made the queue more healthy :)
>
>Will the patch go into .34 ?

Yes. It's already in the latest beta, I believe.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Mon Sep 20 08:58:47 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:55 2006
Subject: Feature request install-Clam-SA
Message-ID: <mailman.2179.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Grr, sorry for replying to my own post, I posted to soon. 2 further
questions/issues.

Whenever I re-reun the install script it nicely detects what is installed
or not and simply installs the missing bits, with the exception of one
package.

Checking if your kit is complete...
Looks good
Writing Makefile for Text::Balanced
cp lib/Text/Balanced.pm blib/lib/Text/Balanced.pm
Manifying blib/man3/Text::Balanced.3pm
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/extbrk....ok
t/extcbk....ok
t/extdel....ok
t/extmul....ok
t/extqlk....ok
t/exttag....ok
t/extvar....ok
t/gentag....ok
All tests successful.
Files=8, Tests=552,  0 wallclock secs ( 0.44 cusr +  0.02 csys =  0.46
CPU)
Writing
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Text/Balanced/.packlist
Appending installation info to
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/perllocal.pod


There are no errors in the above yet it keeps installing. Is this intended
behaviour?


Finally, with all the release candidates of SpamAssassing, the install
script only looks at the major version number and doesn't recognize
release candidate versions. Just a remark :)





On Mon, 20 Sep 2004, Remco Barendse wrote:

> Hi!
>
> For the rpm version there is an option in the install script not to
> install clamav.
>
> As the rpm install fails miserably on my RHEL rebuild box (due to a
> sheer unendless dependency problem) I install using the tarball version.
> I use clamav from rpm however and don't want to overwrite it.
>
> Could we have the --noclam option on the tarball version too?
>
> Thx!!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 20 10:25:27 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:55 2006
Subject: Heads up
Message-ID: <mailman.2180.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
<big snip>>
>> It is therefore quite possible that there will be a new major virus
>> outbreak some time in the near future.
>>
<snip>

no change there then....

there will be weather tomorrow, the sun will rise and there's a new
major virus outbreak about to happen...


sorry  - only 1.5 coffees so far this morning and lots of stuff needs
fixing and  I'm on my own for the moment...

big :-)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Mon Sep 20 12:34:30 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:55 2006
Subject: New Guy - Bayes, MS MTRG help please?
Message-ID: <mailman.2181.1137101215.24926.mailscanner@lists.mailscanner.info>

On Sat, September 18, 2004 20:21, Kevin Spicer said:
> I certainly am.  MSMRTG has been supporting postfix and exim for quite a
> while now - in fact it was one of the first new features added when I
> started maintaining it (I didn't actually write the postfix stuff
> support though, Jesse Lang gets the credit for that).

/Pleased to be (And stands!) corrected :-)


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Mon Sep 20 13:23:58 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2182.1137101215.24926.mailscanner@lists.mailscanner.info>

When running Mailscanner (4.24-5) with Spamassassin (2.60), do you have to restart MS when putting rules into /etc/mai/spamassassin, or does it dynamically pick them up?

thanks
Matt




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 20 13:34:12 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2183.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

each of the child processes restarts evrey so often (see setting on 
MailScanner.conf). When it restarts it will pick up the new files.

If you need an immediate pick up of the new/modified rules then you need 
to restart MailScanner.

BTW both MS and SA you have are quite old, and there are issues with MS 
at this version, picking up zip base viruses and a known DOS problem 
with that version of SA.

You might find it worthwhile upgrading both to the lastest stable 
versions (4.32 and 2.64 respectively)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kehler wrote:
> When running Mailscanner (4.24-5) with Spamassassin (2.60), do you have to restart MS when putting rules into /etc/mai/spamassassin, or does it dynamically pick them up?
> 
> thanks
> Matt
> 
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mkehler at WRHA.MB.CA  Mon Sep 20 13:36:26 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2184.1137101215.24926.mailscanner@lists.mailscanner.info>

Thanks Martin.  Is it recommended to update MS or SA first?  Or doesn't it matter?  Best method of upgrading?

thx
Matt

>>> martinh@SOLID-STATE-LOGIC.COM 09/20/04 07:34AM >>>
Matt

each of the child processes restarts evrey so often (see setting on 
MailScanner.conf). When it restarts it will pick up the new files.

If you need an immediate pick up of the new/modified rules then you need 
to restart MailScanner.

BTW both MS and SA you have are quite old, and there are issues with MS 
at this version, picking up zip base viruses and a known DOS problem 
with that version of SA.

You might find it worthwhile upgrading both to the lastest stable 
versions (4.32 and 2.64 respectively)

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kehler wrote:
> When running Mailscanner (4.24-5) with Spamassassin (2.60), do you have to restart MS when putting rules into /etc/mai/spamassassin, or does it dynamically pick them up?
> 
> thanks
> Matt
> 
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Mon Sep 20 13:40:00 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:55 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2185.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I still get those darn emails...

are these spammers good, or is it just by fluke their getting by
mailscanner??

Does anyone else have this issue...

There are usually email for medical stuff and its only a graphic with a
remove link on the bottom of the page
Also the subject always has "meeting  friday at 7-00"

Any help appreciated

Rob....



----- Original Message -----
From: "Rob" <rob@THEHOSTMASTERS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, September 17, 2004 1:16 PM
Subject: Re: Damm mortage and software spam


> Ok I added all those rules....
>
> Let see what happens now....
>
> :)
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Friday, September 17, 2004 10:42 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob,
>>
>>        It's there: http://www.rulesemporium.com/rules.htm
>>        There should be rules for OEM software over there. Read the
>> description.
>>
>>        I first tested it by downloading all the rules (except the
>> bigevil). Some of them are overly aggresive. Sending an attachment using
>> a
>> IncrediMail will make it spam. (some of our customers like using
>> IncrediMail, their html and stuff can't be flagged as spam in my
>> scenario).
>>
>>        I have narrowed it down to using:
>> GetRules
>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>> GetRules
>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>> GetRules "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>
>>
>> Thanks,
>> ------------------------
>> Rob Robin
>> Network Analyst
>> Green Apple, Inc.
>> 740-653-9890
>> rrobin@greenapple.com
>> www.greenapple.com
>> Internet access, hosting and development solutions since 1995.
>>
>>
>> -----Original Message-----
>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>> Sent: Wednesday, September 15, 2004 10:43 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Damm mortage and software spam
>>
>>
>> I do not see these rules on www.rulesemporium.com   where are they?
>>
>> And after I added rules from www.rulesemporium.com  I still get these
>> irritating emails with subject "your meeting on"
>>
>> and it has just a graphic and a remove link
>>
>> URGH!
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Steve Mason" <smlists@SHAW.CA>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Wednesday, September 15, 2004 9:49 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>> software messages.
>>> I haven't seen any mortgage messages  yet...
>>>
>>> Steve
>>>
>>>>I keep getting spam from mortgage and software sales.....
>>>>Anyone have a tip for not letting these guys through?
>>>>I can send headers, but last 2 times I did my email never got through to
>>>>the list, I >guess cuz the mail server thought it was spam..
>>>
>>>>Rob....
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From EGTSWNZXKEEC at SPAMMOTEL.COM  Mon Sep 20 13:42:35 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:55 2006
Subject: ClamAV found Virus but not recognised by Mailscanner
Message-ID: <mailman.2186.1137101215.24926.mailscanner@lists.mailscanner.info>

Hi.

Having the following problem.
Mailscanner 4.33.3.1 with Clamav 0.75.1 installed. When sending a testmail
with a virus Clamav found it but MailScanner says that no infection was
found. Mail.info shows the followin entries:

Sep 20 14:23:16 xxxx MailScanner[22128]: Virus and Content Scanning:
Starting
Sep 20 14:23:16 xxxx MailScanner
[22128]: /mnt/data/spool/MailScanner/incoming/22128/./1C9NCK-0005lp-
UO/message_part2.txt: Worm.SomeFool.Gen-1 FOUND
Sep 20 14:23:16 xxxx MailScanner[22128]: Virus Scanning: ClamAV found 1
infections
Sep 20 14:23:16 xxxx MailScanner[22128]: Virus Scanning: Found 1 viruses
Sep 20 14:23:16 xxxx MailScanner[22128]: Uninfected: Delivered 1 messages

When switching to F-Prot it workstation problem

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 20 13:50:01 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:55 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2187.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob

OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
guys you need...

see their web page for installation instructions...


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> I still get those darn emails...
>
> are these spammers good, or is it just by fluke their getting by
> mailscanner??
>
> Does anyone else have this issue...
>
> There are usually email for medical stuff and its only a graphic with a
> remove link on the bottom of the page
> Also the subject always has "meeting  friday at 7-00"
>
> Any help appreciated
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Rob" <rob@THEHOSTMASTERS.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Friday, September 17, 2004 1:16 PM
> Subject: Re: Damm mortage and software spam
>
>
>> Ok I added all those rules....
>>
>> Let see what happens now....
>>
>> :)
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Friday, September 17, 2004 10:42 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Rob,
>>>
>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>        There should be rules for OEM software over there. Read the
>>> description.
>>>
>>>        I first tested it by downloading all the rules (except the
>>> bigevil). Some of them are overly aggresive. Sending an attachment using
>>> a
>>> IncrediMail will make it spam. (some of our customers like using
>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>> scenario).
>>>
>>>        I have narrowed it down to using:
>>> GetRules
>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>> GetRules
>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>> GetRules "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>
>>>
>>> Thanks,
>>> ------------------------
>>> Rob Robin
>>> Network Analyst
>>> Green Apple, Inc.
>>> 740-653-9890
>>> rrobin@greenapple.com
>>> www.greenapple.com
>>> Internet access, hosting and development solutions since 1995.
>>>
>>>
>>> -----Original Message-----
>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>
>>> And after I added rules from www.rulesemporium.com  I still get these
>>> irritating emails with subject "your meeting on"
>>>
>>> and it has just a graphic and a remove link
>>>
>>> URGH!
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Steve Mason" <smlists@SHAW.CA>
>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>> software messages.
>>>> I haven't seen any mortgage messages  yet...
>>>>
>>>> Steve
>>>>
>>>>> I keep getting spam from mortgage and software sales.....
>>>>> Anyone have a tip for not letting these guys through?
>>>>> I can send headers, but last 2 times I did my email never got
>>>>> through to
>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>
>>>>
>>>>> Rob....
>>>>
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Mon Sep 20 13:51:34 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2188.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

either, but I'd do one at time, and make sure the thing is stable before 
you do the next...

As to method - depends on how you installed MS in the first place...but 
I think there are problem doing the SA from RPM, cpan or source is best.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kehler wrote:
> Thanks Martin.  Is it recommended to update MS or SA first?  Or doesn't it matter?  Best method of upgrading?
> 
> thx
> Matt
> 
> 
>>>>martinh@SOLID-STATE-LOGIC.COM 09/20/04 07:34AM >>>
> 
> Matt
> 
> each of the child processes restarts evrey so often (see setting on 
> MailScanner.conf). When it restarts it will pick up the new files.
> 
> If you need an immediate pick up of the new/modified rules then you need 
> to restart MailScanner.
> 
> BTW both MS and SA you have are quite old, and there are issues with MS 
> at this version, picking up zip base viruses and a known DOS problem 
> with that version of SA.
> 
> You might find it worthwhile upgrading both to the lastest stable 
> versions (4.32 and 2.64 respectively)
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> 
> Matt Kehler wrote:
> 
>>When running Mailscanner (4.24-5) with Spamassassin (2.60), do you have to restart MS when putting rules into /etc/mai/spamassassin, or does it dynamically pick them up?
>>
>>thanks
>>Matt
>>
>>
>>
>>
>>This email and/or any documents in this transmission is intended for the
>>addressee(s) only and may contain legally privileged or confidential
>>information.  Any unauthorized use, disclosure, distribution, copying or
>>dissemination is strictly prohibited.  If you receive this transmission in
>>error, please notify the sender immediately and return the original.
>>
>>Ce courriel et tout document dans cette transmission est destiné à la personne
>>ou aux personnes à qui il est adressé. Il peut contenir des informations
>>privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
>>copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
>>le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
>>et lui remettre l'original.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Mon Sep 20 14:04:23 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:55 2006
Subject: ClamAV found Virus but not recognised by Mailscanner
Message-ID: <mailman.2189.1137101215.24926.mailscanner@lists.mailscanner.info>

> Sep 20 14:23:16 xxxx MailScanner
> [22128]: /mnt/data/spool/MailScanner/incoming/22128/./1C9NCK-0005lp-
> UO/message_part2.txt: Worm.SomeFool.Gen-1 FOUND 
 Do you have any symlinks in that path?  E.g. in mailscanner.conf does
it say  /mnt/data/spool/MailScanner/incoming or is it perhaps
/var/spool/MailScanner/incoming ?  You must use the real path, not a
symlinked one.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 20 14:37:07 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2190.1137101215.24926.mailscanner@lists.mailscanner.info>

> Thanks Martin.  Is it recommended to update MS or SA first?
> Or doesn't it matter?  Best method of upgrading?

It doesn't really matter which order you upgrade in.
While you are at it you should look at adding in the spamcop URI plugin so
you can use SURBL

M




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From EGTSWNZXKEEC at SPAMMOTEL.COM  Mon Sep 20 14:47:34 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:55 2006
Subject: ClamAV found Virus but not recognised by Mailscanner
Message-ID: <mailman.2191.1137101215.24926.mailscanner@lists.mailscanner.info>

>> Do you have any symlinks in that path?

Yes.
Pointing to the real path solves the problem.
Thank's for that hint. I thought that McAffee
was the only one having problems with symlinks.

Regards,
Frank

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Mon Sep 20 15:01:07 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:55 2006
Subject: custom SA rules and MS?
Message-ID: <mailman.2192.1137101215.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 07:36:26 -0500, Matt Kehler <mkehler@wrha.mb.ca> wrote:
> Thanks Martin.  Is it recommended to update MS or SA first?  Or doesn't it matter?  Best method of upgrading?

If you're going to move straight to spamassassin 3, out real soon now,
you'll want to upgrade mailscanner first, as support for spamassassin
3 wasn't added until 4.30.

The MAQ has a section on upgrading here,
http://www.mailscanner.biz/maq/#Howtoupgrade , Personally I prefer to
stop MailScanner before running an upgrade, I just leave the incoming
sendmail running, it shouldn't really matter though, unless one of
your children happens to respawn while you're upgrading.

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From EGTSWNZXKEEC at SPAMMOTEL.COM  Mon Sep 20 15:46:45 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:55 2006
Subject: ClamAV autoupdate fails
Message-ID: <mailman.2193.1137101215.24926.mailscanner@lists.mailscanner.info>

Autoupdate for ClamAV fails.
When calling freshclam directly from the shell I got
the following messages:

ClamAV update process started at Mon Sep 20 16:43:50 2004
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./clamav-6b870e778763be98 to write
open: Permission denied
ERROR: Can't download main.cvd from 212.162.12.159

Any idea what could be wrong ?

Thank's for any hints.
Regards,
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Mon Sep 20 16:19:52 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:55 2006
Subject: RBL checks not being done?
Message-ID: <mailman.2194.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Kehler wrote:
>>>>rich@MAIL.WVNET.EDU 09/16/04 10:31AM >>>
>
> Matt Kehler wrote:
>
>
>>>>>mailscanner@ECS.SOTON.AC.UK 09/16/04 09:15AM >>>
>>>>>
>>>>>
>>At 14:26 16/09/2004, you wrote:
>>
>>
>>
>>>I have 2 seemingly identical servers running MS 4.24-5.  I have Spam List =
>>>ORDB-RBL SBL+XBL in the config for both.  Only one is using it. The other
>>>server's maillog never shows anything pertaining to RBL whatsoever.
>>>Everything else seems to work fine.
>>>
>>>
>>
> Fixed? Maybe...
>
> Either way, I think I'm on the right path.   I tried to put the RBL directly into sendmail to ensure that it was working there..it wasn't. No errors, just couldn't even see it trying.  Huh? So I took a closer look at my sendmail.mc file... I ended up taking OUT the below line, and now RBL checking works from within sendmail.  But I still don't see MailScanner trying to do RBL's.  Or will it only display a RBL line from within the MailScanner logging if it was *rejected*?  In that case, its most likely fixed; I'll just take the RBL out of sendmail.mc and rebuilt/restart.  Hopefully then I'll see MS start doing the checks.
>
> ##  took this out!!!
> Other DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
You just need to remove  the address part like this:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent.bolin at gmail.com  Mon Sep 20 16:22:15 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:55 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2195.1137101215.24926.mailscanner@lists.mailscanner.info>

That is NOT what I want.  Do not want any notifications to go to
receiver or sender, just postmaster.

Notify Senders = no
Still Deliver Silent Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no

I don't see an option for
Notify Receivers = no

btb


On Mon, 20 Sep 2004 16:15:41 +0100, Michele Neylon:: Blacknight
Solutions <michele@blacknightsolutions.com> wrote:
> > Hi All,
> >
> > Thought I had turned all warnings off except to postmaster.
> > I don't want to send notices to either the sender or receiver.
> >
> > # Notify the local system administrators ("Notices To") when
> > any infections # are found?
> > # This can also be the filename of a ruleset.
> > Send Notices = yes
> >
> Change it to
> Send Notices = no
>
> --
> Email scanned by Blacknight for viruses and dangerous content.
> Visit http://www.blacknight.ie for more information
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Mon Sep 20 16:30:33 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:55 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2196.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--Snip
> Rob wrote:
>
>> I still get those darn emails...
>>
>> are these spammers good, or is it just by fluke their getting by
>> mailscanner??
>>
>> Does anyone else have this issue...
>>
--Snip
I think the really "good" spammers are probably spending as much time
testing their crap against some of the best systems out there as we
spend trying to block it! I am starting to think we will never block it
all. I wonder if the indians had this problem with smoke signals!
(Darn snake oil salesmen)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ricardo.canavate at nozar.es  Mon Sep 20 16:45:19 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:55 2006
Subject: SpamAssassin & Bayes?
Message-ID: <mailman.2197.1137101215.24926.mailscanner@lists.mailscanner.info>

How can I set up Bayes with SpamAssassin?

I haven't got great knowledge but I think that it's good to stop the spam.ç

Thanks in advanced.


 Ricardo Luis Cañavate García
Dpto. de Informática
NOZAR Grupo Inmobiliario
Tel: 91 758 96 30 | Fax: 91 559 85 82
www.nozar.es


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Mon Sep 20 16:52:04 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:55 2006
Subject: OT: RBL+ broken?
Message-ID: <mailman.2198.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Gang,
    I noticed that yesterday's blockage at our site due to our
usage of RBL+ dropped from its usual 7000+ messages/per day down to
17.  Upon investigation, I found that the zone file that has
been transferring from them for RBL+ is now very small (11KB).
I've attempted to contact them without success so far.  Anybody
know what is going on with RBL+?

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Mon Sep 20 16:52:44 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:55 2006
Subject: ClamAV found Virus but not recognised by Mailscanner
Message-ID: <mailman.2199.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Frank wrote:

>Hi.
>
>Having the following problem.
>Mailscanner 4.33.3.1 with Clamav 0.75.1 installed. When sending a testmail
>with a virus Clamav found it but MailScanner says that no infection was
>found. Mail.info shows the followin entries:
>
>
>[22128]: /mnt/data/spool/MailScanner/incoming/22128/./1C9NCK-0005lp-
>UO/message_part2.txt: Worm.SomeFool.Gen-1 FOUND
>
>
>Sep 20 14:23:16 xxxx MailScanner[22128]: Virus Scanning: Found 1 viruses
>
>
>Sep 20 14:23:16 xxxx MailScanner[22128]: Uninfected: Delivered 1 messages
>
>
What exactly to you mean?  The first entry is ClamAV's notice of the
virus.  The second entry is MailScanner's notice that a virus was
found.  The third entry is MailScanner's notice that the cleaned (virus
removed and replaced with Attachment-Warning) message was delivered.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Mon Sep 20 17:02:44 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:55 2006
Subject: OT: RBL+ broken?
Message-ID: <mailman.2200.1137101215.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:52 AM 9/20/2004, Jeff A. Earickson wrote:
>Gang,
>     I noticed that yesterday's blockage at our site due to our
>usage of RBL+ dropped from its usual 7000+ messages/per day down to
>17.  Upon investigation, I found that the zone file that has
>been transferring from them for RBL+ is now very small (11KB).
>I've attempted to contact them without success so far.  Anybody
>know what is going on with RBL+?

No idea.. They were bought out in August. Perhaps they decided to drop the
"free for .edu's" policy?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ricardo.canavate at nozar.es  Mon Sep 20 17:07:54 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2201.1137101215.24926.mailscanner@lists.mailscanner.info>

Hi, I'm trying to test my box with rar files and this is the output of the
maillog.

Sep 17 14:44:18 servnozar MailScanner[25544]: Virus and Content Scanning:
Starting
Sep 17 14:44:21 servnozar MailScanner[25557]: New Batch: Found 2 messages
waiting
Sep 17 14:44:21 servnozar MailScanner[25557]: New Batch: Scanning 1
messages, 7175 bytes
Sep 17 14:44:23 servnozar MailScanner[25544]: ProcessClamAVOutput: RAR
module failure.
Sep 17 14:44:24 servnozar MailScanner[25544]: ProcessClamAVOutput: RAR
module failure.
Sep 17 14:44:24 servnozar MailScanner[25544]: UNRAR 3.40 beta 1 freeware
Copyright (c) 1993-2004 Alexander Roshal
Sep 17 14:44:24 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.40 beta 1 freeware      Copyright (c) 1993-2004
Alexander Roshal". Please contact the authors!
Sep 17 14:44:24 servnozar MailScanner[25544]: Extracting from
/tmp/clamav-55e0785da9cbc2a9/Connectix_Virtual_Game_Station_1.4.1_Windows_XP
.rar
Sep 17 14:44:25 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting from
/tmp/clamav-55e0785da9cbc2a9/Connectix_Virtual_Game_Station_1.4.1_Windows_XP
.rar". Please contact the authors!
Sep 17 14:44:25 servnozar MailScanner[25544]: Extracting  Connectix VGS Read
Me.txt                                    ^H^H^H^H  0%^H^H^H^H^H  OK
Sep 17 14:44:25 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  Connectix VGS Read Me.txt
^H^H^H^H  0%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:25 servnozar MailScanner[25544]: Extracting  Connectix VGS.exe
^H^H^H^H  2%^H^H^H^H  4%^H^H^H^H  6%^H^H^H^H  8%^H^H^H^H 10%^H^H^H^H
13%^H^H^H^H 15%^H^H^H^H 17%^H^H^H^H 19%^H^H^H^H 21%^H^H^H^H 23%^H^H^H^H
26%^H^H^H^H 28%^H^H^H^H 30%^H^H^H^H 32%^H^H^H^H 34%^H^H^H^H 36%^H^H^H^H
38%^H^H^H^H 41%^H^H^H^H 43%^H^H^H^H 45%^H^H^H^H 47%^H^H^H^H 49%^H^H^H^H
51%^H^H^H^H 52%^H^H^H^H^H  OK
Sep 17 14:44:25 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  Connectix VGS.exe
^H^H^H^H  2%^H^H^H^H  4%^H^H^H^H  6%^H^H^H^H  8%^H^H^H^H 10%^H^H^H^H
13%^H^H^H^H 15%^H^H^H^H 17%^H^H^H^H 19%^H^H^H^H 21%^H^H^H^H 23%^H^H^H^H
26%^H^H^H^H 28%^H^H^H^H 30%^H^H^H^H 32%^H^H^H^H 34%^H^H^H^H 36%^H^H^H^H
38%^H^H^H^H 41%^H^H^H^H 43%^H^H^H^H 45%^H^H^H^H 47%^H^H^H^H 49%^H^H^H^H
51%^H^H^H^H 52%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:25 servnozar MailScanner[25544]: Extracting  cvgs_nt.dll
^H^H^H^H 52%^H^H^H^H^H  OK
Sep 17 14:44:25 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  cvgs_nt.dll
^H^H^H^H 52%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:26 servnozar MailScanner[25544]: Extracting  ddvgs.dll
^H^H^H^H 53%^H^H^H^H^H  OK
Sep 17 14:44:26 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  ddvgs.dll
^H^H^H^H 53%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:26 servnozar MailScanner[25544]: Extracting  readme.txt
^H^H^H^H 53%^H^H^H^H^H  OK
Sep 17 14:44:26 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  readme.txt
^H^H^H^H 53%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:26 servnozar MailScanner[25544]: Extracting  vgs.reg
^H^H^H^H 53%^H^H^H^H^H  OK
Sep 17 14:44:26 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  vgs.reg
^H^H^H^H 53%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:27 servnozar MailScanner[25544]: Extracting
VGSVideoPatchXP.exe                                          ^H^H^H^H
55%^H^H^H^H^H  OK
Sep 17 14:44:27 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  VGSVideoPatchXP.exe
^H^H^H^H 55%^H^H^H^H^H  OK ". Please contact the authors!
Sep 17 14:44:27 servnozar MailScanner[25544]: Extracting  Connectix VGS
1.4.ex$                                        ^H^H^H^H 57%^H^H^H^H
60%^H^H^H^H 62%^H^H^H^H 64%^H^H^H^H 66%^H^H^H^H 68%^H^H^H^H 70%^H^H^H^H
73%^H^H^H^H 75%^H^H^H^H 77%^H^H^H^H 79%^H^H^H^H 81%^H^H^H^H 83%^H^H^H^H
85%^H^H^H^H 88%^H^H^H^H 90%^H^H^H^H 92%^H^H^H^H 94%^H^H^H^H 96%^H^H^H^H
98%^H^H^H^H 99%^H^H^H^H^H  OK
Sep 17 14:44:27 servnozar MailScanner[25544]: ProcessClamAVOutput:
unrecognised line "Extracting  Connectix VGS 1.4.ex$
^H^H^H^H 57%^H^H^H^H 60%^H^H^H^H 62%^H^H^H^H 64%^H^H^H^H 66%^H^H^H^H
68%^H^H^H^H 70%^H^H^H^H 73%^H^H^H^H 75%^H^H^H^H 77%^H^H^H^H 79%^H^H^H^H
81%^H^H^H^H 83%^H^H^H^H 85%^H^H^H^H 88%^H^H^H^H 90%^H^H^H^H 92%^H^H^H^H
94%^H^H^H^H 96%^H^H^H^H 98%^H^H^H^H 99%^H^H^H^H^H  OK ". Please contact the
authors!
Sep 17 14:44:29 servnozar MailScanner[25557]: Virus and Content Scanning:
Starting
Sep 17 14:44:37 servnozar MailScanner[25544]: Uninfected: Delivered 1
messages

Thanks for all your help.


 Ricardo Luis Cañavate García
Dpto. de Informática
NOZAR Grupo Inmobiliario
Tel: 91 758 96 30 | Fax: 91 559 85 82
www.nozar.es


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Mon Sep 20 17:12:49 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:56 2006
Subject: OT: RBL+ broken?
Message-ID: <mailman.2202.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jeff A. Earickson wrote:

> Gang,
>    I noticed that yesterday's blockage at our site due to our
> usage of RBL+ dropped from its usual 7000+ messages/per day down to
> 17.  Upon investigation, I found that the zone file that has
> been transferring from them for RBL+ is now very small (11KB).
> I've attempted to contact them without success so far.  Anybody
> know what is going on with RBL+?
>
> Jeff Earickson
> Colby College

My last transfer of RBL+ was 10:10 Mountain time.  Much bigger than 11KB:

    -rw-r--r--   1 root     root     80836666 Sep 20 10:10
rbl-plus.mail-abuse.org

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent.bolin at gmail.com  Mon Sep 20 17:18:13 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:56 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2203.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 10:10:53 -0600, Dustin Baer <dustin.baer@ihs.com> wrote:
>
>
> BB wrote:
>
> >Hi All,
> >
> >Thought I had turned all warnings off except to postmaster.  I don't
> >want to send notices to either the sender or receiver.
> >
> ># Notify the local system administrators ("Notices To") when any infections
> ># are found?
> ># This can also be the filename of a ruleset.
> >Send Notices = yes
> >
> >Receivers are still getting warnings.  I think it only sends warnings
> >on file attachments -
> >
> Try this:
>
> # Still deliver (after cleaning) messages that contained viruses listed
> # in the above option ("Silent Viruses") to the recipient?
> # Setting this to "yes" is good when you are testing everything, and
> # because it shows management that MailScanner is protecting them,
> # but it is bad because they have to filter/delete all the incoming virus
> # warnings.
> #
> # Note: Once you have deployed this into "production" use, you should set
> # Note: this option to "no" so you don't bombard thousands of people with
> # Note: useless messages they don't want!
> #
> # This can also be the filename of a ruleset.
> Still Deliver Silent Viruses = no
>
> Dustin

Its already set to this

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Mon Sep 20 17:21:02 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2204.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> module failure.
> Sep 17 14:44:24 servnozar MailScanner[25544]: UNRAR 3.40 beta 1 freeware
> Copyright (c) 1993-2004 Alexander Roshal
> Sep 17 14:44:24 servnozar MailScanner[25544]: ProcessClamAVOutput:
> unrecognised line "UNRAR 3.40 beta 1 freeware      Copyright (c) 1993-2004
> Alexander Roshal". Please contact the authors!
> Sep 17 14:44:24 servnozar MailScanner[25544]: Extracting from
> /tmp/clamav-55e0785da9cbc2a9/Connectix_Virtual_Game_Station_1.4.1_Windows_XP
> .rar
> Sep 17 14:44:25 servnozar MailScanner[25544]: ProcessClamAVOutput:
> unrecognised line "Extracting from
> /tmp/clamav-55e0785da9cbc2a9/Connectix_Virtual_Game_Station_1.4.1_Windows_XP
> .rar". Please contact the authors!

This is something with ClamAV and RAR, please ask on a Clam mailinglist ?
Most likely a version problem of the RAR archive.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Mon Sep 20 17:31:09 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:56 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2205.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
BB wrote:

>On Mon, 20 Sep 2004 10:10:53 -0600, Dustin Baer <dustin.baer@ihs.com> wrote:
>
>
>>BB wrote:
>>
>>
>>
>>>Hi All,
>>>
>>>Thought I had turned all warnings off except to postmaster.  I don't
>>>want to send notices to either the sender or receiver.
>>>
>>># Notify the local system administrators ("Notices To") when any infections
>>># are found?
>>># This can also be the filename of a ruleset.
>>>Send Notices = yes
>>>
>>>Receivers are still getting warnings.  I think it only sends warnings
>>>on file attachments -
>>>
>>>
>>>
>>Try this:
>>
>># Still deliver (after cleaning) messages that contained viruses listed
>># in the above option ("Silent Viruses") to the recipient?
>># Setting this to "yes" is good when you are testing everything, and
>># because it shows management that MailScanner is protecting them,
>># but it is bad because they have to filter/delete all the incoming virus
>># warnings.
>>#
>># Note: Once you have deployed this into "production" use, you should set
>># Note: this option to "no" so you don't bombard thousands of people with
>># Note: useless messages they don't want!
>>#
>># This can also be the filename of a ruleset.
>>Still Deliver Silent Viruses = no
>>
>>Dustin
>>
>>
>
>Its already set to this
>

Sorry, I see that in your other email.  I switched mail clients and
missed it the new client.

Do you have: "HTML-IFrame" in your Silent Viruses list and have you
restarted MailScanner?

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent.bolin at gmail.com  Mon Sep 20 17:31:28 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:56 2006
Subject: Adding users to whitelist and blacklists
Message-ID: <mailman.2206.1137101216.24926.mailscanner@lists.mailscanner.info>

Hi All,

Think I asked this question last week, but don't think I got a reply.

When adding users to whitelists and blacklists does MS need to be restarted.

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Mon Sep 20 17:40:32 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2207.1137101216.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Raymond Dijkxhoorn
> Sent: Monday, September 20, 2004 11:21 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Problems with RAR files
>
>
> Hi!
>
> > module failure.
> > Sep 17 14:44:24 servnozar MailScanner[25544]: UNRAR 3.40 beta 1 freeware
> > Copyright (c) 1993-2004 Alexander Roshal
> > Sep 17 14:44:24 servnozar MailScanner[25544]: ProcessClamAVOutput:
> > unrecognised line "UNRAR 3.40 beta 1 freeware      Copyright

<Snip>
>
> This is something with ClamAV and RAR, please ask on a Clam mailinglist ?
> Most likely a version problem of the RAR archive.
>
> Bye,
> Raymond.

Actually it's not, it's the clam output parser within MS saying it doesn't
recognize the output line from the call. It's not anything to worry about as
anything outside the narrow regex(s) used within the parser generate this
message. The module wasn't/isn't written to accommodate the external RAR
output. It will, however, catch the virus/OK output correctly. If he asks on
the clam list they won't have a clue as to what he is talking about. Seems
Julian did something about this on one of the latest releases?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Mon Sep 20 17:42:45 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:56 2006
Subject: OT: RBL+ broken?
Message-ID: <mailman.2208.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
They have never been free for .edu.  We are a paying customer.
Glad somebody out there is getting proper zone transfers...

On Mon, 20 Sep 2004, Matt Kettler wrote:

> Date: Mon, 20 Sep 2004 12:02:44 -0400
> From: Matt Kettler <mkettler@EVI-INC.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: OT: RBL+ broken?
>
> At 11:52 AM 9/20/2004, Jeff A. Earickson wrote:
>> Gang,
>>     I noticed that yesterday's blockage at our site due to our
>> usage of RBL+ dropped from its usual 7000+ messages/per day down to
>> 17.  Upon investigation, I found that the zone file that has
>> been transferring from them for RBL+ is now very small (11KB).
>> I've attempted to contact them without success so far.  Anybody
>> know what is going on with RBL+?
>
> No idea.. They were bought out in August. Perhaps they decided to drop the
> "free for .edu's" policy?
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greg at BLASTZONE.COM  Mon Sep 20 17:43:01 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2209.1137101216.24926.mailscanner@lists.mailscanner.info>

I've been surfing the archives for an answer to this question, but the
trail goes cold.

What I'd like to be able to do is use multiple files for my
white/blacklist files.  Ideally, a 'master' whitelist file that has
include directives pointing to other files, one for each domain I host.
Then for any whitelist needs specific to a domain I would enter it into
the file for that domain.

I see messages in the archives with requests for this feature, but I
don't see if it was ever implemented.  Can someone let me know?

Thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Mon Sep 20 17:45:47 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2210.1137101216.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Ricardo Luis Cañavate
> Sent: Monday, September 20, 2004 11:08 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Problems with RAR files
>
>
> Hi, I'm trying to test my box with rar files and this is the
> output of the maillog.
> Sep 17 14:44:18 servnozar MailScanner[25544]: Virus and Content
> Scanning: Starting Sep 17 14:44:21 servnozar MailScanner[25557]:
> New Batch: Found 2 messages waiting Sep 17 14:44:21 servnozar
> MailScanner[25557]: New Batch: Scanning 1 messages, 7175 bytes
> Sep 17 14:44:23 servnozar MailScanner[25544]:

It's because you are using external unrar and the MS parser for clamav
doesn't understand the output from unrar, it should catch the clam output
correctly and handle it accordingly, it's just not understanding the unrar
information lines.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From krausem at gmail.com  Mon Sep 20 17:48:50 2004
From: krausem at gmail.com (Matt Krause)
Date: Thu Jan 12 21:26:56 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2211.1137101216.24926.mailscanner@lists.mailscanner.info>

Okay, I get it. I guess I can just use hosts.deny too if I wanted.

Another question. Is it possible to blacklist from a header?

Emails addressed to undisclosed-recpients in one of the To: headers is
getting through. The other To: header contains an invalid address.  I
have local_recipient_maps = $alias_maps unix:passwd.byname in main.cf

Here is a sample email getting through to mchabot@server.com (the
non-existent user).  IT is possible to blacklist based on the
mchabot@server.com?  If so, how? Thanks a lot.

Date: Mon, 20 Sep 2004 02:01:58 -0700 (PDT)
From: Gwen.Morrow@brownhill62.freeserve.co.uk
To: undisclosed-recipients:  ;

by fep3.slo.net (Postfix) with SMTP id 2AGB44252
for <mchabot@server.com>; Mon, 20 Sep 2004 07:01:58 -0600 (EDT)
Received: (qmail 39089 invoked from network); Mon, 20 Sep 2004 11:03:58 -0200
Received: from localhost (HELO www.blaxxun.com) (286.0.0.1)
by localhost with SMTP; Mon, 20 Sep 2004 15:05:58 +0200
Received: from 66.212.226.128
(SquirrelMail authenticated user volzqtf)
by www.blaxxun.com.net with HTTP;
Mon, 20 Sep 2004 18:06:58 +0500 (EDT)
Message-ID: <06939.009.630.2.52.9163091385.squirrel@www.blaxxun.com>
In-Reply-To: <847630c48640$99641140$6281a1c0@bxqbkam>
References: <275771c72773$71159511$4612a8c0@rkcsaic>
Date: Mon, 20 Sep 2004 10:09:58 -0300 (EDT)
Subject: Advantage is now
From: "industry Bower" <Gwen.Morrow@brownhill62.freeserve.co.uk>
To: <mchabot@server.com>
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal

Mortgage Quote Request Approved.

Four lenders have approved you for the nations lowest rates of under
3%. Please continue to lock in your rate and start saving. Thank you.

http://teamrate.net/?partid=approved


On Sun, 19 Sep 2004 20:36:44 +0200, Kai Schaetzl
<maillists@conactive.com> wrote:
> Matt Krause wrote on         Fri, 17 Sep 2004 10:52:42 -0700:
> 
> > So what if that server hostname hosts multiple mail domain names and I
> > want to blacklist the entire dns domain name?  I thought the
> > *@server.you.want was only for mail domain names?  Thanks.
> >
> 
> It's not clear at all what you mean. You can blacklist the name the
> mailserver is using at MTA level. Since usually a machine uses only one
> hostname for this you got it.
> 
> Kai
> 
> --
> 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> IE-Center: http://ie5.de & http://msie.winware.org
> 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 



-- 
Matt Krause
krausem@gmail.com
http://www.mattkrause.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Mon Sep 20 17:58:50 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: SpamAssassin & Bayes?
Message-ID: <mailman.2212.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 17:45:19 +0200, Ricardo Luis Cañavate
<ricardo.canavate@nozar.es> wrote:
> How can I set up Bayes with SpamAssassin?

By reading the archives, reading the MAQ and making sure you don't
have use_bayes 0 in your spam.assassin.prefs.conf file.

Also, please don't attach essays about confidentiality to emails sent
to this list.

HTH

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Mon Sep 20 17:59:04 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:56 2006
Subject: SpamAssassin & Bayes?
Message-ID: <mailman.2213.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:45 AM 9/20/2004, Ricardo Luis Cañavate wrote:
>How can I set up Bayes with SpamAssassin?
>
>I haven't got great knowledge but I think that it's good to stop the spam.ç

man sa-learn

http://wiki.apache.org/spamassassin/BayesInSpamAssassin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Mon Sep 20 18:07:41 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:56 2006
Subject: Oddness in conf file after upgrading to Mailscanner-4.33.3-1
Message-ID: <mailman.2214.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>Oddness in conf file after upgrading to Mailscanner-4.33.3-1</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P><FONT SIZE=2 FACE="Arial">I was checking out my Mailscanner.conf file after upgrading and noticed the following line&#8230;Running Redhat 9 and sendmail followed the instructions on upgrading&#8230; BTW Mailscanner is working fine&#8230;anyone else notice this and if not what should the line look like...</FONT></P>

<P><FONT SIZE=2 FACE="Arial">Spamassassin Prefs File = %etc-dir%/spam.assassin.prefs.conf@@@/etc/mail/spamassassin/@</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2 FACE="Arial">&nbsp;</FONT>

<BR><FONT SIZE=2 FACE="Arial">Thank you.</FONT>

<BR><FONT SIZE=2 FACE="Arial">Philip Parsons </FONT>

<BR><FONT SIZE=2 FACE="Arial">Network Engineer</FONT>

<BR><FONT SIZE=2 FACE="Arial">&nbsp;</FONT>

<BR><FONT SIZE=2 FACE="Arial">Columbia Fuels Inc.</FONT>

<BR><FONT SIZE=2 FACE="Arial">2669 Wilfert Rd., Victoria BC, V9B 5Z3</FONT>

<BR><FONT SIZE=2 FACE="Arial">Phone: (250) 391-3638</FONT>

<BR><FONT SIZE=2 FACE="Arial">Cell: (250) 883-5972</FONT>

<BR><A HREF="http://www.columbiafuels.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiafuels.com</FONT></U></A>

<BR><A HREF="http://www.columbiaenergy.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiaenergy.com</FONT></U></A>

<BR><A HREF="http://www.columbiaice.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">http://www.columbiaice.com</FONT></U></A>

<BR><FONT SIZE=2 FACE="Arial">pparsons@columbiafuels.com</FONT>

<BR><FONT SIZE=2 FACE="Arial">E-mail protection by Mailscanner/SA</FONT>

<BR><FONT SIZE=2 FACE="Arial">Virus protection by Bitdefender</FONT><FONT SIZE=2 FACE="Arial">/ClamAv</FONT>
</P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mynamewasgone at gmail.com  Mon Sep 20 18:11:05 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: Adding users to whitelist and blacklists
Message-ID: <mailman.2215.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 11:31:28 -0500, BB <brent.bolin@gmail.com> wrote:
> When adding users to whitelists and blacklists does MS need to be restarted.

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0210&L=mailscanner&D=0&I=-1&P=134036
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0210&L=mailscanner&D=0&I=-1&P=133621

HTH

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Mon Sep 20 18:11:49 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:56 2006
Subject: Beta 4.34.4 released
Message-ID: <mailman.2216.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:

> I have just released a new unstable/beta release 4.34.4.
>
> The new additions are the options
>        Bounce Spam As Attachment
>        Bounce MCP As Attachment
>
> The spam bouncing option is for those who have pointy-haired bosses who
> insist on bouncing spam, especially when it claimed to come from one 
> of the
> business partners or important customers.
>
> The MCP bouncing option might be rather more useful for those using MCP a
> lot, as the person who sent the message will get to see exactly which
> message of theirs was bounced, as previously they would only have seen 
> the
> subject line.
>
> The maximum size of the content taken from the original message is 
> limited
> by the "Max SpamAssassin Size" setting. Yes, that sounds a bit random, 
> you
> are quite right, but it happened to be at hand at the time :-) If you 
> don't
> like it, I can create 2 more max size options as well if you like, but 
> the
> value is pretty arbitrary.
>
> It just needs to be a sane limit to prevent a denial of service attack
> against the site who sent the spam/mcp message that was bounced. 
> Otherwise
> you could use this feature to generate huge messages back to the claimed
> sender, which they might well let through as they could be made to appear
> to come from an important supplier (or business partner) of theirs.


Julian,

It seems to work just fine here!

Thanks again!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From raymond at PROLOCATION.NET  Mon Sep 20 18:19:47 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2217.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>>> Sep 17 14:44:24 servnozar MailScanner[25544]: UNRAR 3.40 beta 1 freeware
>>> Copyright (c) 1993-2004 Alexander Roshal
>>> Sep 17 14:44:24 servnozar MailScanner[25544]: ProcessClamAVOutput:
>>> unrecognised line "UNRAR 3.40 beta 1 freeware      Copyright

>> This is something with ClamAV and RAR, please ask on a Clam mailinglist ?
>> Most likely a version problem of the RAR archive.

> Actually it's not, it's the clam output parser within MS saying it doesn't
> recognize the output line from the call. It's not anything to worry about as
> anything outside the narrow regex(s) used within the parser generate this
> message. The module wasn't/isn't written to accommodate the external RAR
> output. It will, however, catch the virus/OK output correctly. If he asks on
> the clam list they won't have a clue as to what he is talking about. Seems
> Julian did something about this on one of the latest releases?

You are right. Its indeed the way its beeing parsed.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 18:28:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:56 2006
Subject: Beta 4.34.4 released
Message-ID: <mailman.2218.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:11 20/09/2004, you wrote:
>>I have just released a new unstable/beta release 4.34.4.
>It seems to work just fine here!

Hope your boss is happy :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 18:30:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:56 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2219.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:22 20/09/2004, you wrote:
>That is NOT what I want.  Do not want any notifications to go to
>receiver or sender, just postmaster.
>
>Notify Senders = no
>Still Deliver Silent Viruses = no
>Notify Senders Of Blocked Filenames Or Filetypes = no
>Notify Senders Of Other Blocked Content = no
>
>I don't see an option for
>Notify Receivers = no

Deliver Cleaned Messages = no
is what you need. Sorry it doesn't start with "Notify" like the others,
historical reasons.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 18:36:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:56 2006
Subject: Problems with RAR files
Message-ID: <mailman.2220.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:45 20/09/2004, you wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Ricardo Luis Cañavate
> > Sent: Monday, September 20, 2004 11:08 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Problems with RAR files
> >
> >
> > Hi, I'm trying to test my box with rar files and this is the
> > output of the maillog.
> > Sep 17 14:44:18 servnozar MailScanner[25544]: Virus and Content
> > Scanning: Starting Sep 17 14:44:21 servnozar MailScanner[25557]:
> > New Batch: Found 2 messages waiting Sep 17 14:44:21 servnozar
> > MailScanner[25557]: New Batch: Scanning 1 messages, 7175 bytes
> > Sep 17 14:44:23 servnozar MailScanner[25544]:
>
>It's because you are using external unrar and the MS parser for clamav
>doesn't understand the output from unrar, it should catch the clam output
>correctly and handle it accordingly, it's just not understanding the unrar
>information lines.

The latest versions do successfully analyse the output from the external 
unrar program, they just don't recognise all the rubbish it outputs as 
well. If you are using a recent version, you should still be detecting all 
the viruses.
-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 18:37:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:56 2006
Subject: Adding users to whitelist and blacklists
Message-ID: <mailman.2221.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You need to at least "reload" or "HUP" it.
Though restart will work fine too.

At 17:31 20/09/2004, you wrote:
>Hi All,
>
>Think I asked this question last week, but don't think I got a reply.
>
>When adding users to whitelists and blacklists does MS need to be restarted.
>
>Thanks
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Mon Sep 20 18:38:02 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:56 2006
Subject: ClamAV autoupdate fails
Message-ID: <mailman.2222.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-20 at 15:46, Frank wrote:
> Autoupdate for ClamAV fails.
> When calling freshclam directly from the shell I got
> the following messages:
>
> ClamAV update process started at Mon Sep 20 16:43:50 2004
> Reading CVD header (main.cvd): OK
> ERROR: Can't open new file ./clamav-6b870e778763be98 to write
> open: Permission denied
> ERROR: Can't download main.cvd from 212.162.12.159
>
> Any idea what could be wrong ?
File permissions?  IIRC freshclam drops its privileges to the clamav
user if run as root




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 20 18:39:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:56 2006
Subject: Oddness in conf file after upgrading to Mailscanner-4.33.3-1
Message-ID: <mailman.2223.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:07 20/09/2004, you wrote:

>I was checking out my Mailscanner.conf file after upgrading and noticed 
>the following line^ÅRunning Redhat 9 and sendmail followed the instructions 
>on upgrading^Å BTW Mailscanner is working fine^Åanyone else notice this and 
>if not what should the line look like...
>
>Spamassassin Prefs File = 
>%etc-dir%/spam.assassin.prefs.conf@@@/etc/mail/spamassassin/@

Don't where that came from!
Should just say
Spamassassin Prefs File = %etc-dir%/spam.assassin.prefs.conf



-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From brent.bolin at gmail.com  Mon Sep 20 18:57:00 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:56 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2224.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 10:31:09 -0600, Dustin Baer <dustin.baer@ihs.com> wrote:
>
>
> BB wrote:
>
> >On Mon, 20 Sep 2004 10:10:53 -0600, Dustin Baer <dustin.baer@ihs.com> wrote:
> >
> >
> >>BB wrote:
> >>
> >>
> >>
> >>>Hi All,
> >>>
> >>>Thought I had turned all warnings off except to postmaster.  I don't
> >>>want to send notices to either the sender or receiver.
> >>>
> >>># Notify the local system administrators ("Notices To") when any infections
> >>># are found?
> >>># This can also be the filename of a ruleset.
> >>>Send Notices = yes
> >>>
> >>>Receivers are still getting warnings.  I think it only sends warnings
> >>>on file attachments -
> >>>
> >>>
> >>>
> >>Try this:
> >>
> >># Still deliver (after cleaning) messages that contained viruses listed
> >># in the above option ("Silent Viruses") to the recipient?
> >># Setting this to "yes" is good when you are testing everything, and
> >># because it shows management that MailScanner is protecting them,
> >># but it is bad because they have to filter/delete all the incoming virus
> >># warnings.
> >>#
> >># Note: Once you have deployed this into "production" use, you should set
> >># Note: this option to "no" so you don't bombard thousands of people with
> >># Note: useless messages they don't want!
> >>#
> >># This can also be the filename of a ruleset.
> >>Still Deliver Silent Viruses = no
> >>
> >>Dustin
> >>
> >>
> >
> >Its already set to this
> >
>
> Sorry, I see that in your other email.  I switched mail clients and
> missed it the new client.
>
> Do you have: "HTML-IFrame" in your Silent Viruses list and have you
> restarted MailScanner?
>
> Dustin
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

I currently have this -
Silent Viruses = All-Viruses

Should I add  HTML-IFrame ?

Thought All-Viruses would handle all.

Still Deliver Silent Viruses = no

btb

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From steve at sj2.net  Mon Sep 20 19:07:09 2004
From: steve at sj2.net (Steven Rosen)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow Relaying + Virus Check + SPAM Check
Message-ID: <mailman.2225.1137101216.24926.mailscanner@lists.mailscanner.info>

The Fedora system I have is using
very recent versions of MailScanner + SpamAssassin + ClamAV
I host multiple domains and end-users have mail accounts
and can send out mail though the server via SMTP from Outlook
or other clients.

My question is simple, but I can't find an answer to this.

I allow a few very specific users of my system to send
outgoing mail through the server, not their ISPs.  To
do this, I allow a few general domains to relay through
the server:  such as city.state.comcast.net (I make the subnet
as specific as possible to cover users without specific
IPs that may change).  This ends up in the file:
/etc/mail/relay-domains (I believe).

This works find and they can send mail out, but any mail
from an outside spammer or a virus goes through if they happen
to originate on the same allowed subnet.  They aren't relaying though the
server, they are only sending to a user's direct e-mail and
they originate on the same subnet as the one I have open.

So, any e-mail that meets this criteria, does not seem to
get SPAM and virus checked...it gets through!  Otherwise not.

I knowthis is probably not the best way to do this, but it works
for our server but I still want this mail to be SPAM and
Virus checked. Is there a way to still do this?  That's my only issue.

Or I'm afraid...once I open those relays, it means no virus/spam
checks for any mail from those domains?

--
  Steve Rosen <steve@sj2.net>




--
  Steve Rosen <steve@sj2.net>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dwinkler at ALGORITHMICS.COM  Mon Sep 20 19:14:49 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2226.1137101216.24926.mailscanner@lists.mailscanner.info>

>
> I see messages in the archives with requests for this feature, but I
> don't see if it was ever implemented.  Can someone let me know?
>

Julian's solution is to use a config compiler, a script or something which
will pull all of the configs and their includes together before starting
MailScanner.

I for one would really like to see includes supported in rule files, even if
it was single level (an included file can't include other files) to prevent
a circular include.

Thanks,

Derek Winkler
Security Administrator

Algorithmics
185 Spadina Ave
Toronto, Ontario
Canada
M5T 2C6

Phone: 416-217-4107
  Fax: 416-971-6100

----



This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Mon Sep 20 19:17:58 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:56 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2227.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I add a whole bunch last week..... see way below email for the ones I
installed

Rob....



----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, September 20, 2004 8:50 AM
Subject: Re: Damm mortage and software spam


> Rob
>
> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
> guys you need...
>
> see their web page for installation instructions...
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I still get those darn emails...
>>
>> are these spammers good, or is it just by fluke their getting by
>> mailscanner??
>>
>> Does anyone else have this issue...
>>
>> There are usually email for medical stuff and its only a graphic with a
>> remove link on the bottom of the page
>> Also the subject always has "meeting  friday at 7-00"
>>
>> Any help appreciated
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Friday, September 17, 2004 1:16 PM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Ok I added all those rules....
>>>
>>> Let see what happens now....
>>>
>>> :)
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>> Sent: Friday, September 17, 2004 10:42 AM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Rob,
>>>>
>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>        There should be rules for OEM software over there. Read the
>>>> description.
>>>>
>>>>        I first tested it by downloading all the rules (except the
>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>> using
>>>> a
>>>> IncrediMail will make it spam. (some of our customers like using
>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>> scenario).
>>>>
>>>>        I have narrowed it down to using:
>>>> GetRules
>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>> GetRules
>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>
>>>>
>>>> Thanks,
>>>> ------------------------
>>>> Rob Robin
>>>> Network Analyst
>>>> Green Apple, Inc.
>>>> 740-653-9890
>>>> rrobin@greenapple.com
>>>> www.greenapple.com
>>>> Internet access, hosting and development solutions since 1995.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>>
>>>> And after I added rules from www.rulesemporium.com  I still get these
>>>> irritating emails with subject "your meeting on"
>>>>
>>>> and it has just a graphic and a remove link
>>>>
>>>> URGH!
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>> software messages.
>>>>> I haven't seen any mortgage messages  yet...
>>>>>
>>>>> Steve
>>>>>
>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>> Anyone have a tip for not letting these guys through?
>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>> through to
>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>
>>>>>
>>>>>> Rob....
>>>>>
>>>>>
>>>>> ------------------------ MailScanner list ------------------------
>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>>> 'leave mailscanner' in the body of the email.
>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greg at BLASTZONE.COM  Mon Sep 20 19:22:01 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2228.1137101216.24926.mailscanner@lists.mailscanner.info>

Is there a sample 'config compiler' setup out there someplace I could
see as an example?  I'm a linux newbie, so just cranking out a shell
script or whatever isnt second nature, yet.

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler
> Sent: Monday, September 20, 2004 11:15 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Includes in ruleset files?
>
>
> >
> > I see messages in the archives with requests for this
> feature, but I
> > don't see if it was ever implemented.  Can someone let me know?
> >
>
> Julian's solution is to use a config compiler, a script or
> something which will pull all of the configs and their
> includes together before starting MailScanner.
>
> I for one would really like to see includes supported in rule
> files, even if it was single level (an included file can't
> include other files) to prevent a circular include.
>
> Thanks,
>
> Derek Winkler
> Security Administrator
>
> Algorithmics
> 185 Spadina Ave
> Toronto, Ontario
> Canada
> M5T 2C6
>
> Phone: 416-217-4107
>   Fax: 416-971-6100
>
> ----
>
>
>
> This email and any files transmitted with it are confidential
> and proprietary to Algorithmics Incorporated and its
> affiliates ("Algorithmics").  If received in error, use is
> prohibited.  Please destroy, and notify sender.  Sender does
> not waive confidentiality or privilege. Internet
> communications cannot be guaranteed to be timely, secure,
> error or virus-free.  Algorithmics does not accept liability
> for any errors or omissions.  Any commitment intended to bind
> Algorithmics must be reduced to writing and signed by an
> authorized signatory.
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dwinkler at ALGORITHMICS.COM  Mon Sep 20 19:30:07 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2229.1137101216.24926.mailscanner@lists.mailscanner.info>

> Is there a sample 'config compiler' setup out there someplace I could
> see as an example?  I'm a linux newbie, so just cranking out a shell
> script or whatever isnt second nature, yet.
>

A simple case may be to just use cat to combine a bunch of files, just do
this on a regular basis.

eg.

cat /opt/MailScanner/etc/rules/spam.whitelist.rules.domain1
/opt/MailScanner/etc/rules/spam.whitelist.rules.domain2 >
/opt/MailScanner/etc/rules/spam.whitelist.rules

or

Use cpp to support includes...

cpp /opt/MailScanner/etc/rules/spam.whitelist.rules.src >
/opt/MailScanner/etc/rules/spam.whitelist.rules

The file spam.whitelist.rules.src can then include lines like:
#include "<filename>"

The trick is how often and when you run the script.

Good luck

---

This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 20 19:30:53 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow Relaying + Virus Check + SPAM Check
Message-ID: <mailman.2230.1137101216.24926.mailscanner@lists.mailscanner.info>

The best solution is to use SMTP auth for the users NOT the subnets, as
anybody could be on the subnet



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From EGTSWNZXKEEC at SPAMMOTEL.COM  Mon Sep 20 19:39:49 2004
From: EGTSWNZXKEEC at SPAMMOTEL.COM (Frank)
Date: Thu Jan 12 21:26:56 2006
Subject: ClamAV autoupdate fails
Message-ID: <mailman.2231.1137101216.24926.mailscanner@lists.mailscanner.info>

>File permissions?  IIRC freshclam drops its privileges to the clamav
>user if run as root


That seems to be the problem. However I have no idea what permission is
missing ? Any idea where clamav tries to create this file ?

Regards,
Frank.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pparsons at COLUMBIAFUELS.COM  Mon Sep 20 19:47:17 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:56 2006
Subject: Oddness in conf file after upgrading to Mailscanner-4.33.3-1
Message-ID: <mailman.2232.1137101216.24926.mailscanner@lists.mailscanner.info>

Thanks 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: Monday, September 20, 2004 10:39 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Oddness in conf file after upgrading to 
> Mailscanner-4.33.3-1
> 
> At 18:07 20/09/2004, you wrote:
> 
> >I was checking out my Mailscanner.conf file after upgrading 
> and noticed 
> >the following line...Running Redhat 9 and sendmail followed the 
> >instructions on upgrading... BTW Mailscanner is working 
> fine...anyone else 
> >notice this and if not what should the line look like...
> >
> >Spamassassin Prefs File =
> >%etc-dir%/spam.assassin.prefs.conf@@@/etc/mail/spamassassin/@
> 
> Don't where that came from!
> Should just say
> Spamassassin Prefs File = %etc-dir%/spam.assassin.prefs.conf
> 
> 
> 
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz 
> MailScanner thanks transtec Computers for their support Buy 
> the MailScanner book at www.MailScanner.info/store
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Mon Sep 20 19:54:12 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:56 2006
Subject: ClamAV autoupdate fails
Message-ID: <mailman.2233.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-20 at 19:39, Frank wrote:
> >File permissions?  IIRC freshclam drops its privileges to the clamav
> >user if run as root
>
>
> That seems to be the problem. However I have no idea what permission is
> missing ? Any idea where clamav tries to create this file ?
>
No, but I'd guess its in whatever $TMPDIR is set to, which for root is
quite likely to be /root/tmp.  Try...

export TMPDIR=/tmp
freshclam






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From steve at sj2.net  Mon Sep 20 20:00:41 2004
From: steve at sj2.net (Steven Rosen)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow Relaying + Virus Check + SPAM Check
Message-ID: <mailman.2234.1137101216.24926.mailscanner@lists.mailscanner.info>

So you're saying turn off the allowed domains and force
SMTP authentication per user?

How is this turned on in the server?

How is this setup by the client
(with "My Server Requires Authentication" ?)

Michele Neylon :: Blacknight Solutions said:
> The best solution is to use SMTP auth for the users NOT the subnets, as
> anybody could be on the subnet
>
>
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
  Steve Rosen <steve@sj2.net>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Mon Sep 20 20:02:23 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:56 2006
Subject: How do I turn these warnings off
Message-ID: <mailman.2235.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
BB wrote:

>>Do you have: "HTML-IFrame" in your Silent Viruses list and have you
>>restarted MailScanner?
>>
>
>I currently have this -
>Silent Viruses = All-Viruses
>
>Should I add  HTML-IFrame ?
>
>
Yes.  Be aware of "HTML-Codebase" messages also.  If you don't include
that in Silent Viruses, those messages will also be delivered to your
recipients (provided you are blocking them).

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mark at TIPPINGMAR.COM  Mon Sep 20 20:17:42 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow Relaying + Virus Check + SPAM Check
Message-ID: <mailman.2236.1137101216.24926.mailscanner@lists.mailscanner.info>

On 20 Sep 2004 at 15:00, Steven Rosen wrote:

> So you're saying turn off the allowed domains and force
> SMTP authentication per user?
>
> How is this turned on in the server?

One of the best explanations I have found for how to do this is here:

http://www.joreybump.com/code/howto/smtpauth.html

It is really quite simple with Fedora, or another recent rpm based system.
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 20 20:18:20 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow Relaying + Virus Check + SPAM Check
Message-ID: <mailman.2237.1137101216.24926.mailscanner@lists.mailscanner.info>

> So you're saying turn off the allowed domains and force SMTP
> authentication per user?

It sounds like you are allowing a very large block of the 'net to relay, as
opposed to domains that you host, so getting the users to authenticate
sounds a lot saner

>
> How is this turned on in the server?

You'd need to look at the documentation specific to your MTA

> How is this setup by the client
> (with "My Server Requires Authentication" ?)
Yes





Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Mon Sep 20 22:02:11 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2238.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 09:43:01 -0700, Greg Deputy <greg@blastzone.com> wrote:
> What I'd like to be able to do is use multiple files for my
> white/blacklist files.  Ideally, a 'master' whitelist file that has
> include directives pointing to other files, one for each domain I host.
> Then for any whitelist needs specific to a domain I would enter it into
> the file for that domain.
>
> I see messages in the archives with requests for this feature, but I
> don't see if it was ever implemented.  Can someone let me know?

It was kind of answered here:

http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0305&L=mailscanner&D=0&I=-1&P=69766

Basically, no, but you could use a Custom Function to do it.

I don't use custom functions myself, but see if you've got a
CustomConfig.pm.  Mine's in /usr/lib/MailScanner/MailScanner and seems
to have per-domain white/blacklisting already set up.

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Mon Sep 20 22:27:15 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: Blacklist and entire server
Message-ID: <mailman.2239.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 09:48:50 -0700, Matt Krause <krausem@gmail.com> wrote:
> Another question. Is it possible to blacklist from a header?
>
> Emails addressed to undisclosed-recpients in one of the To: headers is
> getting through. The other To: header contains an invalid address.  I
> have local_recipient_maps = $alias_maps unix:passwd.byname in main.cf
>
> Here is a sample email getting through to mchabot@server.com (the
> non-existent user).  IT is possible to blacklist based on the
> mchabot@server.com?  If so, how? Thanks a lot.

Have you tried putting

To: mchabot@server.com Yes

in your spam.blacklist.rules?

>From memory MailScanner checks the envelope to see who the mail is
for, not the contents of To: in the actual mail header

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Mon Sep 20 22:29:57 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2240.1137101216.24926.mailscanner@lists.mailscanner.info>

Sounds like just the ticket, but I cant find a CustomConfig.pm or
Config.pm file on my machine anywhere.  Is it something I need to create
from scratch?

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Richard Brown
> Sent: Monday, September 20, 2004 2:02 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Includes in ruleset files?
>
>
> On Mon, 20 Sep 2004 09:43:01 -0700, Greg Deputy
> <greg@blastzone.com> wrote:
> > What I'd like to be able to do is use multiple files for my
> > white/blacklist files.  Ideally, a 'master' whitelist file that has
> > include directives pointing to other files, one for each domain I
> > host. Then for any whitelist needs specific to a domain I
> would enter
> > it into the file for that domain.
> >
> > I see messages in the archives with requests for this
> feature, but I
> > don't see if it was ever implemented.  Can someone let me know?
>
> It was kind of answered here:
>
http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0305&L=mailscanner&D=0&
I=-1&P=69766

Basically, no, but you could use a Custom Function to do it.

I don't use custom functions myself, but see if you've got a
CustomConfig.pm.  Mine's in /usr/lib/MailScanner/MailScanner and seems
to have per-domain white/blacklisting already set up.

Regards,

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Mon Sep 20 22:41:59 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2241.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 14:29:57 -0700, Greg Deputy <greg@blastzone.com> wrote:
> Sounds like just the ticket, but I cant find a CustomConfig.pm or
> Config.pm file on my machine anywhere.  Is it something I need to create
> from scratch?

No, if you don't have a Config.pm I'd be surprised if MailScanner was working.

Try

locate CustomConfig.pm

if you have slocate updating everynight that should tell you where it
is, or try

head -n 1 `which MailScanner`

which will tell you the lib directory for MailScanner, CustomConfig.pm
will be in the MailScanner subdirectory of it.

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Mon Sep 20 22:47:52 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:56 2006
Subject: Includes in ruleset files?
Message-ID: <mailman.2242.1137101216.24926.mailscanner@lists.mailscanner.info>

OK, there it is.  Not sure why I wasn't able to find it before.  Thanks
from the newbie.

>
> On Mon, 20 Sep 2004 14:29:57 -0700, Greg Deputy
> <greg@blastzone.com> wrote:
> > Sounds like just the ticket, but I cant find a CustomConfig.pm or
> > Config.pm file on my machine anywhere.  Is it something I need to
> > create from scratch?
>
> No, if you don't have a Config.pm I'd be surprised if
> MailScanner was working.
>
> Try
>
> locate CustomConfig.pm
>
> if you have slocate updating everynight that should tell you
> where it is, or try
>
> head -n 1 `which MailScanner`
>
> which will tell you the lib directory for MailScanner,
> CustomConfig.pm will be in the MailScanner subdirectory of it.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at WEBGUSTO.COM  Mon Sep 20 23:34:50 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2243.1137101216.24926.mailscanner@lists.mailscanner.info>

I have one user who wants me to whitelist ebay.com, but we get tons of
joe-jobs to lots of addresses on our server with ebay return addresses.

Can I combine from: and to: in a rule, something like:

From: *@ebay.com to: user@domain.com yes

If not, what is the best way to allow legit ebay email?

Thanks

Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Mon Sep 20 23:42:37 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2244.1137101216.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Bill Sholar - WebGusto
> Sent: Monday, September 20, 2004 6:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: From and to in whitelist
>
> I have one user who wants me to whitelist ebay.com, but we get tons of
> joe-jobs to lots of addresses on our server with ebay return addresses.
>
> Can I combine from: and to: in a rule, something like:
>
> From: *@ebay.com to: user@domain.com yes
>

This has been covered many times and we should probably add to the MAQ. You
were very close. I believe the rule should be:

From: *ebay.com and to: user@domain.com yes

Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> If not, what is the best way to allow legit ebay email?
>
> Thanks
>
> Bill
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Mon Sep 20 23:43:44 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2245.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Bill Sholar - WebGusto wrote:
> Can I combine from: and to: in a rule, something like:
>
> From: *@ebay.com to: user@domain.com yes

Yes, it is described in the EXAMPLES file in the rules directory...

From: *@ebay.com and To: user@domain.com yes

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELKNET.NET  Mon Sep 20 23:54:06 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2246.1137101216.24926.mailscanner@lists.mailscanner.info>

Today I installer perl 5.8.5 by compiling the source on my MS server. The
install seemed to go fine, and 'perl -v' now reports the new version. This
is the only perl on my server, I removed the prior version. When I now
install MS from the rpm distribution, I get this error:

error: failed dependencies:
        perl >= 5.005 is needed by mailscanner-4.34.4-1
        /usr/bin/perl   is needed by mailscanner-4.34.4-1

Note that /usr/bin/perl exists:

# ls -l /usr/bin/perl
-rwxr-xr-x    3 root     root       941914 Sep 20 13:56 /usr/bin/perl

and it is a version >= 5.005

Any ideas?
Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at WEBGUSTO.COM  Mon Sep 20 23:57:24 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2247.1137101216.24926.mailscanner@lists.mailscanner.info>

Thanks much. I looked through the EXAMPLES and README files and didn't see
any such case, and didn't find it in MAQ.

Bill

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Steve Swaney
Sent: Monday, September 20, 2004 5:43 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: From and to in whitelist

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Bill Sholar - WebGusto
> Sent: Monday, September 20, 2004 6:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: From and to in whitelist
>
> I have one user who wants me to whitelist ebay.com, but we get tons of
> joe-jobs to lots of addresses on our server with ebay return addresses.
>
> Can I combine from: and to: in a rule, something like:
>
> From: *@ebay.com to: user@domain.com yes
>

This has been covered many times and we should probably add to the MAQ. You
were very close. I believe the rule should be:

From: *ebay.com and to: user@domain.com yes

Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> If not, what is the best way to allow legit ebay email?
>
> Thanks
>
> Bill
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Tue Sep 21 00:05:17 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2248.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alan wrote:
> Today I installer perl 5.8.5 by compiling the source on my MS server. The
> install seemed to go fine, and 'perl -v' now reports the new version. This
> is the only perl on my server, I removed the prior version. When I now
> install MS from the rpm distribution, I get this error:
>
> error: failed dependencies:
>         perl >= 5.005 is needed by mailscanner-4.34.4-1
>         /usr/bin/perl   is needed by mailscanner-4.34.4-1
>
> Note that /usr/bin/perl exists:
>
> # ls -l /usr/bin/perl
> -rwxr-xr-x    3 root     root       941914 Sep 20 13:56 /usr/bin/perl
>
> and it is a version >= 5.005
>
> Any ideas?
> Thanks!
It is an RPM dependency problem. RPM doesn't check outside of its own
installed database for dependencies. You would either need a perl RPM of
that version, or try install.sh --nodeps.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Tue Sep 21 00:05:24 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2249.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Bill Sholar - WebGusto wrote:
> Thanks much. I looked through the EXAMPLES and README files and didn't see
> any such case, and didn't find it in MAQ.

If your version of MS is capable of using logical AND then it is in the
EXAMPLES file.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Tue Sep 21 00:07:09 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2250.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-20 at 23:54, Alan wrote:
> Today I installer perl 5.8.5 by compiling the source on my MS server. The
> install seemed to go fine, and 'perl -v' now reports the new version. This
> is the only perl on my server, I removed the prior version. When I now
> install MS from the rpm distribution, I get this error:
>
> error: failed dependencies:
>         perl >= 5.005 is needed by mailscanner-4.34.4-1
>         /usr/bin/perl   is needed by mailscanner-4.34.4-1

Thats because it works out the dependencies from the rpm database.  If
you're sure that your perl install is complete you can try passing the
nodeps option to install.sh which will probably make everything okay
(unless there is something missing in your install in which case it will
make everything very bad - but, hey, its bad already)

Any particular reason you installed perl from source on an rpm based
distro?




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at WEBGUSTO.COM  Tue Sep 21 00:33:40 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2251.1137101216.24926.mailscanner@lists.mailscanner.info>

Hmm -- I have the version released last month, but my examples file doesn't
show that case. I searched the changelog after seeing your message, and see
the functionality came out 7 months ago, so my version should support it.

Care to share the syntax from the example file?

Bill

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Peter Bonivart
Sent: Monday, September 20, 2004 6:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: From and to in whitelist

Bill Sholar - WebGusto wrote:
> Thanks much. I looked through the EXAMPLES and README files and didn't
> see any such case, and didn't find it in MAQ.

If your version of MS is capable of using logical AND then it is in the
EXAMPLES file.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gregk at infosecsolutions.com.au  Tue Sep 21 01:29:06 2004
From: gregk at infosecsolutions.com.au (Greg Krzeszkowski)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow password protected/encrypted zip files from a singler sender
Message-ID: <mailman.2252.1137101216.24926.mailscanner@lists.mailscanner.info>

Hi,

various aspects of this question have been answered before.   I have searched the mailing list archive first, so don't flame me too much.

I have an organisation that must send through password protected zipfiles (cannot be changed, they are one of the countrys largest retailers and have a 'holier than thou' attitude) to me.

I only want this particular email address to be able to send this type of attachment (I would love to continue to have Allow Password-Protected Archives = No).   I added a rule that allowed zip files FROM the sender, but if MS is blocking all password protected archives they don't get through (as expected).

Is there an override I can utilise that would fit my requirements?

Cheers

--------------------------
Greg Krzeszkowski

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Tue Sep 21 01:37:21 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2253.1137101216.24926.mailscanner@lists.mailscanner.info>

Couldn't you do a ruleset for Allow Password-Protected Archives like:

FromOrTo:       default                                 No
From:           holierThanThou@retailer.com     Yes

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Greg Krzeszkowski
> Sent: Monday, September 20, 2004 5:29 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Allow password protected/encrypted zip files from a
> singler sender
>
>
> Hi,
>
> various aspects of this question have been answered before.
> I have searched the mailing list archive first, so don't
> flame me too much.
>
> I have an organisation that must send through password
> protected zipfiles (cannot be changed, they are one of the
> countrys largest retailers and have a 'holier than thou'
> attitude) to me.
>
> I only want this particular email address to be able to send
> this type of attachment (I would love to continue to have
> Allow Password-Protected Archives = No).   I added a rule
> that allowed zip files FROM the sender, but if MS is blocking
> all password protected archives they don't get through (as expected).
>
> Is there an override I can utilise that would fit my requirements?
>
> Cheers
>
> --------------------------
> Greg Krzeszkowski
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Tue Sep 21 02:40:04 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2254.1137101216.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 00:07:09 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:

Thanks for the quick answer Kevin. The reason I installed from
source rather than an rpm distro is that I can't find a current
version of perl in an rpm distro for RH 7.2

Any pointers to the current version of perl in an i386 rpm for 7.2 would
be very welcome!

-Alan

>Any particular reason you installed perl from source on an rpm based
>distro?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Tue Sep 21 04:23:34 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:56 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2255.1137101216.24926.mailscanner@lists.mailscanner.info>

Greg Deputy wrote:
> Couldn't you do a ruleset for Allow Password-Protected Archives like:
>
> FromOrTo:       default                                 No
> From:           holierThanThou@retailer.com     Yes
>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Greg Krzeszkowski
>> Sent: Monday, September 20, 2004 5:29 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Allow password protected/encrypted zip files from a singler
>> sender
>>
>>
>> Hi,
>>
>> various aspects of this question have been answered before.
>> I have searched the mailing list archive first, so don't flame me
>> too much.
>>
>> I have an organisation that must send through password protected
>> zipfiles (cannot be changed, they are one of the countrys largest
>> retailers and have a 'holier than thou'
>> attitude) to me.
>>
>> I only want this particular email address to be able to send this
>> type of attachment (I would love to continue to have
>> Allow Password-Protected Archives = No).   I added a rule
>> that allowed zip files FROM the sender, but if MS is blocking all
>> password protected archives they don't get through (as expected).
>>
>> Is there an override I can utilise that would fit my requirements?
>>
>> Cheers

I think the rule should be the other way around:

From:           holierThanThou@retailer.com     Yes
FromOrTo:       default                         No

This way, MS doesn't hit on the default first and stop processing the
ruleset.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jkf at mailscanner.info  Tue Sep 21 05:18:36 2004
From: jkf at mailscanner.info (jkf@mailscanner.info)
Date: Thu Jan 12 21:26:56 2006
Subject: Automated reply from jkf@www.mailscanner.biz
Message-ID: <mailman.2256.1137101216.24926.mailscanner@lists.mailscanner.info>

Thank you for your email.
I will reply to you as soon as possible. 

From mynamewasgone at gmail.com  Tue Sep 21 07:16:58 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:56 2006
Subject: From and to in whitelist
Message-ID: <mailman.2257.1137101216.24926.mailscanner@lists.mailscanner.info>

On Mon, 20 Sep 2004 18:33:40 -0500, Bill Sholar - WebGusto
<admin@webgusto.com> wrote:
> Care to share the syntax from the example file?

8. Use 2 conditions in the rule

   Set "Spam Actions = /etc/MailScanner/rules/spam.actions.rules".
   From: trapme.com and To: abuse@*     deliver
   FromOrTo: domain.com and FromOrTo: domain2.com       deliver
   FromOrTo:    default                 store notify


Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From john at TRADOC.FR  Tue Sep 21 08:06:52 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:26:56 2006
Subject: Fwd: announcing ClamAV 0.80rc
Message-ID: <mailman.2258.1137101216.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 00:54:18 +0200, Luca Gibelli <luca@clamav.net>
wrote:
> the development version of ClamAV is ready for general testing! New
> mechanisms have already proved very nasty to Internet worms 
> successfully protecting against the new versions R, S, T, U, V and W 
> of the infamous Mydoom worm and detecting them as Worm.Mydoom.Gen before 
> they were analysed and specific signatures added by the ClamAV database 
> maintainers. 

Has anyone here tried this yet? I don't have a spare box ATM and don't
fancy testing directly in production...

> New features in this release include:
>  
> -) libclamav
...
>      + updated API (still backward compatible but please consult clamdoc.pdf
>        (Section 6) and adapt your software)

Does this affect those of us using Mail::ClamAV and the MS clamavmodule
interface? 


John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Tue Sep 21 08:11:03 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2259.1137101216.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-21 at 02:40, Alan wrote:
> On Tue, 21 Sep 2004 00:07:09 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:
>
> Thanks for the quick answer Kevin. The reason I installed from
> source rather than an rpm distro is that I can't find a current
> version of perl in an rpm distro for RH 7.2
>
> Any pointers to the current version of perl in an i386 rpm for 7.2 would
> be very welcome!

Well, you don't need the current version of perl for either MailScanner
or SpamAssassin, if its security fixes you're worried about then the
important patches will have been back-ported by most vendors.  Take a
look at the fedora legacy project.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Tue Sep 21 08:11:47 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:56 2006
Subject: Fwd: announcing ClamAV 0.80rc
Message-ID: <mailman.2260.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> of the infamous Mydoom worm and detecting them as Worm.Mydoom.Gen before
>> they were analysed and specific signatures added by the ClamAV database
>> maintainers.

> Has anyone here tried this yet? I don't have a spare box ATM and don't
> fancy testing directly in production...

Yes, runs just fine.

>> -) libclamav
> ...
>>      + updated API (still backward compatible but please consult clamdoc.pdf
>>        (Section 6) and adapt your software)
>
> Does this affect those of us using Mail::ClamAV and the MS clamavmodule
> interface?

Looking ok so far, no weird log messages. ...

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Tue Sep 21 08:14:34 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:56 2006
Subject: Fwd: announcing ClamAV 0.80rc
Message-ID: <mailman.2261.1137101216.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-21 at 08:06, John Wilcock wrote:
> Has anyone here tried this yet? I don't have a spare box ATM and don't
> fancy testing directly in production...
>
I'm braver (or perhaps dafter) than you.  Its running on my production
box right now (and has been for the last 7 hours).
I wanted to use the new signature file format to play make a signature
for the jpeg exploit announced recently.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Tue Sep 21 09:16:57 2004
From: ricardo.canavate at nozar.es (Ricardo Luis CaXavate)
Date: Thu Jan 12 21:26:56 2006
Subject: SpamAssassin & Bayes?
Message-ID: <mailman.2262.1137101216.24926.mailscanner@lists.mailscanner.info>

Thanks a lot to all.

-----Mensaje original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]En
nombre de Matt Kettler
Enviado el: lunes, 20 de septiembre de 2004 18:59
Para: MAILSCANNER@JISCMAIL.AC.UK
Asunto: Re: SpamAssassin & Bayes?


At 11:45 AM 9/20/2004, Ricardo Luis Cañavate wrote:
>How can I set up Bayes with SpamAssassin?
>
>I haven't got great knowledge but I think that it's good to stop the spam.ç

man sa-learn

http://wiki.apache.org/spamassassin/BayesInSpamAssassin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


=========================================================================
Usted recibe este mensaje porque su dirección e-mail se encuentra en 
nuestra base de datos al haber tenido contactos anteriores con nosotros, 
por lo que entendemos que contamos con su autorización para enviarle 
información profesional. No obstante, si no desea seguir recibiéndola 
basta con hacérnoslo saber.
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial. Si no es vd. el destinatario 
indicado, queda notificado de que la utilización, divulgación y/o copia 
sin autorización está prohibida en virtud de la legislación vigente. 
Si ha recibido este mensaje por error, le rogamos que nos lo comunique 
inmediatamente por esta misma vía y proceda a su destrucción.


You are receiving this message because your e-mail address is listed in 
our database due to previous communications with us, 
so we have assumed that we have your permission to send you professional 
information. However, if you do not wish to continue to receive such 
information then please let us know.
This message is intended exclusively for its addressee and may contain 
information that is CONFIDENTIAL and protected by professional privilege. 
If you are not the intended recipient you are hereby notified that any 
dissemination, copy or disclosure of this communication is strictly 
prohibited by law. If this message has been received in error, please 
immediately notify us via e-mail and delete it.
=======================================================================

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 21 09:18:03 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:56 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2263.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob
www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
2.6x) are not included in the rulesemporium stuff.

It's a RBL style check, but it looks at URI's within the message body,
rather than the traditions RBL's which only look at the ip-addresses the
email is coming from( ie the message header).

This is a really good technique of trapping the single graphic and link.



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> I add a whole bunch last week..... see way below email for the ones I
> installed
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Monday, September 20, 2004 8:50 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob
>>
>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
>> guys you need...
>>
>> see their web page for installation instructions...
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Rob wrote:
>>
>>> I still get those darn emails...
>>>
>>> are these spammers good, or is it just by fluke their getting by
>>> mailscanner??
>>>
>>> Does anyone else have this issue...
>>>
>>> There are usually email for medical stuff and its only a graphic with a
>>> remove link on the bottom of the page
>>> Also the subject always has "meeting  friday at 7-00"
>>>
>>> Any help appreciated
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>> Sent: Friday, September 17, 2004 1:16 PM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Ok I added all those rules....
>>>>
>>>> Let see what happens now....
>>>>
>>>> :)
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Rob,
>>>>>
>>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>>        There should be rules for OEM software over there. Read the
>>>>> description.
>>>>>
>>>>>        I first tested it by downloading all the rules (except the
>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>> using
>>>>> a
>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>> scenario).
>>>>>
>>>>>        I have narrowed it down to using:
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>> GetRules
>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>
>>>>>
>>>>> Thanks,
>>>>> ------------------------
>>>>> Rob Robin
>>>>> Network Analyst
>>>>> Green Apple, Inc.
>>>>> 740-653-9890
>>>>> rrobin@greenapple.com
>>>>> www.greenapple.com
>>>>> Internet access, hosting and development solutions since 1995.
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>>>
>>>>> And after I added rules from www.rulesemporium.com  I still get these
>>>>> irritating emails with subject "your meeting on"
>>>>>
>>>>> and it has just a graphic and a remove link
>>>>>
>>>>> URGH!
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>> software messages.
>>>>>> I haven't seen any mortgage messages  yet...
>>>>>>
>>>>>> Steve
>>>>>>
>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>> through to
>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Rob....

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From G.Pentland at SOTON.AC.UK  Tue Sep 21 12:24:13 2004
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:26:56 2006
Subject: Heads up on MyDoom-O
Message-ID: <mailman.2264.1137101216.24926.mailscanner@lists.mailscanner.info>

All,

yesterday and today we have noticed some deeply nested zip files with
MyDoom-O.

You want to be increasing 'Maximum Archive Depth' to something a bit
bigger than default.  Currently I have set it to 5, it used to be 2.

Hope that helps,

Gary

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Tue Sep 21 13:01:17 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:56 2006
Subject: Install error after updating perl
Message-ID: <mailman.2265.1137101216.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 08:11:03 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:

>Well, you don't need the current version of perl for either MailScanner
>or SpamAssassin, if its security fixes you're worried about then the
>important patches will have been back-ported by most vendors.  Take a
>look at the fedora legacy project.

The announcement for SA3.0 indicated:
  "The SpamAssassin 2.6x release series was the last set of releases to
  officially support perl versions earlier than perl 5.6.1"

and as RH 7.2 runs 5.6.0 I knew I had to upgrade perl. Figured if I was
going to upgrade, I may as well upgrade to the current version. Is there a
better version I should go to the meets SA 3.0's requirements and is
available as an rpm for 7.2?

Thanks!
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel-ml at IRC-ADDICTS.DE  Tue Sep 21 13:25:25 2004
From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:56 2006
Subject: Blocking a sender with different text
Message-ID: <mailman.2266.1137101216.24926.mailscanner@lists.mailscanner.info>

Hi there,

i have a Problem with some user over the net.

He is annoying people with mail they do not want to get.

I could blacklist him, but i would like to send this person an reply with
some text like:

Your Mails are no longer wanted on this maschine.
Please stop sending them.

Is there a way to do so?
Or do i have to change the text on the blacklist.spam.txt version?

In fact he is not really spamming..he is just annoying..

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Tue Sep 21 13:42:08 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:56 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2267.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I do,  do www.surbl.org  but not the other one I will check that one out....
thanks....

However I have not received one in the last 24 hours...

:)



Rob....



----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 4:18 AM
Subject: Re: Damm mortage and software spam


> Rob
> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
> 2.6x) are not included in the rulesemporium stuff.
>
> It's a RBL style check, but it looks at URI's within the message body,
> rather than the traditions RBL's which only look at the ip-addresses the
> email is coming from( ie the message header).
>
> This is a really good technique of trapping the single graphic and link.
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I add a whole bunch last week..... see way below email for the ones I
>> installed
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Monday, September 20, 2004 8:50 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Rob
>>>
>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
>>> guys you need...
>>>
>>> see their web page for installation instructions...
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Rob wrote:
>>>
>>>> I still get those darn emails...
>>>>
>>>> are these spammers good, or is it just by fluke their getting by
>>>> mailscanner??
>>>>
>>>> Does anyone else have this issue...
>>>>
>>>> There are usually email for medical stuff and its only a graphic with a
>>>> remove link on the bottom of the page
>>>> Also the subject always has "meeting  friday at 7-00"
>>>>
>>>> Any help appreciated
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Ok I added all those rules....
>>>>>
>>>>> Let see what happens now....
>>>>>
>>>>> :)
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> Rob,
>>>>>>
>>>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>>>        There should be rules for OEM software over there. Read the
>>>>>> description.
>>>>>>
>>>>>>        I first tested it by downloading all the rules (except the
>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>> using
>>>>>> a
>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>> scenario).
>>>>>>
>>>>>>        I have narrowed it down to using:
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>> GetRules
>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> ------------------------
>>>>>> Rob Robin
>>>>>> Network Analyst
>>>>>> Green Apple, Inc.
>>>>>> 740-653-9890
>>>>>> rrobin@greenapple.com
>>>>>> www.greenapple.com
>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>>>>
>>>>>> And after I added rules from www.rulesemporium.com  I still get these
>>>>>> irritating emails with subject "your meeting on"
>>>>>>
>>>>>> and it has just a graphic and a remove link
>>>>>>
>>>>>> URGH!
>>>>>>
>>>>>> Rob....
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>>> software messages.
>>>>>>> I haven't seen any mortgage messages  yet...
>>>>>>>
>>>>>>> Steve
>>>>>>>
>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>> through to
>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Rob....
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From G.Pentland at SOTON.AC.UK  Tue Sep 21 13:50:32 2004
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:26:56 2006
Subject: Blocking a sender with different text
Message-ID: <mailman.2268.1137101216.24926.mailscanner@lists.mailscanner.info>

Hi,

What MTA are you using?

If you are using Sendmail then use the access map.

something like

From:annoying@domain.com        550 Go away you annoying person

This would block the mail before Mailscanner, hence more efficient and
he would get a DSN with that text in...

Hope that helps,

Gary

Marcel Blenkers wrote:
> Hi there,
> 
> i have a Problem with some user over the net.
> 
> He is annoying people with mail they do not want to get.
> 
> I could blacklist him, but i would like to send this person an reply
> with some text like: 
> 
> Your Mails are no longer wanted on this maschine.
> Please stop sending them.
> 
> Is there a way to do so?
> Or do i have to change the text on the blacklist.spam.txt version?
> 
> In fact he is not really spamming..he is just annoying..
> 
> Greetings
> 
> Marcel
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email. Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).    

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 21 13:55:02 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:56 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2269.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob

when you loaded the surbl.org stuff you would have needed to install the
spamcop_uri plugin (unless you are running one of the SA 3.0 RC or beta
versions).

Also MS won't see any SA config changes till the children restart or you
restart MS.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> I do,  do www.surbl.org  but not the other one I will check that one
> out....
> thanks....
>
> However I have not received one in the last 24 hours...
>
> :)
>
>
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, September 21, 2004 4:18 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob
>> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
>> 2.6x) are not included in the rulesemporium stuff.
>>
>> It's a RBL style check, but it looks at URI's within the message body,
>> rather than the traditions RBL's which only look at the ip-addresses the
>> email is coming from( ie the message header).
>>
>> This is a really good technique of trapping the single graphic and link.
>>
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Rob wrote:
>>
>>> I add a whole bunch last week..... see way below email for the ones I
>>> installed
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>> Sent: Monday, September 20, 2004 8:50 AM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Rob
>>>>
>>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are the
>>>> guys you need...
>>>>
>>>> see their web page for installation instructions...
>>>>
>>>>
>>>> --
>>>> Martin Hepworth
>>>> Snr Systems Administrator
>>>> Solid State Logic
>>>> Tel: +44 (0)1865 842300
>>>>
>>>>
>>>> Rob wrote:
>>>>
>>>>> I still get those darn emails...
>>>>>
>>>>> are these spammers good, or is it just by fluke their getting by
>>>>> mailscanner??
>>>>>
>>>>> Does anyone else have this issue...
>>>>>
>>>>> There are usually email for medical stuff and its only a graphic
>>>>> with a
>>>>> remove link on the bottom of the page
>>>>> Also the subject always has "meeting  friday at 7-00"
>>>>>
>>>>> Any help appreciated
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> Ok I added all those rules....
>>>>>>
>>>>>> Let see what happens now....
>>>>>>
>>>>>> :)
>>>>>>
>>>>>> Rob....
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>>> Rob,
>>>>>>>
>>>>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>>>>        There should be rules for OEM software over there. Read the
>>>>>>> description.
>>>>>>>
>>>>>>>        I first tested it by downloading all the rules (except the
>>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>>> using
>>>>>>> a
>>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>>> scenario).
>>>>>>>
>>>>>>>        I have narrowed it down to using:
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>>> GetRules
>>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> ------------------------
>>>>>>> Rob Robin
>>>>>>> Network Analyst
>>>>>>> Green Apple, Inc.
>>>>>>> 740-653-9890
>>>>>>> rrobin@greenapple.com
>>>>>>> www.greenapple.com
>>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>>>>>
>>>>>>> And after I added rules from www.rulesemporium.com  I still get
>>>>>>> these
>>>>>>> irritating emails with subject "your meeting on"
>>>>>>>
>>>>>>> and it has just a graphic and a remove link
>>>>>>>
>>>>>>> URGH!
>>>>>>>
>>>>>>> Rob....
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>>>> software messages.
>>>>>>>> I haven't seen any mortgage messages  yet...
>>>>>>>>
>>>>>>>> Steve
>>>>>>>>
>>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>>> through to
>>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Rob....
>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at ERUS.CO.UK  Tue Sep 21 14:01:28 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:26:56 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2270.1137101216.24926.mailscanner@lists.mailscanner.info>

Hi

This morning I tried to update my MailScanner, running on Debian Unstable,
to 4.33.3-2 using apt.

When I try to start MailScanner after the upgrade I get several errors
relating to permissions on directories such as /var/run/MailScanner, saying
that the directory was owned by mail and not Debian-Exim.

After fixing the permissions on the directories I tried to start MailScanner
again but nothing happens.

I get the usual:

Starting mail spam/virus scanner: MailScanner.

...and then nothing. No entries in syslog, and mailscanner fails to start.

Turning on debug for both mailscanner and spamassassin fails to show
anything in the logs.

Is there a way to start mailscanner without the init.d script?

And has anybody seen this before?

Regards

Alex

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 21 14:19:48 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2271.1137101216.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex

there should be a script (somewhere in Debian) called check_mailscanner
that you can run. This is normally used with the debug options you
mentioned..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Alex Pimperton wrote:
> Hi
>
> This morning I tried to update my MailScanner, running on Debian Unstable,
> to 4.33.3-2 using apt.
>
> When I try to start MailScanner after the upgrade I get several errors
> relating to permissions on directories such as /var/run/MailScanner, saying
> that the directory was owned by mail and not Debian-Exim.
>
> After fixing the permissions on the directories I tried to start MailScanner
> again but nothing happens.
>
> I get the usual:
>
> Starting mail spam/virus scanner: MailScanner.
>
> ...and then nothing. No entries in syslog, and mailscanner fails to start.
>
> Turning on debug for both mailscanner and spamassassin fails to show
> anything in the logs.
>
> Is there a way to start mailscanner without the init.d script?
>
> And has anybody seen this before?
>
> Regards
>
> Alex
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Tue Sep 21 14:21:49 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:57 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2272.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
yes I did install it, and I have restarted it since....

:)

is there anything I can do to check and make sure it is working correctly?

Rob....



----- Original Message -----
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 8:55 AM
Subject: Re: Damm mortage and software spam


> Rob
>
> when you loaded the surbl.org stuff you would have needed to install the
> spamcop_uri plugin (unless you are running one of the SA 3.0 RC or beta
> versions).
>
> Also MS won't see any SA config changes till the children restart or you
> restart MS.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I do,  do www.surbl.org  but not the other one I will check that one
>> out....
>> thanks....
>>
>> However I have not received one in the last 24 hours...
>>
>> :)
>>
>>
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Tuesday, September 21, 2004 4:18 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Rob
>>> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
>>> 2.6x) are not included in the rulesemporium stuff.
>>>
>>> It's a RBL style check, but it looks at URI's within the message body,
>>> rather than the traditions RBL's which only look at the ip-addresses the
>>> email is coming from( ie the message header).
>>>
>>> This is a really good technique of trapping the single graphic and link.
>>>
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Rob wrote:
>>>
>>>> I add a whole bunch last week..... see way below email for the ones I
>>>> installed
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>> Sent: Monday, September 20, 2004 8:50 AM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Rob
>>>>>
>>>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are
>>>>> the
>>>>> guys you need...
>>>>>
>>>>> see their web page for installation instructions...
>>>>>
>>>>>
>>>>> --
>>>>> Martin Hepworth
>>>>> Snr Systems Administrator
>>>>> Solid State Logic
>>>>> Tel: +44 (0)1865 842300
>>>>>
>>>>>
>>>>> Rob wrote:
>>>>>
>>>>>> I still get those darn emails...
>>>>>>
>>>>>> are these spammers good, or is it just by fluke their getting by
>>>>>> mailscanner??
>>>>>>
>>>>>> Does anyone else have this issue...
>>>>>>
>>>>>> There are usually email for medical stuff and its only a graphic
>>>>>> with a
>>>>>> remove link on the bottom of the page
>>>>>> Also the subject always has "meeting  friday at 7-00"
>>>>>>
>>>>>> Any help appreciated
>>>>>>
>>>>>> Rob....
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>>> Ok I added all those rules....
>>>>>>>
>>>>>>> Let see what happens now....
>>>>>>>
>>>>>>> :)
>>>>>>>
>>>>>>> Rob....
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>>> Rob,
>>>>>>>>
>>>>>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>>>>>        There should be rules for OEM software over there. Read the
>>>>>>>> description.
>>>>>>>>
>>>>>>>>        I first tested it by downloading all the rules (except the
>>>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>>>> using
>>>>>>>> a
>>>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>>>> scenario).
>>>>>>>>
>>>>>>>>        I have narrowed it down to using:
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> ------------------------
>>>>>>>> Rob Robin
>>>>>>>> Network Analyst
>>>>>>>> Green Apple, Inc.
>>>>>>>> 740-653-9890
>>>>>>>> rrobin@greenapple.com
>>>>>>>> www.greenapple.com
>>>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>> I do not see these rules on www.rulesemporium.com   where are they?
>>>>>>>>
>>>>>>>> And after I added rules from www.rulesemporium.com  I still get
>>>>>>>> these
>>>>>>>> irritating emails with subject "your meeting on"
>>>>>>>>
>>>>>>>> and it has just a graphic and a remove link
>>>>>>>>
>>>>>>>> URGH!
>>>>>>>>
>>>>>>>> Rob....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>>>>> software messages.
>>>>>>>>> I haven't seen any mortgage messages  yet...
>>>>>>>>>
>>>>>>>>> Steve
>>>>>>>>>
>>>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>>>> through to
>>>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Rob....
>>>
>>>
>>> **********************************************************************
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they
>>> are addressed. If you have received this email in error please notify
>>> the system manager.
>>>
>>> This footnote confirms that this email message has been swept
>>> for the presence of computer viruses and is believed to be clean.
>>>
>>> **********************************************************************
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 21 14:32:04 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2273.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Rob

you should be seeing the rules in the headers (if you report like that),
or using MailWatch you should see the rules being hit as well.

There's some basic tests you can run on the surbl.org site in the FAQ,
so you could generate a test email with the test hits in it and then run
SA on the email..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Rob wrote:
> yes I did install it, and I have restarted it since....
>
> :)
>
> is there anything I can do to check and make sure it is working correctly?
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, September 21, 2004 8:55 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob
>>
>> when you loaded the surbl.org stuff you would have needed to install the
>> spamcop_uri plugin (unless you are running one of the SA 3.0 RC or beta
>> versions).
>>
>> Also MS won't see any SA config changes till the children restart or you
>> restart MS.
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Rob wrote:
>>
>>> I do,  do www.surbl.org  but not the other one I will check that one
>>> out....
>>> thanks....
>>>
>>> However I have not received one in the last 24 hours...
>>>
>>> :)
>>>
>>>
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>> Sent: Tuesday, September 21, 2004 4:18 AM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Rob
>>>> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
>>>> 2.6x) are not included in the rulesemporium stuff.
>>>>
>>>> It's a RBL style check, but it looks at URI's within the message body,
>>>> rather than the traditions RBL's which only look at the ip-addresses
>>>> the
>>>> email is coming from( ie the message header).
>>>>
>>>> This is a really good technique of trapping the single graphic and
>>>> link.
>>>>
>>>>
>>>>
>>>> --
>>>> Martin Hepworth
>>>> Snr Systems Administrator
>>>> Solid State Logic
>>>> Tel: +44 (0)1865 842300
>>>>
>>>>
>>>> Rob wrote:
>>>>
>>>>> I add a whole bunch last week..... see way below email for the ones I
>>>>> installed
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>> Sent: Monday, September 20, 2004 8:50 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> Rob
>>>>>>
>>>>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are
>>>>>> the
>>>>>> guys you need...
>>>>>>
>>>>>> see their web page for installation instructions...
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Martin Hepworth
>>>>>> Snr Systems Administrator
>>>>>> Solid State Logic
>>>>>> Tel: +44 (0)1865 842300
>>>>>>
>>>>>>
>>>>>> Rob wrote:
>>>>>>
>>>>>>> I still get those darn emails...
>>>>>>>
>>>>>>> are these spammers good, or is it just by fluke their getting by
>>>>>>> mailscanner??
>>>>>>>
>>>>>>> Does anyone else have this issue...
>>>>>>>
>>>>>>> There are usually email for medical stuff and its only a graphic
>>>>>>> with a
>>>>>>> remove link on the bottom of the page
>>>>>>> Also the subject always has "meeting  friday at 7-00"
>>>>>>>
>>>>>>> Any help appreciated
>>>>>>>
>>>>>>> Rob....
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Rob" <rob@THEHOSTMASTERS.COM>
>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>>> Ok I added all those rules....
>>>>>>>>
>>>>>>>> Let see what happens now....
>>>>>>>>
>>>>>>>> :)
>>>>>>>>
>>>>>>>> Rob....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Robin, Rob" <rrobin@GREENAPPLE.COM>
>>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>>> Rob,
>>>>>>>>>
>>>>>>>>>        It's there: http://www.rulesemporium.com/rules.htm
>>>>>>>>>        There should be rules for OEM software over there. Read the
>>>>>>>>> description.
>>>>>>>>>
>>>>>>>>>        I first tested it by downloading all the rules (except the
>>>>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>>>>> using
>>>>>>>>> a
>>>>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>>>>> scenario).
>>>>>>>>>
>>>>>>>>>        I have narrowed it down to using:
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> ------------------------
>>>>>>>>> Rob Robin
>>>>>>>>> Network Analyst
>>>>>>>>> Green Apple, Inc.
>>>>>>>>> 740-653-9890
>>>>>>>>> rrobin@greenapple.com
>>>>>>>>> www.greenapple.com
>>>>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Rob [mailto:rob@THEHOSTMASTERS.COM]
>>>>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I do not see these rules on www.rulesemporium.com   where are
>>>>>>>>> they?
>>>>>>>>>
>>>>>>>>> And after I added rules from www.rulesemporium.com  I still get
>>>>>>>>> these
>>>>>>>>> irritating emails with subject "your meeting on"
>>>>>>>>>
>>>>>>>>> and it has just a graphic and a remove link
>>>>>>>>>
>>>>>>>>> URGH!
>>>>>>>>>
>>>>>>>>> Rob....
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Steve Mason" <smlists@SHAW.CA>
>>>>>>>>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>>>>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of
>>>>>>>>>> the
>>>>>>>>>> software messages.
>>>>>>>>>> I haven't seen any mortgage messages  yet...
>>>>>>>>>>
>>>>>>>>>> Steve
>>>>>>>>>>
>>>>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>>>>> through to
>>>>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Rob....
>>>>
>>>>
>>>>
>>>> **********************************************************************
>>>>
>>>> This email and any files transmitted with it are confidential and
>>>> intended solely for the use of the individual or entity to whom they
>>>> are addressed. If you have received this email in error please notify
>>>> the system manager.
>>>>
>>>> This footnote confirms that this email message has been swept
>>>> for the presence of computer viruses and is believed to be clean.
>>>>
>>>> **********************************************************************
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Tue Sep 21 14:34:47 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:57 2006
Subject: upgrading to 4.33-3 and Mailwatch..
Message-ID: <mailman.2274.1137101217.24926.mailscanner@lists.mailscanner.info>

I just upgraded from 4.24-5 to 4.33.3 (via rpm, which is how it was installed originally). I ran the conf_ugprade.  I was previously running MailWatch 0.5.1.   It seems as though the MS upgrade broke it.  It appears that it is now called a bit differently.  Does MailWatch.pm need to be moved to the /usr/lib/MailScanner/MailScanner/CustomFunctions directory?  Should it still be called from MailScanner.conf somehow?  ie, via Always Looked Up Last = &MailWatchLogging in MailScanner.conf ?  Looks like this has been reworked but I didn't find anything in the archives.

thx
Matt




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Tue Sep 21 14:35:09 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:26:57 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2275.1137101217.24926.mailscanner@lists.mailscanner.info>

Thanks. I've managed to fix the problem now.

I ran the check_mailscanner (/usr/sbin) script which gave:

Starting MailScanner...
MIME::QuotedPrint version 3.03 required--this is only version 3.01 at
/usr/share/perl5/MIME/Words.pm line 86.
BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Words.pm line 86.
Compilation failed in require at /usr/share/perl5/MIME/Head.pm line 123.
BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Head.pm line 123.
Compilation failed in require at /usr/share/perl5/MIME/Parser.pm line 147.
BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Parser.pm line
147.
Compilation failed in require at
/usr/share/MailScanner/MailScanner/MCPMessage.pm line 40.

...so I upgraded MIME::QuotedPrint (and probably others at the same time)
using cpan and it seems to be working properly now after fixing the
permissions again.

Regards

Alex

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Martin Hepworth
Sent: 21 September 2004 14:20
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner 4.33.3-2 on Debian

Alex

there should be a script (somewhere in Debian) called check_mailscanner
that you can run. This is normally used with the debug options you
mentioned..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Alex Pimperton wrote:
> Hi
>
> This morning I tried to update my MailScanner, running on Debian Unstable,
> to 4.33.3-2 using apt.
>
> When I try to start MailScanner after the upgrade I get several errors
> relating to permissions on directories such as /var/run/MailScanner,
saying
> that the directory was owned by mail and not Debian-Exim.
>
> After fixing the permissions on the directories I tried to start
MailScanner
> again but nothing happens.
>
> I get the usual:
>
> Starting mail spam/virus scanner: MailScanner.
>
> ...and then nothing. No entries in syslog, and mailscanner fails to start.
>
> Turning on debug for both mailscanner and spamassassin fails to show
> anything in the logs.
>
> Is there a way to start mailscanner without the init.d script?
>
> And has anybody seen this before?
>
> Regards
>
> Alex
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mynamewasgone at gmail.com  Tue Sep 21 14:36:26 2004
From: mynamewasgone at gmail.com (Richard Brown)
Date: Thu Jan 12 21:26:57 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2276.1137101217.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 09:21:49 -0400, Rob <rob@thehostmasters.com> wrote:
> is there anything I can do to check and make sure it is working correctly?

Read the output of this:

spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

changing the argument to -p to wherever you keep your spam.assassin.prefs.conf

Regards,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel-ml at IRC-ADDICTS.DE  Tue Sep 21 14:42:07 2004
From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:26:57 2006
Subject: Blocking a sender with different text
Message-ID: <mailman.2277.1137101217.24926.mailscanner@lists.mailscanner.info>

Hi there,

and thanks..

yes i am using sendmail..
and see..i am so blocked to think about the simpel stuff..as i just
want to do everything with mailscanner..

:)

Greetings

Marcel



On Tue, 21 Sep 2004, Pentland G. wrote:

> Hi,
>
> What MTA are you using?
>
> If you are using Sendmail then use the access map.
>
> something like
>
> From:annoying@domain.com        550 Go away you annoying person
>
> This would block the mail before Mailscanner, hence more efficient and
> he would get a DSN with that text in...
>
> Hope that helps,
>
> Gary
>
> Marcel Blenkers wrote:
> > Hi there,
> >
> > i have a Problem with some user over the net.
> >
> > He is annoying people with mail they do not want to get.
> >
> > I could blacklist him, but i would like to send this person an reply
> > with some text like:
> >
> > Your Mails are no longer wanted on this maschine.
> > Please stop sending them.
> >
> > Is there a way to do so?
> > Or do i have to change the text on the blacklist.spam.txt version?
> >
> > In fact he is not really spamming..he is just annoying..
> >
> > Greetings
> >
> > Marcel
> >
> > ------------------------ MailScanner list ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> > mailscanner' in the body of the email. Before posting, read the MAQ
> > (http://www.mailscanner.biz/maq/) and the archives
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Tue Sep 21 14:57:45 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2278.1137101217.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-21 at 13:01, Alan wrote:
> On Tue, 21 Sep 2004 08:11:03 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:
>
> >Well, you don't need the current version of perl for either MailScanner
> >or SpamAssassin, if its security fixes you're worried about then the
> >important patches will have been back-ported by most vendors.  Take a
> >look at the fedora legacy project.
>
> The announcement for SA3.0 indicated:
>   "The SpamAssassin 2.6x release series was the last set of releases to
>   officially support perl versions earlier than perl 5.6.1"
>
> and as RH 7.2 runs 5.6.0 I knew I had to upgrade perl. Figured if I was
> going to upgrade, I may as well upgrade to the current version. Is there a
> better version I should go to the meets SA 3.0's requirements and is
> available as an rpm for 7.2?

Ah, I understand (I knew SA 3 was breaking compatibility with old
versions of perl, but I didn't realise it was dropping 5.6.0 support).
I think I would probably have tried the 5.6.1 rpm for RH 7.3 from
fedoralegacy before compiling from source, but if its working now...

Of course what I'd most likely have done is installed a more up to date
version of linux.  RH 7.2 is pretty old now.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 21 15:06:28 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: upgrading to 4.33-3 and Mailwatch..
Message-ID: <mailman.2279.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt

you'll need to edit the /usr/lib/MailScanner/CustomConfigs.pm to add in 
the MailWatch.pm line and copy over the MailWatch.pm file as well from 
the old location..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kehler wrote:
> I just upgraded from 4.24-5 to 4.33.3 (via rpm, which is how it was installed originally). I ran the conf_ugprade.  I was previously running MailWatch 0.5.1.   It seems as though the MS upgrade broke it.  It appears that it is now called a bit differently.  Does MailWatch.pm need to be moved to the /usr/lib/MailScanner/MailScanner/CustomFunctions directory?  Should it still be called from MailScanner.conf somehow?  ie, via Always Looked Up Last = &MailWatchLogging in MailScanner.conf ?  Looks like this has been reworked but I didn't find anything in the archives.
> 
> thx
> Matt
> 
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 21 15:23:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2280.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Did you remember to upgrade MIME-tools as well? You *really* want that
with the new MIME::Base64 modules.

Alex Pimperton wrote:

>Thanks. I've managed to fix the problem now.
>
>I ran the check_mailscanner (/usr/sbin) script which gave:
>
>Starting MailScanner...
>MIME::QuotedPrint version 3.03 required--this is only version 3.01 at
>/usr/share/perl5/MIME/Words.pm line 86.
>BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Words.pm line 86.
>Compilation failed in require at /usr/share/perl5/MIME/Head.pm line 123.
>BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Head.pm line 123.
>Compilation failed in require at /usr/share/perl5/MIME/Parser.pm line 147.
>BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Parser.pm line
>147.
>Compilation failed in require at
>/usr/share/MailScanner/MailScanner/MCPMessage.pm line 40.
>
>...so I upgraded MIME::QuotedPrint (and probably others at the same time)
>using cpan and it seems to be working properly now after fixing the
>permissions again.
>
>Regards
>
>Alex
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Martin Hepworth
>Sent: 21 September 2004 14:20
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: MailScanner 4.33.3-2 on Debian
>
>Alex
>
>there should be a script (somewhere in Debian) called check_mailscanner
>that you can run. This is normally used with the debug options you
>mentioned..
>
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>
>Alex Pimperton wrote:
>
>
>>Hi
>>
>>This morning I tried to update my MailScanner, running on Debian Unstable,
>>to 4.33.3-2 using apt.
>>
>>When I try to start MailScanner after the upgrade I get several errors
>>relating to permissions on directories such as /var/run/MailScanner,
>>
>>
>saying
>
>
>>that the directory was owned by mail and not Debian-Exim.
>>
>>After fixing the permissions on the directories I tried to start
>>
>>
>MailScanner
>
>
>>again but nothing happens.
>>
>>I get the usual:
>>
>>Starting mail spam/virus scanner: MailScanner.
>>
>>...and then nothing. No entries in syslog, and mailscanner fails to start.
>>
>>Turning on debug for both mailscanner and spamassassin fails to show
>>anything in the logs.
>>
>>Is there a way to start mailscanner without the init.d script?
>>
>>And has anybody seen this before?
>>
>>Regards
>>
>>Alex
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Tue Sep 21 15:39:50 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:26:57 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2281.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Oooo... and what should i be looking for...


debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: bayes: 31157 tie-ing to DB file R/O
/var/spool/spamassassin/bayes_toks
debug: bayes: 31157 tie-ing to DB file R/O
/var/spool/spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: Score set 3 chosen.
debug: Initialising learner
debug: is Net::DNS::Resolver available? yes
debug: trying (3) yahoo.de...
debug: looking up MX for 'yahoo.de'
debug: MX for 'yahoo.de' exists? 1
debug: MX lookup of yahoo.de succeeded => Dns available (set dns_available
to hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=2.077
debug: bayes corpus size: nspam = 158159, nham = 15177
debug: uri tests: Done uriRE
debug: tokenize: header tokens for *F = "U*ignore
D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org
D*org"
debug: tokenize: header tokens for *m = " 1095777705 lint_rules "
debug: cannot use bayes on this message; db not initialised yet
debug: bayes: not scoring message, returning 0.5
debug: bayes: 31157 untie-ing
debug: bayes: 31157 untie-ing db_toks
debug: bayes: 31157 untie-ing db_seen
debug: Razor2 is not available
debug: running raw-body-text per-line regexp tests; score so far=2.077
debug: running uri tests; score so far=2.077
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=2.077
debug: Razor2 is not available
debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: all '*To' addrs:
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=2.077
debug: is spam? score=2.577 required=5
tests=DATE_MISSING,FM_NO_TO,NO_REAL_NAME


Rob....



----- Original Message -----
From: "Richard Brown" <mynamewasgone@gmail.com>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 9:36 AM
Subject: Re: Damm mortage and software spam


> On Tue, 21 Sep 2004 09:21:49 -0400, Rob <rob@thehostmasters.com> wrote:
>> is there anything I can do to check and make sure it is working
>> correctly?
>
> Read the output of this:
>
> spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
>
> changing the argument to -p to wherever you keep your
> spam.assassin.prefs.conf
>
> Regards,
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Tue Sep 21 16:28:56 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2282.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alan wrote:
> On Tue, 21 Sep 2004 00:07:09 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:
>
> Thanks for the quick answer Kevin. The reason I installed from
> source rather than an rpm distro is that I can't find a current
> version of perl in an rpm distro for RH 7.2
>
> Any pointers to the current version of perl in an i386 rpm for 7.2 would
> be very welcome!
>
> -Alan
I don't think Redhat 7.2 is supported by anyone right now. That means no
security flaws are being patched or fixed. You might try and find the
time to upgrade to something a little newer.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From darren at concepttechnologyinc.com  Tue Sep 21 16:52:23 2004
From: darren at concepttechnologyinc.com (Darren Fulton - Concept Technology)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2283.1137101217.24926.mailscanner@lists.mailscanner.info>

Redhat 7.2 is supported by these people.  I costs $5/month for updated rpms.

http://transition.progeny.com/

Darren


> Alan wrote:
>> On Tue, 21 Sep 2004 00:07:09 +0100, Kevin Spicer <kevins@BMRB.CO.UK>
>> wrote:
>>
>> Thanks for the quick answer Kevin. The reason I installed from
>> source rather than an rpm distro is that I can't find a current
>> version of perl in an rpm distro for RH 7.2
>>
>> Any pointers to the current version of perl in an i386 rpm for 7.2 would
>> be very welcome!
>>
>> -Alan
> I don't think Redhat 7.2 is supported by anyone right now. That means no
> security flaws are being patched or fixed. You might try and find the
> time to upgrade to something a little newer.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

Concept Technology, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jbuda at NOTICIASARGENTINAS.COM  Tue Sep 21 17:12:41 2004
From: jbuda at NOTICIASARGENTINAS.COM (Jose Julian Buda)
Date: Thu Jan 12 21:26:57 2006
Subject: Missing Mails !!!
Message-ID: <mailman.2284.1137101217.24926.mailscanner@lists.mailscanner.info>

I have postfix + Mailscanner + clamav and i have some problems with some
mail
there's some mails that is not delivered , when i send and email
Looking for some error in the /var/log/maillog file i see this about this
missing message:

...
0D4515EFD7 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
0D4515EFD7 : to =<destination@mydomain.com> relay=none, delay=0,
status=deferred ( deferred transport )
...
Requeue : 0D4515EFD7 to 8916C670F8
...

Until this it is ok, the postfix.in procces take the message and the
mailscanner procces it from de deferred queue....
But what happened with 8916C670F8 message ?
there's nothing else line about this message, there's no lines from the
postfix outgoing proccess like :
...
8916C670F8 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
8916C670F8 : to =<destination@mydomain.com> relay=none, delay=0, status=sent
( mailbox )
...
or something about it from the postfix outgoing proccess
i recieve some complaints about missing mails from my users and i need to
solve this problem
Any idea ?

May be this message i need to resent it...

Thank you

Julian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 21 17:57:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Missing Mails !!!
Message-ID: <mailman.2285.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Have you set it up according to the current Postfix instructions on
www.mailscanner.info/install?
Most people (assuming you are using Postfix 2) find it more reliable using
a single instance of Postfix, with the "hold queue" setup.

At 17:12 21/09/2004, you wrote:
>I have postfix + Mailscanner + clamav and i have some problems with some
>mail
>there's some mails that is not delivered , when i send and email
>Looking for some error in the /var/log/maillog file i see this about this
>missing message:
>
>...
>0D4515EFD7 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>0D4515EFD7 : to =<destination@mydomain.com> relay=none, delay=0,
>status=deferred ( deferred transport )
>...
>Requeue : 0D4515EFD7 to 8916C670F8
>...
>
>Until this it is ok, the postfix.in procces take the message and the
>mailscanner procces it from de deferred queue....
>But what happened with 8916C670F8 message ?
>there's nothing else line about this message, there's no lines from the
>postfix outgoing proccess like :
>...
>8916C670F8 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>8916C670F8 : to =<destination@mydomain.com> relay=none, delay=0, status=sent
>( mailbox )
>...
>or something about it from the postfix outgoing proccess
>i recieve some complaints about missing mails from my users and i need to
>solve this problem
>Any idea ?
>
>May be this message i need to resent it...
>
>Thank you
>
>Julian
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep 21 18:02:17 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:57 2006
Subject: Double filename/extension query
Message-ID: <mailman.2286.1137101217.24926.mailscanner@lists.mailscanner.info>

Up until now we've never had any issues with blocking double file extensions
using the default ruleset.
Unfortunately one of our more important clients gets files every morning
from a call center in the format:

20Sep04-20Sep04.txt.eee

"file" tells me:
20Sep04-20Sep04.txt.eee: data

(I'd love to know what is producing them....)

The problem is this. How can I allow these filenames to be delivered to our
client BUT disallow them from all others?

I know it can be done via a ruleset, but I've only ever used them for
whitelist/blacklist/signature type things
Should I call it like:
MailScanner.conf
Filename Rules = %etc-dir%/filename.rules

In filename.rules
What do I put in here?

filename.rules.conf  << - do I leave that as is?

Sorry, but I am as confused about how to do this as this email appears :(

Michele



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent.bolin at gmail.com  Tue Sep 21 18:02:39 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:57 2006
Subject: Anybody running mailwatch with mailscanner ?
Message-ID: <mailman.2287.1137101217.24926.mailscanner@lists.mailscanner.info>

Started using this the other day.  I can release quarantend messages
but not spam.

One of the main reasons I wanted to use mailwatch was to release messages that

were tagged as spam.

Anybody know if mailwatch is suppose to do this ?

btb

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jbuda at NOTICIASARGENTINAS.COM  Tue Sep 21 18:11:22 2004
From: jbuda at NOTICIASARGENTINAS.COM (Jose Julian Buda)
Date: Thu Jan 12 21:26:57 2006
Subject: Missing Mails !!!
Message-ID: <mailman.2288.1137101217.24926.mailscanner@lists.mailscanner.info>

Mmmm. i'm using the old way
I'll try this one and let's see...


Thank you

Julian



----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 1:57 PM
Subject: Re: Missing Mails !!!


Have you set it up according to the current Postfix instructions on
www.mailscanner.info/install?
Most people (assuming you are using Postfix 2) find it more reliable using
a single instance of Postfix, with the "hold queue" setup.

At 17:12 21/09/2004, you wrote:
>I have postfix + Mailscanner + clamav and i have some problems with some
>mail
>there's some mails that is not delivered , when i send and email
>Looking for some error in the /var/log/maillog file i see this about this
>missing message:
>
>...
>0D4515EFD7 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>0D4515EFD7 : to =<destination@mydomain.com> relay=none, delay=0,
>status=deferred ( deferred transport )
>...
>Requeue : 0D4515EFD7 to 8916C670F8
>...
>
>Until this it is ok, the postfix.in procces take the message and the
>mailscanner procces it from de deferred queue....
>But what happened with 8916C670F8 message ?
>there's nothing else line about this message, there's no lines from the
>postfix outgoing proccess like :
>...
>8916C670F8 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>8916C670F8 : to =<destination@mydomain.com> relay=none, delay=0,
status=sent
>( mailbox )
>...
>or something about it from the postfix outgoing proccess
>i recieve some complaints about missing mails from my users and i need to
>solve this problem
>Any idea ?
>
>May be this message i need to resent it...
>
>Thank you
>
>Julian
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Tue Sep 21 18:29:34 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:57 2006
Subject: Anybody running mailwatch with mailscanner ?
Message-ID: <mailman.2289.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
BB wrote:
> Started using this the other day.  I can release quarantend messages
> but not spam.
>
> One of the main reasons I wanted to use mailwatch was to release messages that
>
> were tagged as spam.
>
> Anybody know if mailwatch is suppose to do this ?

Yes, you just have to configure mailscanner not to scan emails from your
web server user (www or apache...).

You can see the archives of the MailWatch mailing list as well.

>
> btb
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Tue Sep 21 18:49:52 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:57 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2290.1137101217.24926.mailscanner@lists.mailscanner.info>

So I think I figured out my 'issue'.  Basically, I can't seem to get my RBL's to work, either with Sendmail, OR with MS.  If I go into the details of a MS message using MailWatch..the email always shows as coming from 127.0.0.1  So MS isn't aware of where the email *actually* came from, therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1 only, its IP address only, as well as both.    (this server is configured as a relay via mailertable, to push all email back onto our corporate mail server).   FYI, I'm now upgraded to MS 4-33.3

When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its listening on the 'real' interface.  The issue is that I am using Trend Interscan Viruswall, along with its eManager (file blocking).  What I *want* is for mail to come in, get accepted by the *real* sendmail, go through the Trend virus and file checks, THEN pass it to MailScanner, and do ITS checks.  I figured that binding sendmail to the real IP would do this...but it doesn't.   I know I can get MS to use the Trend virus scanner, but I still want to have the file attachment checking done by trends eManager as it has a great web based GUI that our helpdesk uses. So I need it in there.   Plus I'd rather have sendmail do the RBL's and reject email there, so it doesn't even have to get passed to MS and take longer.

any ideas?  I think essentially what I need to do is have sendmail listen on the real IP address, do its Trend stuff as well as RBL's via sendmail, and then pass it to MS, but via smtp.  So really MS no longer hooks into sendmail...it just sits beside it.  Or am I missing the boat here? (quite possible :)

thanks
Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 21 18:58:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2291.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:49 21/09/2004, you wrote:
>So I think I figured out my 'issue'.  Basically, I can't seem to get my
>RBL's to work, either with Sendmail, OR with MS.  If I go into the details
>of a MS message using MailWatch..the email always shows as coming from
>127.0.0.1  So MS isn't aware of where the email *actually* came from,
>therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1
>only, its IP address only, as well as both.    (this server is configured
>as a relay via mailertable, to push all email back onto our corporate mail
>server).   FYI, I'm now upgraded to MS 4-33.3
>
>When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its
>listening on the 'real' interface.  The issue is that I am using Trend
>Interscan Viruswall, along with its eManager (file blocking).  What I
>*want* is for mail to come in, get accepted by the *real* sendmail, go
>through the Trend virus and file checks, THEN pass it to MailScanner, and
>do ITS checks.  I figured that binding sendmail to the real IP would do
>this...but it doesn't.   I know I can get MS to use the Trend virus
>scanner, but I still want to have the file attachment checking done by
>trends eManager as it has a great web based GUI that our helpdesk uses. So
>I need it in there.   Plus I'd rather have sendmail do the RBL's and
>reject email there, so it doesn't even have to get passed to MS and take
>longer.
>
>any ideas?  I think essentially what I need to do is have sendmail listen
>on the real IP address, do its Trend stuff as well as RBL's via sendmail,
>and then pass it to MS, but via smtp.  So really MS no longer hooks into
>sendmail...it just sits beside it.  Or am I missing the boat here? (quite
>possible :)

Get the Trend stuff to output on 127.0.0.1 port 26, and have MailScanner's
incoming sendmail instance listen on 127.0.0.1 port 26. It won't be able to
do its RBL check (as it was received from the remote host by Trend and not
MailScanner) but everything else should work. Don't try to bind different
things to the same port on different instances. It may be possible in
theory, but I wouldn't guarantee you can actually make it work.

For the above 26 is a random number closely related to 25. Feel free to use
any unused port number you have lying around :-) ("netstat -an" is your
friend)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Tue Sep 21 19:10:34 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:57 2006
Subject: Double filename/extension query
Message-ID: <mailman.2292.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Michele Neylon :: Blacknight Solutions wrote:

>Up until now we've never had any issues with blocking double file extensions
>using the default ruleset.
>Unfortunately one of our more important clients gets files every morning
>from a call center in the format:
>
>20Sep04-20Sep04.txt.eee
>
>"file" tells me:
>20Sep04-20Sep04.txt.eee: data
>
>(I'd love to know what is producing them....)
>
>The problem is this. How can I allow these filenames to be delivered to our
>client BUT disallow them from all others?
>
>I know it can be done via a ruleset, but I've only ever used them for
>whitelist/blacklist/signature type things
>Should I call it like:
>MailScanner.conf
>Filename Rules = %etc-dir%/filename.rules
>
>In filename.rules
>What do I put in here?
>
>filename.rules.conf  << - do I leave that as is?
>
>
I've had to do this for filetype.rules.conf for Russian text:

You have two different filename.rules.conf files (filename.rules.conf
and something like filename.rules.eee.conf)

Filename Rules = %rules-dir%/Filename.rules

In %rules-dir%/Filename.rules:

From:   ImportantClient@eee.com
/opt/MailScanner/etc/filename.rules.eee.conf
FromOrTo:   default   /opt/MailScanner/etc/filename.rules.conf

This works for me, hope it works for you.

Dustin
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Tue Sep 21 19:12:40 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:57 2006
Subject: Double filename/extension query
Message-ID: <mailman.2293.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dustin Baer wrote:

> You have two different filename.rules.conf files (filename.rules.conf
> and something like filename.rules.eee.conf)

Then obviously in the filename.rules.eee.conf, you allow that filename.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELKNET.NET  Tue Sep 21 20:00:04 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2294.1137101217.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 14:57:45 +0100, Kevin Spicer <kevins@BMRB.CO.UK> wrote:

>I think I would probably have tried the 5.6.1 rpm for RH 7.3 from
>fedoralegacy before compiling from source, but if its working now...

Kevin (and others),
Okay this suggestion is the route I took this morning. I had cloned the hard
drive before starting this upgrade, so I went back to my working version and
started over...

This time I installed 5.6.1 from rpm. The install went well. Then I
reinstalled MS (rpm distro) using install.sh Again, all went well...

But then I ran 'MailScanner -V' and got this error:

Can't locate MIME/Decoder/BinHex.pm in @INC (@INC contains:
/usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1
/usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1
/usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux
/usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .
/usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 42.

Note that BinHex.pm is installed:

# find / -name BinHex.pm
/usr/lib/perl5/site_perl/5.6.1/Convert/BinHex.pm

But its not in the @INC path listed above. I don't know why its not in the
path, nor how to fix it.

Thanks for any help! (And I am talking close notes for the future)

-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 21 20:08:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2295.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:00 21/09/2004, you wrote:

>But then I ran 'MailScanner -V' and got this error:
>
>Can't locate MIME/Decoder/BinHex.pm in @INC (@INC contains:
>/usr/lib/MailScanner /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1
>/usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1
>/usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux
>/usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .
>/usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Message.pm line 42.
>
>Note that BinHex.pm is installed:
>
># find / -name BinHex.pm
>/usr/lib/perl5/site_perl/5.6.1/Convert/BinHex.pm

You found Convert::BinHex, it was looking for MIME::Decoder::BinHex which
is part of MIME-tools. Re-run install.sh and take particular attention when
it tries to install MIME-tools. For some reason that failed.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent.bolin at gmail.com  Tue Sep 21 20:17:58 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:57 2006
Subject: Using mailwatch with mailscanner and releasing spam
Message-ID: <mailman.2296.1137101217.24926.mailscanner@lists.mailscanner.info>

Hi All,

Recently started using mailwatch with mailscanner.  One of the main
reasons for this is to release good mail that was tagged as spam using
a web interface.

Under  "recent message" shows email's.  You can click on the link to
view details, however there is no option to  release the mail.

Under "quarantine" there are links  for every day of the week.  You
can click on the link to view messages for that day.  You can then
click on the message to see the details.  You can then release the
message if you want.

The messages that are under "quarantine" are located in the following directory

/var/spool/MailScanner/quarantine/20040921

Files are listed as i*

The spam tagged messages are located in the following directory

/var/spool/MailScanner/quarantine/20040921/spam

files are listed as qf* and df*

I believe mailwatch can do this.  Do I have something missconfigured
in MailScanner.conf or mailwatch ?

Any input would be appreciated.

btb

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From smlists at shaw.ca  Tue Sep 21 20:36:45 2004
From: smlists at shaw.ca (Steve Mason)
Date: Thu Jan 12 21:26:57 2006
Subject: Using mailwatch with mailscanner and releasing spam
Message-ID: <mailman.2297.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hmm, not sure where my last reply went, I'll try again..
You need to tell Mailscanner to store spam, in addition to what you're
doing now.  In my case low scoring spam was forwarded to
junkmail@mydomain, so I added store, forward to the Spam Actions.
High Scoring is store, delete.
You can also uncomment clean.quarantine in your cron.daily to keep the
quarantine from getting too big.

Steve

BB wrote:

>Hi All,
>
>Recently started using mailwatch with mailscanner.  One of the main
>reasons for this is to release good mail that was tagged as spam using
>a web interface.
>
>Under  "recent message" shows email's.  You can click on the link to
>view details, however there is no option to  release the mail.
>
>Under "quarantine" there are links  for every day of the week.  You
>can click on the link to view messages for that day.  You can then
>click on the message to see the details.  You can then release the
>message if you want.
>
>The messages that are under "quarantine" are located in the following directory
>
>/var/spool/MailScanner/quarantine/20040921
>
>Files are listed as i*
>
>The spam tagged messages are located in the following directory
>
>/var/spool/MailScanner/quarantine/20040921/spam
>
>files are listed as qf* and df*
>
>I believe mailwatch can do this.  Do I have something missconfigured
>in MailScanner.conf or mailwatch ?
>
>Any input would be appreciated.
>
>btb
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From devonharding at gmail.com  Tue Sep 21 22:47:54 2004
From: devonharding at gmail.com (Devon Harding)
Date: Thu Jan 12 21:26:57 2006
Subject: Whitelist from Mailwatch?
Message-ID: <mailman.2298.1137101217.24926.mailscanner@lists.mailscanner.info>

Is this possible? to whitelist a message tagged as SPAM from mailwatch?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at WEBGUSTO.COM  Wed Sep 22 01:48:43 2004
From: admin at WEBGUSTO.COM (Bill Sholar - WebGusto)
Date: Thu Jan 12 21:26:57 2006
Subject: From and to in whitelist
Message-ID: <mailman.2299.1137101217.24926.mailscanner@lists.mailscanner.info>

That worked -- thanks!

-----Original Message-----
...
I believe the rule should be:

From: *ebay.com and to: user@domain.com yes

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Wed Sep 22 03:07:50 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:57 2006
Subject: Whitelist from Mailwatch?
Message-ID: <mailman.2300.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Devon Harding wrote:
> Is this possible? to whitelist a message tagged as SPAM from mailwatch?

What do you mean?

You can whitelist the user from which mailwatch sends an e-mail (like
www or apache) or 127.0.0.1

>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From damian at SCIENCE.NUS.EDU.SG  Wed Sep 22 04:51:13 2004
From: damian at SCIENCE.NUS.EDU.SG (Damian Chia)
Date: Thu Jan 12 21:26:57 2006
Subject: Debian Packages
Message-ID: <mailman.2301.1137101217.24926.mailscanner@lists.mailscanner.info>

Hi,

I had been trying to install Mailscanner 4.33-2 on Debian, but I kept
getting the follow error.

Unpacking mailscanner (from .../mailscanner_4.33.3-2_all.deb) ...
/var/lib/dpkg/tmp.ci/preinst: db_get: command not found
dpkg: error processing
/var/cache/apt/archives/mailscanner_4.33.3-2_all.deb (--unpack):
 subprocess pre-installation script returned error exit status 127
Errors were encountered while processing:
 /var/cache/apt/archives/mailscanner_4.33.3-2_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Any advice on what could be the problem?

Thanks and rgds,
Damian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Sep 22 07:44:34 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2302.1137101217.24926.mailscanner@lists.mailscanner.info>

Julian et al

Downloaded MailScanner-4.34.4-1BETA yesterday and installed it on one of
our 8 production mail gateway. This gateway handles >32K incoming
messages/day (>45K connections/day). It has been running OK for the last
16 hours.

I used the version for RedHat Linux. No apparent installation problems.
The box was previously running MailScanner-4.31.6-1.

This mail gateway is a DELL 2550 running RedHat AS3 with

  Sendmail 8.12.10 + SA 2.63 + McAfee + Sophos

We have 36 MS rules files with the largest containing 2054 entries
(spam.whitelist.rules).

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep 22 08:39:20 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2303.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks for this info.

I just downloaded and installed it too (completely new install on a plain
vanilla box) of TaoLinux (RHEL 3.0 rebuild).

The install of MailScanner failed with :
error: Failed dependencies:
         perl-MIME-tools >= 5.412 is needed by mailscanner-4.34.4-1

rpmbuild reveals this for the perl-MIME-tools:
Warning: prerequisite MIME::QuotedPrint 3.03 not found. We have 2.03.

and this:
         Test returned status 2 (wstat 512, 0x200)
t/Words..........MIME::QuotedPrint version 3.03 required--this is only
version 2.03 at
/usr/src/redhat/BUILD/MIME-tools-5.413/blib/lib/MIME/Words.pm line 86.

No package called MIME::QuotedPrint is included in the tarball




On Wed, 22 Sep 2004, Quentin Campbell wrote:

> Julian et al
>
> Downloaded MailScanner-4.34.4-1BETA yesterday and installed it on one of
> our 8 production mail gateway. This gateway handles >32K incoming
> messages/day (>45K connections/day). It has been running OK for the last
> 16 hours.
>
> I used the version for RedHat Linux. No apparent installation problems.
> The box was previously running MailScanner-4.31.6-1.
>
> This mail gateway is a DELL 2550 running RedHat AS3 with
>
>  Sendmail 8.12.10 + SA 2.63 + McAfee + Sophos
>
> We have 36 MS rules files with the largest containing 2054 entries
> (spam.whitelist.rules).
>
> Quentin
> ---
> PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                           University of Newcastle,
>                           Newcastle upon Tyne,
> FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
> ------------------------------------------------------------------------
> "Any opinion expressed above is mine. The University can get its own."
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 09:03:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2304.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
MIME::QuotedPrint is part of MIME::Base64.

I wonder why it didn't install the new MIME::Base64 for you. Are there any
errors in the output from install.sh that point towards the cause?

At 08:39 22/09/2004, you wrote:
>Thanks for this info.
>
>I just downloaded and installed it too (completely new install on a plain
>vanilla box) of TaoLinux (RHEL 3.0 rebuild).
>
>The install of MailScanner failed with :
>error: Failed dependencies:
>         perl-MIME-tools >= 5.412 is needed by mailscanner-4.34.4-1
>
>rpmbuild reveals this for the perl-MIME-tools:
>Warning: prerequisite MIME::QuotedPrint 3.03 not found. We have 2.03.
>
>and this:
>         Test returned status 2 (wstat 512, 0x200)
>t/Words..........MIME::QuotedPrint version 3.03 required--this is only
>version 2.03 at
>/usr/src/redhat/BUILD/MIME-tools-5.413/blib/lib/MIME/Words.pm line 86.
>
>No package called MIME::QuotedPrint is included in the tarball
>
>
>
>
>On Wed, 22 Sep 2004, Quentin Campbell wrote:
>
>>Julian et al
>>
>>Downloaded MailScanner-4.34.4-1BETA yesterday and installed it on one of
>>our 8 production mail gateway. This gateway handles >32K incoming
>>messages/day (>45K connections/day). It has been running OK for the last
>>16 hours.
>>
>>I used the version for RedHat Linux. No apparent installation problems.
>>The box was previously running MailScanner-4.31.6-1.
>>
>>This mail gateway is a DELL 2550 running RedHat AS3 with
>>
>>  Sendmail 8.12.10 + SA 2.63 + McAfee + Sophos
>>
>>We have 36 MS rules files with the largest containing 2054 entries
>>(spam.whitelist.rules).
>>
>>Quentin
>>---
>>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>>                           University of Newcastle,
>>                           Newcastle upon Tyne,
>>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>>------------------------------------------------------------------------
>>"Any opinion expressed above is mine. The University can get its own."
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From damian at SCIENCE.NUS.EDU.SG  Wed Sep 22 09:22:28 2004
From: damian at SCIENCE.NUS.EDU.SG (damian)
Date: Thu Jan 12 21:26:57 2006
Subject: Debian MailScanner Package 4.33-2
Message-ID: <mailman.2305.1137101217.24926.mailscanner@lists.mailscanner.info>

Hi,

I tried to do an apt-get for the Debian Packages, but ti return me with
the following error.


debianmail:/etc/init.d# apt-get install mailscanner
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
  clamav f-prot-installer libnet-ldap-perl
The following NEW packages will be installed:
  mailscanner
0 upgraded, 1 newly installed, 0 to remove and 415 not upgraded.
9 not fully installed or removed.
Need to get 0B/815kB of archives.
After unpacking 4485kB of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 48781 files and directories currently installed.)
Unpacking mailscanner (from .../mailscanner_4.33.3-2_all.deb) ...
/var/lib/dpkg/tmp.ci/preinst: db_get: command not found
dpkg: error processing
/var/cache/apt/archives/mailscanner_4.33.3-2_all.deb (--u
 subprocess pre-installation script returned error exit status 127
Errors were encountered while processing:
 /var/cache/apt/archives/mailscanner_4.33.3-2_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)



Any advise what could be wrong?

Thanks and regards,
Damian
--
damian <damian@science.nus.edu.sg>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep 22 09:55:31 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2306.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sorry, didn't keep a log of the install.sh

I just did rpmbuild --rebuild perl-MIME-Base64-3.03-1.src.rpm (guess
that's ok)

and
rpm -Uvh /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm

which gives this output:
         file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm
from install of perl-MIME-Base64-3.03-1 conflicts with file from package
perl-5.8.0-88.7
         file
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/QuotedPrint.pm from
install of perl-MIME-Base64-3.03-1 conflicts with file from package
perl-5.8.0-88.7
         file
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/MIME/Base64/Base64.so
from install of perl-MIME-Base64-3.03-1 conflicts with file from package
perl-5.8.0-88.7
         file /usr/share/man/man3/MIME::Base64.3pm.gz from install of
perl-MIME-Base64-3.03-1 conflicts with file from package perl-5.8.0-88.7
         file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of
perl-MIME-Base64-3.03-1 conflicts with file from package perl-5.8.0-88.7


Hope it makes sense (it doesn't to me) :)


On Wed, 22 Sep 2004, Julian Field wrote:

> MIME::QuotedPrint is part of MIME::Base64.
>
> I wonder why it didn't install the new MIME::Base64 for you. Are there any
> errors in the output from install.sh that point towards the cause?
>
> At 08:39 22/09/2004, you wrote:
>> Thanks for this info.
>>
>> I just downloaded and installed it too (completely new install on a plain
>> vanilla box) of TaoLinux (RHEL 3.0 rebuild).
>>
>> The install of MailScanner failed with :
>> error: Failed dependencies:
>> perl-MIME-tools >= 5.412 is needed by mailscanner-4.34.4-1
>>
>> rpmbuild reveals this for the perl-MIME-tools:
>> Warning: prerequisite MIME::QuotedPrint 3.03 not found. We have 2.03.
>>
>> and this:
>>         Test returned status 2 (wstat 512, 0x200)
>> t/Words..........MIME::QuotedPrint version 3.03 required--this is only
>> version 2.03 at
>> /usr/src/redhat/BUILD/MIME-tools-5.413/blib/lib/MIME/Words.pm line 86.
>>
>> No package called MIME::QuotedPrint is included in the tarball
>>
>>
>>
>>
>> On Wed, 22 Sep 2004, Quentin Campbell wrote:
>>
>>> Julian et al
>>>
>>> Downloaded MailScanner-4.34.4-1BETA yesterday and installed it on one of
>>> our 8 production mail gateway. This gateway handles >32K incoming
>>> messages/day (>45K connections/day). It has been running OK for the last
>>> 16 hours.
>>>
>>> I used the version for RedHat Linux. No apparent installation problems.
>>> The box was previously running MailScanner-4.31.6-1.
>>>
>>> This mail gateway is a DELL 2550 running RedHat AS3 with
>>>
>>> Sendmail 8.12.10 + SA 2.63 + McAfee + Sophos
>>>
>>> We have 36 MS rules files with the largest containing 2054 entries
>>> (spam.whitelist.rules).
>>>
>>> Quentin
>>> ---
>>> PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>>> University of Newcastle,
>>> Newcastle upon Tyne,
>>> FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>>> ------------------------------------------------------------------------
>>> "Any opinion expressed above is mine. The University can get its own."
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 10:07:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2307.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You need to
rpm -Uvh --force /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm

At 09:55 22/09/2004, you wrote:
>Sorry, didn't keep a log of the install.sh
>
>I just did rpmbuild --rebuild perl-MIME-Base64-3.03-1.src.rpm (guess
>that's ok)
>
>and
>rpm -Uvh /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm
>
>which gives this output:
>         file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm
>from install of perl-MIME-Base64-3.03-1 conflicts with file from package
>perl-5.8.0-88.7

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Sep 22 11:37:19 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2308.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Thanks, that allowed MailScanner to install, all modules seem to be
present when doing MailScanner -v.

One question about install-Clam-SA:

Atthe start of the scripty is this message.
You must have installed the RPM containing the "db" library
before you try to run this script. You should find this on
your Linux distribution CDs or DVD.
If you do not have this installed, this script WILL fail.
Press Ctrl-C now to stop this script.

Which "db" library is meant?

I have this on the box:
[root@linux root]# rpm -qa | grep db
gdbm-1.8.0-20
gdbm-devel-1.8.0-20
db4-4.1.25-8
db4-devel-4.1.25-8
clamav-db-0.75.1-1.dag
gdb-6.1post-1.20040607.17
rpmdb-tao-1.3E.1-0.20040601
db4-utils-4.1.25-8



On Wed, 22 Sep 2004, Julian Field wrote:

> You need to
> rpm -Uvh --force /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm
>
> At 09:55 22/09/2004, you wrote:
>> Sorry, didn't keep a log of the install.sh
>>
>> I just did rpmbuild --rebuild perl-MIME-Base64-3.03-1.src.rpm (guess
>> that's ok)
>>
>> and
>> rpm -Uvh /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm
>>
>> which gives this output:
>>         file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm
>> from install of perl-MIME-Base64-3.03-1 conflicts with file from package
>> perl-5.8.0-88.7
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 12:31:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2309.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:37 22/09/2004, you wrote:
>One question about install-Clam-SA:
>
>Atthe start of the scripty is this message.
>You must have installed the RPM containing the "db" library
>before you try to run this script. You should find this on
>your Linux distribution CDs or DVD.
>If you do not have this installed, this script WILL fail.
>Press Ctrl-C now to stop this script.
>
>Which "db" library is meant?
>
>I have this on the box:
>[root@linux root]# rpm -qa | grep db
>gdbm-1.8.0-20
>gdbm-devel-1.8.0-20
>db4-4.1.25-8
>db4-devel-4.1.25-8

That one, db4. Not all systems call it quite the same thing, as it is
actually version 4 of a library called "db", not of a library called "db4".
But using that naming scheme allows them to have both versions 3 and 4 on
the machine at the same time.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at blacknightsolutions.com  Wed Sep 22 13:03:58 2004
From: michele at blacknightsolutions.com (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:57 2006
Subject: FW: ANNOUNCE: SpamAssassin 3.0.0 is released
Message-ID: <mailman.2310.1137101217.24926.mailscanner@lists.mailscanner.info>

Daniel Quinlan wrote:
> Apache Software Foundation Announces SpamAssassin 3.0 Release
>
> Forest Hill, MD - September 22, 2004 -- The Apache Software
> Foundation is pleased to announce the release of SpamAssassin
> 3.0.  SpamAssassin 3.0 contains a number of new technologies
> designed to protect against the changing techniques used by
> spammers.  This is the first SpamAssassin release as an
> Apache Software Foundation project and under the Apache
> License.  The release is available from the Apache
> SpamAssassin web site
> (http://spamassassin.apache.org/) via the Apache mirror network.
>
> SpamAssassin 3.0 delivers many new features including support
> for sender authentication using the Sender Policy Framework
> (SPF), checking for web links of known spam advertisers, a
> modular plugin architecture, improved SQL database support
> for storing user data in server installations, and improved email
> classification.
>
> SpamAssassin's practical multi-technique approach,
> modularity, and extensibility continue to give it an
> advantage over other anti-spam systems.  Due to these
> advantages, SpamAssassin is widely used in all aspects of
> email management.  You can readily find SpamAssassin in use
> in both email clients and servers, on many different
> operating systems, filtering incoming as well as outgoing
> email, and implementing a very broad range of policy actions.
>  These installations include service providers, businesses,
> not-for-profit and educational organizations, and end-user
> systems.  SpamAssassin also forms the basis for numerous
> commercial anti-spam products available on the market today.
>
> About SpamAssassin
>
> SpamAssassin is an intelligent email filter which uses a
> diverse range of tests to identify unsolicited bulk email,
> more commonly known as "spam".
> These tests are applied to email headers and content to
> classify email using advanced statistical methods.  In
> addition, SpamAssassin has a modular architecture that allows
> other technologies to be quickly wielded against spam and is
> designed for easy integration into virtually any email system.
>
> About the Apache Software Foundation
>
> The Apache Software Foundation provides organizational,
> legal, and financial support for a broad range of open source
> software projects.  As a US 501(c)(3) public charity, the
> Foundation provides an established framework for
> contributions of both intellectual property and funding for
> the support of open source software development.  Through a
> collaborative and meritocratic development process, Apache
> projects deliver enterprise-grade, freely available software
> products for the public benefit, attracting large communities
> of users and enabling future innovation, both commercial and
> individual, through its pragmatic Apache License.
>
> Press Contact:
>
>   press@apache.org
>
> --
> Daniel Quinlan                     ApacheCon! 13-17 November (3
> SpamAssassin http://www.pathname.com/~quinlan/
> http://www.apachecon.com/ sessions & more)



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at barendse.to  Wed Sep 22 13:14:55 2004
From: mailscanner at barendse.to (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2311.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 22 Sep 2004, Julian Field wrote:

> At 11:37 22/09/2004, you wrote:
>> One question about install-Clam-SA:
>>
>> Atthe start of the scripty is this message.
>> You must have installed the RPM containing the "db" library
>> before you try to run this script. You should find this on
>> your Linux distribution CDs or DVD.
>> If you do not have this installed, this script WILL fail.
>> Press Ctrl-C now to stop this script.
>>
>> Which "db" library is meant?
>>
>> I have this on the box:
>> [root@linux root]# rpm -qa | grep db
>> gdbm-1.8.0-20
>> gdbm-devel-1.8.0-20
>> db4-4.1.25-8
>> db4-devel-4.1.25-8
>
> That one, db4. Not all systems call it quite the same thing, as it is
> actually version 4 of a library called "db", not of a library called "db4".
> But using that naming scheme allows them to have both versions 3 and 4 on
> the machine at the same time.

Thanks :)

Maybe a short comment could be added to it that db3- or db4- should be ok
for people totally clueless (like me) :)





> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Wed Sep 22 13:18:54 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: Feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2312.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just found module that is not being reported by MailScanner -v when I try
to install spamass from install-clam-sa

error: Failed dependencies:
         perl(DBI) is needed by perl-Mail-SpamAssassin-3.0.0-rc5.1

Could this be added to the MailScanner -v list too?

Thx!


On Wed, 22 Sep 2004, Julian Field wrote:

> At 11:37 22/09/2004, you wrote:
>> One question about install-Clam-SA:
>>
>> Atthe start of the scripty is this message.
>> You must have installed the RPM containing the "db" library
>> before you try to run this script. You should find this on
>> your Linux distribution CDs or DVD.
>> If you do not have this installed, this script WILL fail.
>> Press Ctrl-C now to stop this script.
>>
>> Which "db" library is meant?
>>
>> I have this on the box:
>> [root@linux root]# rpm -qa | grep db
>> gdbm-1.8.0-20
>> gdbm-devel-1.8.0-20
>> db4-4.1.25-8
>> db4-devel-4.1.25-8
>
> That one, db4. Not all systems call it quite the same thing, as it is
> actually version 4 of a library called "db", not of a library called "db4".
> But using that naming scheme allows them to have both versions 3 and 4 on
> the machine at the same time.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at wrha.mb.ca  Wed Sep 22 13:26:29 2004
From: mkehler at wrha.mb.ca (Matt Kehler)
Date: Thu Jan 12 21:26:57 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2313.1137101217.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/21/04 12:58PM >>>
At 18:49 21/09/2004, you wrote:
>So I think I figured out my 'issue'.  Basically, I can't seem to get my
>RBL's to work, either with Sendmail, OR with MS.  If I go into the details
>of a MS message using MailWatch..the email always shows as coming from
>127.0.0.1  So MS isn't aware of where the email *actually* came from,
>therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1
>only, its IP address only, as well as both.    (this server is configured
>as a relay via mailertable, to push all email back onto our corporate mail
>server).   FYI, I'm now upgraded to MS 4-33.3
>
>When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its
>listening on the 'real' interface.  The issue is that I am using Trend
>Interscan Viruswall, along with its eManager (file blocking).  What I
>*want* is for mail to come in, get accepted by the *real* sendmail, go
>through the Trend virus and file checks, THEN pass it to MailScanner, and
>do ITS checks.  I figured that binding sendmail to the real IP would do
>this...but it doesn't.   I know I can get MS to use the Trend virus
>scanner, but I still want to have the file attachment checking done by
>trends eManager as it has a great web based GUI that our helpdesk uses. So
>I need it in there.   Plus I'd rather have sendmail do the RBL's and
>reject email there, so it doesn't even have to get passed to MS and take
>longer.
>
>any ideas?  I think essentially what I need to do is have sendmail listen
>on the real IP address, do its Trend stuff as well as RBL's via sendmail,
>and then pass it to MS, but via smtp.  So really MS no longer hooks into
>sendmail...it just sits beside it.  Or am I missing the boat here? (quite
>possible :)

>>Get the Trend stuff to output on 127.0.0.1 port 26, and have MailScanner's
>>incoming sendmail instance listen on 127.0.0.1 port 26. It won't be able to
>>do its RBL check (as it was received from the remote host by Trend and not
>>MailScanner) but everything else should work. Don't try to bind different
>>things to the same port on different instances. It may be possible in
>>theory, but I wouldn't guarantee you can actually make it work.

>>For the above 26 is a random number closely related to 25. Feel free to use
>>any unused port number you have lying around :-) ("netstat -an" is your
>>friend)
>>--
>>Julian Field

Thanks Julian.  I'm guessing I can just change the port that trend will listen on via sendmail.cf since Trend calls that anyways I believe (ie, something like DAEMON_OPTIONS(`Port=26, Name=MTA')dnl

What about MailScanner?  Do I need to do it via Sendmail.pm or something? I looked through all the files but couldn't really find anything obvious.

thx
Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at barendse.to  Wed Sep 22 13:42:48 2004
From: mailscanner at barendse.to (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2314.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Now that MailScanner reports which modules are missing to get
SpamAssassin 3 working I will have another go at having the rpm version
installed.

After installing several extra perl modules that were included with the
distro I still have these open:


Net::LDAP
This module is not included in my distro, nor is it included in the
install-CLAM-SA tarball.


perl-Digest-MD5
Is not updated with the rpm from the package. Rebuilding the rpm and then
trying to rpm -Uvh gives this error:
         file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm
from install of perl-Digest-MD5-2.33-1 conflicts with file from package
perl-5.8.0-88.7


perl-Net-DNS-0.48-1
Is not updated with the rpm from the package. Rebuilding the rpm and then
trying to rpm -Uvh gives this error:
error: Failed dependencies:
         perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1


missing SAVI
This module is not included in my distro, nor is it included in the
install-CLAM-SA tarball.


perl-Sys-Hostname-Long
Is not installed from the rpm in the tarball. Rebuilding the rpm
and then trying to rpm -ivh gives this error:
error: Failed dependencies:
         perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1


All input is welcome :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From devonharding at gmail.com  Wed Sep 22 14:06:36 2004
From: devonharding at gmail.com (Devon Harding)
Date: Thu Jan 12 21:26:57 2006
Subject: Whitelist from Mailwatch?
Message-ID: <mailman.2315.1137101217.24926.mailscanner@lists.mailscanner.info>

I mean, there should be an option, like releasing quarantine, to
whitelist.  Is this a feature that could be added?


On Tue, 21 Sep 2004 22:07:50 -0400, Ugo Bellavance <ugob@camo-route.com> wrote:
>
>
> Devon Harding wrote:
> > Is this possible? to whitelist a message tagged as SPAM from mailwatch?
>
> What do you mean?
>
> You can whitelist the user from which mailwatch sends an e-mail (like
> www or apache) or 127.0.0.1
>
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 22 14:09:22 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2316.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco

could always install the things from CPAN..

or would that break all the RM based stuff?

also is it just me (!) or do alot of people have problems with RPM
installed perl modules, rather than hand/CPAN installed flavours?

If this is the case then maybe we should be encouraging people to
install any modules via CPAN rather than RPM????

just a random post lunchtime thought...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Remco Barendse wrote:
> Now that MailScanner reports which modules are missing to get
> SpamAssassin 3 working I will have another go at having the rpm version
> installed.
>
> After installing several extra perl modules that were included with the
> distro I still have these open:
>
>
> Net::LDAP
> This module is not included in my distro, nor is it included in the
> install-CLAM-SA tarball.
>
>
> perl-Digest-MD5
> Is not updated with the rpm from the package. Rebuilding the rpm and then
> trying to rpm -Uvh gives this error:
>         file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm
> from install of perl-Digest-MD5-2.33-1 conflicts with file from package
> perl-5.8.0-88.7
>
>
> perl-Net-DNS-0.48-1
> Is not updated with the rpm from the package. Rebuilding the rpm and then
> trying to rpm -Uvh gives this error:
> error: Failed dependencies:
>         perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1
>
>
> missing SAVI
> This module is not included in my distro, nor is it included in the
> install-CLAM-SA tarball.
>
>
> perl-Sys-Hostname-Long
> Is not installed from the rpm in the tarball. Rebuilding the rpm
> and then trying to rpm -ivh gives this error:
> error: Failed dependencies:
>         perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>
>
> All input is welcome :)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at elknet.net  Wed Sep 22 14:23:49 2004
From: mailscanner at elknet.net (Alan)
Date: Thu Jan 12 21:26:57 2006
Subject: Install error after updating perl
Message-ID: <mailman.2317.1137101217.24926.mailscanner@lists.mailscanner.info>

On Tue, 21 Sep 2004 20:08:33 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>You found Convert::BinHex, it was looking for MIME::Decoder::BinHex which
>is part of MIME-tools. Re-run install.sh and take particular attention when
>it tries to install MIME-tools. For some reason that failed.

Thanks! That helped alot!
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From devonharding at gmail.com  Wed Sep 22 14:38:19 2004
From: devonharding at gmail.com (Devon Harding)
Date: Thu Jan 12 21:26:57 2006
Subject: SpamAssassin 3 & MS 4.33.3?
Message-ID: <mailman.2318.1137101217.24926.mailscanner@lists.mailscanner.info>

Is SpamAssassin 3 supported in MailScanner 4.33.3?  Or will I have to
upgrade to 4.34?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at herefordshire.gov.uk  Wed Sep 22 14:47:11 2004
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jan 12 21:26:57 2006
Subject: SpamAssassin 3 & MS 4.33.3?
Message-ID: <mailman.2319.1137101217.24926.mailscanner@lists.mailscanner.info>

Devon Harding wrote:

> Is SpamAssassin 3 supported in MailScanner 4.33.3?  Or will I have to
> upgrade to 4.34?

Q1: Yes.
Q2: No.

Good luck,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at wrha.mb.ca  Wed Sep 22 14:56:38 2004
From: mkehler at wrha.mb.ca (Matt Kehler)
Date: Thu Jan 12 21:26:57 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2320.1137101217.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/21/04 12:58PM >>>
At 18:49 21/09/2004, you wrote:
>So I think I figured out my 'issue'.  Basically, I can't seem to get my
>RBL's to work, either with Sendmail, OR with MS.  If I go into the details
>of a MS message using MailWatch..the email always shows as coming from
>127.0.0.1  So MS isn't aware of where the email *actually* came from,
>therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1
>only, its IP address only, as well as both.    (this server is configured
>as a relay via mailertable, to push all email back onto our corporate mail
>server).   FYI, I'm now upgraded to MS 4-33.3
>
>When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its
>listening on the 'real' interface.  The issue is that I am using Trend
>Interscan Viruswall, along with its eManager (file blocking).  What I
>*want* is for mail to come in, get accepted by the *real* sendmail, go
>through the Trend virus and file checks, THEN pass it to MailScanner, and
>do ITS checks.  I figured that binding sendmail to the real IP would do
>this...but it doesn't.   I know I can get MS to use the Trend virus
>scanner, but I still want to have the file attachment checking done by
>trends eManager as it has a great web based GUI that our helpdesk uses. So
>I need it in there.   Plus I'd rather have sendmail do the RBL's and
>reject email there, so it doesn't even have to get passed to MS and take
>longer.
>
>any ideas?  I think essentially what I need to do is have sendmail listen
>on the real IP address, do its Trend stuff as well as RBL's via sendmail,
>and then pass it to MS, but via smtp.  So really MS no longer hooks into
>sendmail...it just sits beside it.  Or am I missing the boat here? (quite
>possible :)

>>Get the Trend stuff to output on 127.0.0.1 port 26, and have MailScanner's
>>incoming sendmail instance listen on 127.0.0.1 port 26. It won't be able to
>>do its RBL check (as it was received from the remote host by Trend and not
>>MailScanner) but everything else should work. Don't try to bind different
>>things to the same port on different instances. It may be possible in
>>theory, but I wouldn't guarantee you can actually make it work.

>>For the above 26 is a random number closely related to 25. Feel free to use
>>any unused port number you have lying around :-) ("netstat -an" is your
>>friend)
>>--
>>Julian Field

Okay, some mad reading later, I have come up with this plan to essentially build a sendmail-interscan-MS sandwich.  Thoughts?

- change the sendmail config.... ie, /etc/sendmail.cf to output to port 10024 via the define(`ESMTP_MAILER_ARGS~, define(RELAY_MAILER_ARGS~ , etc etc.
- change Trend Interscan to daemon mode, listen on localhost port 10024, and output on port 10025 (via editing of the intscan.ini itself that the program uses)
- change the MailScanner incoming instance to listen on 10025 via editing the MailScanner startup script.  I'm assuming I'll have to change, under the 'incoming sendmail' line

$SENDMAIL -bd -OPrivacyOptions=noetrn \
                      -ODeliveryMode=queueonly \
                      -OQueueDirectory=$INQDIR \
                      -OPidFile=$INPID

....to include a -C sendmail.listen.on.10025.cf

, where the above file is essentially my original sendmail.cf file, but with the 'DAEMON_OPTIONS' set to listen on port 10025

Does that pretty much sum it up?

Matt








This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 15:01:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2321.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I am now running SpamAssassin 3.0.0 on my production servers, having just
upgraded from the last release candidate. Everything is working fine.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 15:03:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2322.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:26 22/09/2004, you wrote:
> >>> mailscanner@ECS.SOTON.AC.UK 09/21/04 12:58PM >>>
>At 18:49 21/09/2004, you wrote:
> >So I think I figured out my 'issue'.  Basically, I can't seem to get my
> >RBL's to work, either with Sendmail, OR with MS.  If I go into the details
> >of a MS message using MailWatch..the email always shows as coming from
> >127.0.0.1  So MS isn't aware of where the email *actually* came from,
> >therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1
> >only, its IP address only, as well as both.    (this server is configured
> >as a relay via mailertable, to push all email back onto our corporate mail
> >server).   FYI, I'm now upgraded to MS 4-33.3
> >
> >When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its
> >listening on the 'real' interface.  The issue is that I am using Trend
> >Interscan Viruswall, along with its eManager (file blocking).  What I
> >*want* is for mail to come in, get accepted by the *real* sendmail, go
> >through the Trend virus and file checks, THEN pass it to MailScanner, and
> >do ITS checks.  I figured that binding sendmail to the real IP would do
> >this...but it doesn't.   I know I can get MS to use the Trend virus
> >scanner, but I still want to have the file attachment checking done by
> >trends eManager as it has a great web based GUI that our helpdesk uses. So
> >I need it in there.   Plus I'd rather have sendmail do the RBL's and
> >reject email there, so it doesn't even have to get passed to MS and take
> >longer.
> >
> >any ideas?  I think essentially what I need to do is have sendmail listen
> >on the real IP address, do its Trend stuff as well as RBL's via sendmail,
> >and then pass it to MS, but via smtp.  So really MS no longer hooks into
> >sendmail...it just sits beside it.  Or am I missing the boat here? (quite
> >possible :)
>
> >>Get the Trend stuff to output on 127.0.0.1 port 26, and have MailScanner's
> >>incoming sendmail instance listen on 127.0.0.1 port 26. It won't be able to
> >>do its RBL check (as it was received from the remote host by Trend and not
> >>MailScanner) but everything else should work. Don't try to bind different
> >>things to the same port on different instances. It may be possible in
> >>theory, but I wouldn't guarantee you can actually make it work.
>
> >>For the above 26 is a random number closely related to 25. Feel free to use
> >>any unused port number you have lying around :-) ("netstat -an" is your
> >>friend)
> >>--
> >>Julian Field
>
>Thanks Julian.  I'm guessing I can just change the port that trend will
>listen on via sendmail.cf since Trend calls that anyways I believe (ie,
>something like DAEMON_OPTIONS(`Port=26, Name=MTA')dnl
>
>What about MailScanner?  Do I need to do it via Sendmail.pm or something?
>I looked through all the files but couldn't really find anything obvious.

You can do it in the MailScanner init.d script. When it starts up sendmail
with "-bd" you can add a new option to set -ODaemonOptions=..... just like
the other options have.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep 22 15:14:58 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:57 2006
Subject: SpamAssassin 3 & MS 4.33.3?
Message-ID: <mailman.2323.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> Is SpamAssassin 3 supported in MailScanner 4.33.3?  Or will I have to
> upgrade to 4.34?

If you upgrade it might be handy to also upgrade MS, allthough it should
also woth with 4.33.3

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jwilliam at KCR.UKY.EDU  Wed Sep 22 15:27:46 2004
From: jwilliam at KCR.UKY.EDU (John Williams)
Date: Thu Jan 12 21:26:57 2006
Subject: RBL+
Message-ID: <mailman.2324.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just a FYI for those talking about the damm mortgage spam.

I got a contract with mail-abuse.org to use their RBL+ lists.

In the past 30 hours or so:
RBL+ has caught 86 spams that SBL+XBL has not and SBL+XBL has caught
1217 that RBL+ has not.

The stuff that RBL+ has caught has been the mortgage stuff.

I modified the spam.lists.conf to:
# MAPS now charge for their services, so you'll have to buy a contract before
# attempting to use the next 3 lines.

MAPS-RBL                        blackholes.mail-abuse.org.
MAPS-DUL                        dialups.mail-abuse.org.
MAPS-RSS                        relays.mail-abuse.org.
# added for commercial spam list  JPW
RBL+                            rbl-plus.mail-abuse.org.

# This next line works for JANET UK Academic sites only

MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.


John

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at barendse.to  Wed Sep 22 15:46:25 2004
From: mailscanner at barendse.to (Remco Barendse)
Date: Thu Jan 12 21:26:57 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2325.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 22 Sep 2004, Martin Hepworth wrote:

> Remco
>
> could always install the things from CPAN..
>
> or would that break all the RM based stuff?
>
> also is it just me (!) or do alot of people have problems with RPM
> installed perl modules, rather than hand/CPAN installed flavours?
>
> If this is the case then maybe we should be encouraging people to
> install any modules via CPAN rather than RPM????
>
> just a random post lunchtime thought...

:)

somehow this perl dependency stuff reminds me of 'dll hell' from windows
platform. There is always some other problem.

I gave up on the rpm install and tried the tarball install.

Unfortunately this doesn't help. The modules that will not install (and I
forgot several in my earlier post) are still not updated and when trying
to install by hand they complain about the same depencies :(

I found the ISBN module, but that module on it's turn fails because of
some depency problem :(

My objection to CPAN is that it often likes to run away and starts to do a
complete update of your perl installation. After that is finished you end
up with 2 different versions of perl installed on the box which causes
even more problems.....



>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Remco Barendse wrote:
>> Now that MailScanner reports which modules are missing to get
>> SpamAssassin 3 working I will have another go at having the rpm version
>> installed.
>>
>> After installing several extra perl modules that were included with the
>> distro I still have these open:
>>
>>
>> Net::LDAP
>> This module is not included in my distro, nor is it included in the
>> install-CLAM-SA tarball.
>>
>>
>> perl-Digest-MD5
>> Is not updated with the rpm from the package. Rebuilding the rpm and then
>> trying to rpm -Uvh gives this error:
>>        file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Digest/MD5.pm
>> from install of perl-Digest-MD5-2.33-1 conflicts with file from package
>> perl-5.8.0-88.7
>>
>>
>> perl-Net-DNS-0.48-1
>> Is not updated with the rpm from the package. Rebuilding the rpm and then
>> trying to rpm -Uvh gives this error:
>> error: Failed dependencies:
>> perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1
>>
>>
>> missing SAVI
>> This module is not included in my distro, nor is it included in the
>> install-CLAM-SA tarball.
>>
>>
>> perl-Sys-Hostname-Long
>> Is not installed from the rpm in the tarball. Rebuilding the rpm
>> and then trying to rpm -ivh gives this error:
>> error: Failed dependencies:
>> perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>>
>>
>> All input is welcome :)
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From davidb at uniquephoto.com  Wed Sep 22 15:48:44 2004
From: davidb at uniquephoto.com (David Ballengee)
Date: Thu Jan 12 21:26:57 2006
Subject: getting this message
Message-ID: <mailman.2326.1137101217.24926.mailscanner@lists.mailscanner.info>

When I run

spamassassin  -P -t -D </var/spool/mqueue/spam


what do I need to fix???


debug: Score set 0 chosen.
debug: using "/root/.spamassassin" for user state dir
debug: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks
debug: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen
debug: Score set 1 chosen.
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: Failed to parse line in SpamAssassin configuration, skipping:
defang_mime
 1
debug: Failed to parse line in SpamAssassin configuration, skipping:
auto_whitel
ist_threshold 999
debug: Failed to parse line in SpamAssassin configuration, skipping:
defang_mime
 1
debug: Initialising learner
debug: is Net::DNS::Resolver unavailable? 0
debug: trying (3) google.de...
debug: looking up MX for 'google.de'
debug: MX for 'google.de' exists? 1
debug: MX lookup of google.de succeeded => Dns available (set dns_available
to h
ardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=2.2
debug: spam corpus too small (8 < 200), skipping
debug: bayes: not scoring message, returning 0.5
debug: running raw-body-text per-line regexp tests; score so far=2.2
debug: running uri tests; score so far=2.2
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=2.2
debug: running in taint mode?
debug: Pyzor is not available: pyzor not found
debug: executable for dccproc was found at /usr/local/bin/dccproc
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: sendto(dcc.rhyolite.com (217.20.119.18,6277)):
Connect
ion refused; fatal error

debug: leaving helper-app run mode
debug: DCC -> check failed - no X-DCC returned (did you create a map file?):
sen
dto(dcc.rhyolite.com (217.20.119.18,6277)): Connection refused; fatal error

debug: all '*From' addrs:
debug: all '*To' addrs:
debug: running meta tests; score so far=3.2
debug: auto-learn? safety=+/-4, body-hits=0, head-hits=3.2
debug: auto-learn? no: inside auto-learn thresholds or safety zone around
requir
ed_hits
debug: is spam? score=3.2 required=11
tests=DATE_MISSING,FROM_NO_LOWER,MISSING_H
EADERS,MSGID_HAS_NO_AT
X-Spam-Status: No, hits=3.2 required=11.0
        tests=DATE_MISSING,FROM_NO_LOWER,MISSING_HEADERS,MSGID_HAS_NO_AT
        version=2.50-cvs
X-Spam-Level: ***

---- Start SpamAssassin results
3.20 points, 11 required;
*  1.0 -- 'From' has no lower-case characters
*  0.9 -- Missing Date: header
*  0.3 -- Message-Id has no @ sign
*  1.0 -- Missing To: header

---- End of SpamAssassin results

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 22 15:51:26 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: Whitelist from Mailwatch?
Message-ID: <mailman.2327.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Devon

there's a separate project that deals with updating the config of MS
from a web interface...

http://lushsoft.dyndns.org/mailscanner-webmin



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Devon Harding wrote:
> I mean, there should be an option, like releasing quarantine, to
> whitelist.  Is this a feature that could be added?
>
>
> On Tue, 21 Sep 2004 22:07:50 -0400, Ugo Bellavance <ugob@camo-route.com> wrote:
>
>>
>>Devon Harding wrote:
>>
>>>Is this possible? to whitelist a message tagged as SPAM from mailwatch?
>>
>>What do you mean?
>>
>>You can whitelist the user from which mailwatch sends an e-mail (like
>>www or apache) or 127.0.0.1
>>
>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Wed Sep 22 15:56:48 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:57 2006
Subject: RPM-based install package for ClamAV and SpamAssassin 3
Message-ID: <mailman.2328.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
<snip>
>
> My objection to CPAN is that it often likes to run away and starts to do a
> complete update of your perl installation. After that is finished you end
> up with 2 different versions of perl installed on the box which causes
> even more problems.....
>

This has been a problem for me in pre 5.6 versions of perl, but not
since....maybe I'm just being lucky..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at sgvwater.com  Wed Sep 22 16:03:57 2004
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 12 21:26:57 2006
Subject: RBL+
Message-ID: <mailman.2329.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
John Williams wrote:
> Just a FYI for those talking about the damm mortgage spam.
>
> I got a contract with mail-abuse.org to use their RBL+ lists.
>
> In the past 30 hours or so:
> RBL+ has caught 86 spams that SBL+XBL has not and SBL+XBL has caught
> 1217 that RBL+ has not.
>
> The stuff that RBL+ has caught has been the mortgage stuff.
Is it worth the price for less than 1% more spams?
Would SURBL have caught some of the 86 spams and done it for free?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at ihs.com  Wed Sep 22 16:09:59 2004
From: dustin.baer at ihs.com (Dustin Baer)
Date: Thu Jan 12 21:26:57 2006
Subject: OT: {Spam?} Re: Problems with F-Prot
Message-ID: <mailman.2330.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex,

Just a suggestion...you might not want to check for spam for emails
coming from your server, or at least emails coming from you, or going to
MAILSCANNER@JISCMAIL.AC.UK:

X-Erus-MailScanner-SpamCheck: spam, SpamAssassin (score=3.767, required
3, AWL 0.46, MSGID_FROM_MTA_SHORT 3.31)

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at sgvwater.com  Wed Sep 22 16:13:19 2004
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jan 12 21:26:57 2006
Subject: Debian MailScanner Package 4.33-2
Message-ID: <mailman.2331.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
damian wrote:
> Hi,
>
> I tried to do an apt-get for the Debian Packages, but ti return me with
> the following error.
>
>
> debianmail:/etc/init.d# apt-get install mailscanner
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Suggested packages:
>   clamav f-prot-installer libnet-ldap-perl
> The following NEW packages will be installed:
>   mailscanner
> 0 upgraded, 1 newly installed, 0 to remove and 415 not upgraded.
> 9 not fully installed or removed.
did you do apt-get update first?
Maybe you need some of the "415 not updated" to be updated.

apt-get dist-upgrade maybe?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at wrha.mb.ca  Wed Sep 22 16:22:08 2004
From: mkehler at wrha.mb.ca (Matt Kehler)
Date: Thu Jan 12 21:26:57 2006
Subject: upgrading to 4.33-3 and Mailwatch..
Message-ID: <mailman.2332.1137101217.24926.mailscanner@lists.mailscanner.info>

Thanks. Seems as though the conf_upgrade didn't copy the $MailWatchLogging over to the new .conf file.  Works now, can't believe I missed that one!

Matt

>>> martinh@SOLID-STATE-LOGIC.COM 09/21/04 09:06AM >>>
Matt

you'll need to edit the /usr/lib/MailScanner/CustomConfigs.pm to add in 
the MailWatch.pm line and copy over the MailWatch.pm file as well from 
the old location..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Kehler wrote:
> I just upgraded from 4.24-5 to 4.33.3 (via rpm, which is how it was installed originally). I ran the conf_ugprade.  I was previously running MailWatch 0.5.1.   It seems as though the MS upgrade broke it.  It appears that it is now called a bit differently.  Does MailWatch.pm need to be moved to the /usr/lib/MailScanner/MailScanner/CustomFunctions directory?  Should it still be called from MailScanner.conf somehow?  ie, via Always Looked Up Last = &MailWatchLogging in MailScanner.conf ?  Looks like this has been reworked but I didn't find anything in the archives.
> 
> thx
> Matt
>
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at elknet.net  Wed Sep 22 16:32:30 2004
From: mailscanner at elknet.net (Alan)
Date: Thu Jan 12 21:26:57 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2333.1137101217.24926.mailscanner@lists.mailscanner.info>

On Wed, 22 Sep 2004 15:01:54 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>I am now running SpamAssassin 3.0.0 on my production servers, having just
>upgraded from the last release candidate. Everything is working fine.
>--

Julian, will you be updating your download file 'install-Clam-SA.tar.gz'
from RC5 to final? Or should we use your file for RC5 and then do an update
to final?

Thanks for making it easier for us!
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jwilliam at KCR.UKY.EDU  Wed Sep 22 16:34:38 2004
From: jwilliam at KCR.UKY.EDU (John Williams)
Date: Thu Jan 12 21:26:57 2006
Subject: RBL+
Message-ID: <mailman.2334.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 11:03 AM 9/22/2004, you wrote:
>John Williams wrote:
>>Just a FYI for those talking about the damm mortgage spam.
>>
>>I got a contract with mail-abuse.org to use their RBL+ lists.
>>
>>In the past 30 hours or so:
>>RBL+ has caught 86 spams that SBL+XBL has not and SBL+XBL has caught
>>1217 that RBL+ has not.
>>
>>The stuff that RBL+ has caught has been the mortgage stuff.
>Is it worth the price for less than 1% more spams?
>Would SURBL have caught some of the 86 spams and done it for free?

I wasn't sure how many it would catch.  But being a non-profit it was only $250
for a year.  Perhaps SURBL would have done the same thing.  Just posting
what I've seen with the non-free version.

John

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 16:40:54 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: Problems with F-Prot
Message-ID: <mailman.2335.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:45 22/09/2004, you wrote:
>Hi
>
>I have the latest debian packages for mailscanner and F-prot and I'm seeing
>this error in my syslog:
>
>Sep 22 15:04:09 server01 MailScanner[26556]: Error on reading
>./1CA7hx-00074h-28.header
>Sep 22 15:04:09 server01 MailScanner[26556]: Either you've found a bug in
>MailScanner's F-Prot output parser, or F-Prot's output format has changed!
>F-Prot said this "Error on reading ./1CA7hx-00074h-28.header". Please mail
>the author of MailScanner

The normal reason for this is people running Debian-stable, as the version
of MailScanner they ship with that is totally ancient. What version of
F-Prot are you using?

I think in this case you have a permissions problem. The user you are
running MailScanner as, doesn't have the ability to access (or possibly
even write) to the /var/spool/MailScanner/incoming directory. Hence the
"Error on reading ..." errors.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 16:43:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2336.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:32 22/09/2004, you wrote:
>On Wed, 22 Sep 2004 15:01:54 +0100, Julian Field
><mailscanner@ECS.SOTON.AC.UK> wrote:
>
> >I am now running SpamAssassin 3.0.0 on my production servers, having just
> >upgraded from the last release candidate. Everything is working fine.
> >--
>
>Julian, will you be updating your download file 'install-Clam-SA.tar.gz'
>from RC5 to final? Or should we use your file for RC5 and then do an update
>to final?

Give me a few minutes...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 17:02:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:57 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2337.1137101217.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:43 22/09/2004, you wrote:
>At 16:32 22/09/2004, you wrote:
>>On Wed, 22 Sep 2004 15:01:54 +0100, Julian Field
>><mailscanner@ECS.SOTON.AC.UK> wrote:
>>
>> >I am now running SpamAssassin 3.0.0 on my production servers, having just
>> >upgraded from the last release candidate. Everything is working fine.
>> >--
>>
>>Julian, will you be updating your download file 'install-Clam-SA.tar.gz'
>>from RC5 to final? Or should we use your file for RC5 and then do an update
>>to final?
>
>Give me a few minutes...

It is there now. Please try it and let me know if it works for you or not
(and whether you are using the INSTALL-rpm.sh or INSTALL-tar.sh).
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From torontodss at hotmail.com  Wed Sep 22 17:10:29 2004
From: torontodss at hotmail.com (Dave)
Date: Thu Jan 12 21:26:57 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2338.1137101217.24926.mailscanner@lists.mailscanner.info>

I'm in the process of setting up a box with MS. I think I have everything
set correctly and it's filtering emails,
BUT it seems to work 100% when I'm in debug mode!!

The system is a 700Mhz with almost 400 megs memory.
I am currently testing it with fetchmail.(Long story), but it works fine.

So when I run MS with debug set to YES(also SA debug on), the system load is
under 2(using uptime/top),
I placed 150 spam messages into the pop account I'm fetching mail from.(I
have a pop account with over 1000 spam
emails). MS starts to process the messages about 30 at a time, I keep
reloading the MS service and it continues
to process the emails. All is well...

So I figure everything is working fine, turn off the debug and reload MS.
NOW the load on the system is up to 5+
nothing in the logs to show it's processing anything.
And if something does show up on the logs, it's timeout messages either from
SA or RBL's

Am I doing something stupid? OR am I missing something here?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Wed Sep 22 17:30:44 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:26:57 2006
Subject: Problems with F-Prot
Message-ID: <mailman.2339.1137101217.24926.mailscanner@lists.mailscanner.info>

>Sep 22 15:04:09 server01 MailScanner[26556]: Either you've found a bug
>in MailScanner's F-Prot output parser, or F-Prot's output format has
changed!
>F-Prot said this "Error on reading ./1CA7hx-00074h-28.header". Please
>mail the author of MailScanner

>The normal reason for this is people running Debian-stable, as the version
>of MailScanner they ship with that is totally ancient. What version of
F->Prot are you using?

I'm using version 4.4.4 installed with the f-prot-install 0.5.11.

>I think in this case you have a permissions problem. The user you are
>running MailScanner as, doesn't have the ability to access (or possibly
>even write) to the /var/spool/MailScanner/incoming directory. Hence the
>"Error on reading ..." errors.

I thought that but the permissions look ok to my untrained eye.

Snip of MailScanner.conf:

<Snip>
# If you want to change the ownership or permissions of the quarantine or #
temporary files created by MailScanner, please see the "Incoming Work"
# settings later in this file.
#Run As User = mail
#Run As User = postfix
Run As User = Debian-exim

# Group to run as (not normally used for sendmail) #Run As Group = mail #Run
As Group = postfix Run As Group = Debian-exim </Snip>

And output of ls -l on /var/spool/MailScanner:

server01:/var/spool/MailScanner# ls -l
total 12
drwxr-x---  2 Debian-exim Debian-exim 4096 Sep 10 17:56 archive
drwxrwx---  5 Debian-exim Debian-exim 4096 Sep 22 16:00 incoming
drwxr-x---  4 Debian-exim Debian-exim 4096 Sep 22 06:01 quarantine

...and /var/spool/MailScanner/incoming

server01:/var/spool/MailScanner/incoming# ls -l total 12
drwx------  2 Debian-exim Debian-exim 4096 Sep 22 16:58 27968
drwx------  2 Debian-exim Debian-exim 4096 Sep 21 20:54 8961
drwx------  2 Debian-exim Debian-exim 4096 Sep 21 21:04 9038

Sorry for the mass of text but I didn't want to overlook something
blindingly obvious.

Regards

Alex

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Wed Sep 22 17:31:56 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:57 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2340.1137101217.24926.mailscanner@lists.mailscanner.info>

> I'm in the process of setting up a box with MS. I think I
> have everything set correctly and it's filtering emails, BUT
> it seems to work 100% when I'm in debug mode!!
>
> The system is a 700Mhz with almost 400 megs memory.
> I am currently testing it with fetchmail.(Long story), but it works
> fine.
>
> So when I run MS with debug set to YES(also SA debug on), the
> system load is under 2(using uptime/top), I placed 150 spam
> messages into the pop account I'm fetching mail from.(I have
> a pop account with over 1000 spam emails). MS starts to
> process the messages about 30 at a time, I keep reloading the
> MS service and it continues to process the emails. All is well...
>
> So I figure everything is working fine, turn off the debug
> and reload MS.
> NOW the load on the system is up to 5+
> nothing in the logs to show it's processing anything.
> And if something does show up on the logs, it's timeout
> messages either from SA or RBL's
>
> Am I doing something stupid? OR am I missing something here?
What are you getting in your mail logs when you turn off debugging?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Wed Sep 22 17:32:58 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:26:58 2006
Subject: Debian MailScanner Package 4.33-2
Message-ID: <mailman.2341.1137101217.24926.mailscanner@lists.mailscanner.info>

damian wrote:
> Hi,
>
> I tried to do an apt-get for the Debian Packages, but ti return me with
> the following error.
>
>
> debianmail:/etc/init.d# apt-get install mailscanner
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Suggested packages:
>   clamav f-prot-installer libnet-ldap-perl
> The following NEW packages will be installed:
>   mailscanner
> 0 upgraded, 1 newly installed, 0 to remove and 415 not upgraded.
> 9 not fully installed or removed.
>did you do apt-get update first?
>Maybe you need some of the "415 not updated" to be updated.

>apt-get dist-upgrade maybe?

I've installed the new Debian package recently and have had a few problems
but the install wasn't one of them.

Damian is probably right, you probably need one of the packages you haven't
updated.

Try an apt-get update followed by apt-get upgrade (not dist-upgrade unless
you want to move up a distro)

Also, unless your on dialup I'd run apt-get clean to purge the downloaded
package, and then re-download it, in case the package has been corrupted in
any way.

Alex



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From combs at magnet.fsu.edu  Wed Sep 22 18:14:53 2004
From: combs at magnet.fsu.edu (Tom Combs)
Date: Thu Jan 12 21:26:58 2006
Subject: MCP hit change subject?
Message-ID: <mailman.2342.1137101218.24926.mailscanner@lists.mailscanner.info>

Hello,

  I'd like to modify the subject line for email that triggers a MCP rule.
  Spam triggered email has the option to do this but I don't see anything
  similar for the MCP configuration. Can this be done, and if so, how?

  Thanks,  Tom


--
Tom Combs                                      E-mail: combs@magnet.fsu.edu
National High Magnetic Field Laboratory        Phone:  (850) 644-1657
1800 E. Paul Dirac Drive                       Tallahassee, FL 32310

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Wed Sep 22 18:44:00 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:58 2006
Subject: RBL+
Message-ID: <mailman.2343.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> RBL+ has caught 86 spams that SBL+XBL has not and SBL+XBL has caught
>> 1217 that RBL+ has not.

>> The stuff that RBL+ has caught has been the mortgage stuff.

> Is it worth the price for less than 1% more spams?
> Would SURBL have caught some of the 86 spams and done it for free?

We dropped RBL+ some time ago, i personally feel there are better
alternatives around currently.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep 22 18:56:01 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:58 2006
Subject: OT: Re: Problems with F-Prot
Message-ID: <mailman.2344.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> Just a suggestion...you might not want to check for spam for emails
> coming from your server, or at least emails coming from you, or going to
> MAILSCANNER@JISCMAIL.AC.UK:
>
> X-Erus-MailScanner-SpamCheck: spam, SpamAssassin (score=3.767, required
> 3, AWL 0.46, MSGID_FROM_MTA_SHORT 3.31)

And a spam score of 3 i also think is uh, lets say, not normal ;)
Would rather put the threshold at 5 or something.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marco at MUW.EDU  Wed Sep 22 19:04:12 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2345.1137101218.24926.mailscanner@lists.mailscanner.info>

Hi,

Quoting Julian Field <mailscanner@ECS.SOTON.AC.UK>:

> It is there now. Please try it and let me know if it works for you or not
> (and whether you are using the INSTALL-rpm.sh or INSTALL-tar.sh).

I am a little confused about the new SA changes :(

I ran the INSTALL-rpm.sh and I saw some errors that I could ignore according to
the output. For example:

Do not worry too much about errors from the next command.
It is quite likely that some of the Perl modules are
already installed on your system.

Ignore errors from the perl-Digest and perl-Digest-MD5 packages.
Test-Harness is probably okay to ignore too.

error: Failed dependencies:
        perl(Digest::HMAC_MD5) is needed by perl-Net-DNS-0.48-1
        perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1
    Suggested resolutions:
        perl-Digest-HMAC-1.01-11.1.noarch.rpm


Can we still use RulesDuJour with SA 3?
What about SpamCopURI?
Also, SA 3 complained about the bayes files from the 2.64 version.

I ran spamassassin -D --lint and had some errors:

debug: bayes: 23742 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks
debug: bayes: 23742 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen
debug: bayes: found bayes db version 2
bayes: bayes db version 2 is not able to be used, aborting! at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore/DBM.pm line 160.


debug: running uri tests; score so far=-2.623
Failed to compile URI SpamAssassin tests, skipping:
        (syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule OB_URI_RBL,
line 1, near "eval:"
syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule WS_URI_RBL, line 1,
near "eval:"
syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule WS_URI_RBL, line 11,
near "}
    }"
)


I also noticed that local.cf is now under /usr/etc/mail/spamassassin instead of
/etc/mail/spamassassin. It confused SA 3 so I removed (after backup)
/etc/mail/spamassassin and the lint is fine now. Is that okay?


Thanks for any responses !!!
Marco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From torontodss at HOTMAIL.COM  Wed Sep 22 19:05:11 2004
From: torontodss at HOTMAIL.COM (Dave)
Date: Thu Jan 12 21:26:58 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2346.1137101218.24926.mailscanner@lists.mailscanner.info>

Ok here ya go, I placed another 2 emails in the pop so I could grab a fresh
mail log.
Hope this is enough, and just to let you know. Almost 1 hr after I sent
those 2 messages, I 
have yet to see anything in the inbox.(Load btw is at 3 right now)



Sep 22 13:13:56 gateway fetchmail[3923]: 2 messages for
spammenow1@rogers.com at pop1.rog.mail.vip.re2.yahoo.com (54513 octets).
Sep 22 13:13:56 gateway fetchmail[3923]: reading message
spammenow1@rogers.com@pop1.rog.mail.vip.re2.yahoo.com:1 of 2 (47034 octets)
Sep 22 13:14:04 gateway postfix/smtpd[8253]: connect from
localhost.localdomain[127.0.0.1]
Sep 22 13:14:06 gateway postfix/smtpd[8253]: 5997C20310:
client=localhost.localdomain[127.0.0.1]
Sep 22 13:14:07 gateway postfix/cleanup[8257]: 5997C20310:
message-id=<20040213175335.21997.qmail@nl-web4.internet.com>
Sep 22 13:14:07 gateway fetchmail[3923]:  flushed
Sep 22 13:14:07 gateway fetchmail[3923]: reading message
spammenow1@rogers.com@pop1.rog.mail.vip.re2.yahoo.com:2 of 2 (7479 octets)
Sep 22 13:14:07 gateway postfix/smtpd[8253]: 8912320311:
client=localhost.localdomain[127.0.0.1]
Sep 22 13:14:07 gateway postfix/cleanup[8257]: 8912320311:
message-id=<200402130702.XAA32921@f.ss01.net>
Sep 22 13:14:07 gateway fetchmail[3923]:  flushed
Sep 22 13:14:07 gateway postfix/smtpd[8253]: disconnect from
localhost.localdomain[127.0.0.1]
Sep 22 13:14:07 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:14:07 PM EDT
Sep 22 13:14:11 gateway postfix/nqmgr[8175]: 8912320311:
from=<b.InboxMail.0-2e6b4ba-4f23.homereach.com.-spiro@f.ss01.net>,
size=7774, nrcpt=1 (queue active)
Sep 22 13:14:12 gateway postfix/nqmgr[8175]: 8912320311:
to=<spammenow@localhost.taate.ca>, relay=none, delay=4, status=deferred
(deferred transport)
Sep 22 13:14:14 gateway postfix/nqmgr[8175]: 5997C20310:
from=<newsletter@nl.internet.com>, size=47436, nrcpt=1 (queue active)
Sep 22 13:14:16 gateway postfix/nqmgr[8175]: 5997C20310:
to=<spammenow@localhost.taate.ca>, relay=none, delay=8, status=deferred
(deferred transport)

*** At this point the load is at about 5.5(uptime)


Sep 22 13:18:21 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:18:21 PM EDT
Sep 22 13:19:21 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:19:21 PM EDT
Sep 22 13:19:57 gateway MailScanner[8252]: Using locktype = flock
Sep 22 13:20:02 gateway MailScanner[8252]: New Batch: Scanning 4 messages,
66809 bytes
Sep 22 13:22:27 gateway ipop3d[8355]: pop3 service init from 192.168.1.118
Sep 22 13:22:28 gateway ipop3d[8355]: Auth user=spammenow
host=[192.168.1.118] nmsgs=0/0
Sep 22 13:22:28 gateway ipop3d[8355]: Logout user=spammenow
host=[192.168.1.118] nmsgs=0 ndele=0
Sep 22 13:22:33 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:22:33 PM EDT
Sep 22 13:23:10 gateway MailScanner[8252]: SpamAssassin timed out and was
killed, failure 1 of 20
Sep 22 13:23:33 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:23:33 PM EDT
Sep 22 13:26:16 gateway MailScanner[8252]: SpamAssassin timed out and was
killed, failure 2 of 20
Sep 22 13:26:47 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:26:47 PM EDT
Sep 22 13:27:48 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:27:48 PM EDT
Sep 22 13:29:21 gateway MailScanner[8252]: SpamAssassin timed out and was
killed, failure 3 of 20
Sep 22 13:29:33 gateway postfix/nqmgr[8228]: DAF0A20314: from=<>, size=1220,
nrcpt=1 (queue active)
Sep 22 13:29:35 gateway postfix/nqmgr[8228]: 2CFE4202DF: from=<>, size=1220,
nrcpt=1 (queue active)
Sep 22 13:31:02 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:31:02 PM EDT
Sep 22 13:32:02 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:32:02 PM EDT
Sep 22 13:32:26 gateway ipop3d[8413]: pop3 service init from 192.168.1.118
Sep 22 13:32:27 gateway ipop3d[8413]: Auth user=spammenow
host=[192.168.1.118] nmsgs=0/0
Sep 22 13:32:27 gateway ipop3d[8413]: Logout user=spammenow
host=[192.168.1.118] nmsgs=0 ndele=0
Sep 22 13:32:32 gateway MailScanner[8252]: SpamAssassin timed out and was
killed, failure 4 of 20
Sep 22 13:32:44 gateway postfix/smtp[8389]: connect to
s0.tekmailer.com[69.6.7.177]: Connection timed out (port 25)
Sep 22 13:32:44 gateway postfix/smtp[8388]: connect to
s0.tekmailer.com[69.6.7.177]: Connection timed out (port 25)
Sep 22 13:32:44 gateway postfix/smtp[8389]: 2CFE4202DF:
to=<b.christina.0-2c63320-2739.homereach.com.-spiro@s0.tekmailer.com>,
 relay=none, delay=9229, status=deferred (connect to
s0.tekmailer.com[69.6.7.177]: Connection timed out)
Sep 22 13:32:44 gateway postfix/smtp[8388]: DAF0A20314:
to=<b.christina.0-2c63320-2739.homereach.com.-spiro@s0.tekmailer.com>,
 relay=none, delay=9229, status=deferred (connect to
s0.tekmailer.com[69.6.7.177]: Connection timed out)
Sep 22 13:32:55 gateway MailScanner[8252]: Virus and Content Scanning:
Starting
Sep 22 13:32:55 gateway MailScanner[8252]: Virus and Content Scanning:
Starting
Sep 22 13:35:15 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:35:15 PM EDT
Sep 22 13:36:15 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:36:15 PM EDT
Sep 22 13:37:58 gateway MailScanner[8252]: Commercial scanner clamavmodule
timed out!
Sep 22 13:37:58 gateway MailScanner[8252]: Virus Scanning: Denial Of Service
attack detected!
Sep 22 13:38:23 gateway MailScanner[8250]: Using locktype = flock
Sep 22 13:39:29 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:39:29 PM EDT
Sep 22 13:40:29 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:40:29 PM EDT
Sep 22 13:42:28 gateway ipop3d[8471]: pop3 service init from 192.168.1.118
Sep 22 13:42:28 gateway ipop3d[8471]: Auth user=spammenow
host=[192.168.1.118] nmsgs=0/0
Sep 22 13:42:28 gateway ipop3d[8471]: Logout user=spammenow
host=[192.168.1.118] nmsgs=0 ndele=0
Sep 22 13:43:02 gateway MailScanner[8252]: Commercial scanner clamavmodule
timed out!
Sep 22 13:43:03 gateway MailScanner[8252]: Virus Scanning: Denial Of Service
attack is in message 5997C20310
Sep 22 13:43:42 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:43:42 PM EDT
Sep 22 13:44:14 gateway MailScanner[8249]: Using locktype = flock
Sep 22 13:44:42 gateway fetchmail[3923]: awakened at Wed 22 Sep 2004
01:44:42 PM EDT
Sep 22 13:46:07 gateway postfix/nqmgr[8175]: 8912320311: skipped, still
being delivered
Sep 22 13:46:07 gateway postfix/nqmgr[8175]: 5997C20310: skipped, still
being delivered
Sep 22 13:47:48 gateway postfix/nqmgr[8175]: 8912320311: skipped, still
being delivered
Sep 22 13:47:48 gateway postfix/nqmgr[8175]: 5997C20310: skipped, still
being delivered
Sep 22 13:47:54 gateway fetchmail[3923]: 1 message for spammenow1@rogers.com
at pop1.rog.mail.vip.re2.yahoo.com (1846 octets).

Sep 22 13:47:54 gateway fetchmail[3923]: reading message
spammenow1@rogers.com@pop1.rog.mail.vip.re2.yahoo.com:1 of 1 (1846 oc
tets)
Sep 22 13:47:55 gateway postfix/smtpd[8500]: connect from
localhost.localdomain[127.0.0.1]
Sep 22 13:47:56 gateway postfix/smtpd[8500]: 385DA20312:
client=localhost.localdomain[127.0.0.1]
Sep 22 13:47:56 gateway postfix/cleanup[8501]: 385DA20312:
message-id=<20040922174756.385DA20312@mail.taate.ca>
Sep 22 13:47:56 gateway fetchmail[3923]:  flushed
Sep 22 13:47:56 gateway fetchmail[3923]: sleeping at Wed 22 Sep 2004
01:47:56 PM EDT
Sep 22 13:47:56 gateway postfix/smtpd[8500]: disconnect from
localhost.localdomain[127.0.0.1]
Sep 22 13:47:56 gateway postfix/nqmgr[8175]: 385DA20312:
from=<cappedkunfs@image.net>, size=2233, nrcpt=1 (queue active)
Sep 22 13:47:56 gateway postfix/nqmgr[8175]: 385DA20312:
to=<spammenow@localhost.taate.ca>, relay=none, delay=0, status=deferr
ed (deferred transport)
Sep 22 13:48:06 gateway MailScanner[8250]: New Batch: Found 3 messages
waiting





-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Michele Neylon:: Blacknight Solutions
Sent: Wednesday, September 22, 2004 12:32 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: What is going on? Totally bizzare


> I'm in the process of setting up a box with MS. I think I have 
> everything set correctly and it's filtering emails, BUT it seems to 
> work 100% when I'm in debug mode!!
>
> The system is a 700Mhz with almost 400 megs memory.
> I am currently testing it with fetchmail.(Long story), but it works 
> fine.
>
> So when I run MS with debug set to YES(also SA debug on), the system 
> load is under 2(using uptime/top), I placed 150 spam messages into the 
> pop account I'm fetching mail from.(I have a pop account with over 
> 1000 spam emails). MS starts to process the messages about 30 at a 
> time, I keep reloading the MS service and it continues to process the 
> emails. All is well...
>
> So I figure everything is working fine, turn off the debug and reload 
> MS. NOW the load on the system is up to 5+
> nothing in the logs to show it's processing anything.
> And if something does show up on the logs, it's timeout
> messages either from SA or RBL's
>
> Am I doing something stupid? OR am I missing something here?
What are you getting in your mail logs when you turn off debugging?

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From penguin at DHCP.NET  Wed Sep 22 19:14:57 2004
From: penguin at DHCP.NET (A. Eijkhoudt)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2347.1137101218.24926.mailscanner@lists.mailscanner.info>

> Hi,

Howdi,

> I ran spamassassin -D --lint and had some errors:
>
> debug: bayes: 23742 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks
> debug: bayes: 23742 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen
> debug: bayes: found bayes db version 2
> bayes: bayes db version 2 is not able to be used, aborting! at

Make sure you do a Bayes rebuild when you're done upgrading SpamAssassin.
You can do this by running an 'sa-learn --sync' ('sa-learn --rebuild'
still works, but is only in there for backwards compatiblity and will be
phased out).

> I also noticed that local.cf is now under
> /usr/etc/mail/spamassassin instead of
> /etc/mail/spamassassin. It confused SA 3 so I removed (after backup)
> /etc/mail/spamassassin and the lint is fine now. Is that okay?

That's fine, as long as it works. It's probably a mistake on the part of
the installer using PREFIX=/usr and not using
SYSCONFDIR=/etc/mail/spamassassin.

I've got SA3 running fine and dandy with MailScanner 4.33's stable
release.

Regards,

A. Eijkhoudt

--
This message has been scanned for viruses and
dangerous HTML content by Valethosting.

Dit bericht is gecontroleerd op virussen en gevaarlijke
HTML door Valethosting's MailScanner.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Wed Sep 22 19:33:31 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2348.1137101218.24926.mailscanner@lists.mailscanner.info>

This is a current issue being discussed on the spamassassin list, and
something I'm suffering from.  They seem to think the problem is a lack
of the db_file perl module.  Unfortunately, myself and others are having
problems getting that to install with cpan.

HOWEVER, I just ran the --sync with sa-learn and it fixed me right up.

Thanks!

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of A. Eijkhoudt
> Sent: Wednesday, September 22, 2004 11:15 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3 release and MailScanner
>
>
> > Hi,
>
> Howdi,
>
> > I ran spamassassin -D --lint and had some errors:
> >
> > debug: bayes: 23742 tie-ing to DB file R/O
> > /etc/MailScanner/bayes/bayes_toks
> > debug: bayes: 23742 tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes_seen
> > debug: bayes: found bayes db version 2
> > bayes: bayes db version 2 is not able to be used, aborting! at
>
> Make sure you do a Bayes rebuild when you're done upgrading
> SpamAssassin. You can do this by running an 'sa-learn --sync'
> ('sa-learn --rebuild' still works, but is only in there for
> backwards compatiblity and will be phased out).
>
> > I also noticed that local.cf is now under
> /usr/etc/mail/spamassassin
> > instead of /etc/mail/spamassassin. It confused SA 3 so I removed
> > (after backup) /etc/mail/spamassassin and the lint is fine now. Is
> > that okay?
>
> That's fine, as long as it works. It's probably a mistake on
> the part of the installer using PREFIX=/usr and not using
> SYSCONFDIR=/etc/mail/spamassassin.
>
> I've got SA3 running fine and dandy with MailScanner 4.33's
> stable release.
>
> Regards,
>
> A. Eijkhoudt
>
> --
> This message has been scanned for viruses and
> dangerous HTML content by Valethosting.
>
> Dit bericht is gecontroleerd op virussen en gevaarlijke
> HTML door Valethosting's MailScanner.
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marco at MUW.EDU  Wed Sep 22 19:43:29 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2349.1137101218.24926.mailscanner@lists.mailscanner.info>

Quoting "A. Eijkhoudt" <penguin@DHCP.NET>:

> I've got SA3 running fine and dandy with MailScanner 4.33's stable
> release.

Thank you for the rebuid tip. My servers are up-to-date running latest SA and MS
and happy now ;) I used Julian's package and it did create
/usr/etc/mail/spamassassin
I am not sure if it is Julian's script or SA 3 package that creates things under
/usr. I remved the above folder (after copying its content onto
/etc/mail/spamassassin) and the SA lint is happy now.


Thanks,
Marco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Wed Sep 22 19:58:57 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2350.1137101218.24926.mailscanner@lists.mailscanner.info>

On Wed, 22 Sep 2004 17:02:45 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>It is there now. Please try it and let me know if it works for you or not
>(and whether you are using the INSTALL-rpm.sh or INSTALL-tar.sh).
>--
>Julian Field

Julian,
I just downloaded your gz file, and when I examined its contents, in the rpm
directory, I see 'perl-Mail-SpamAssassin-3.0.0-rc5.1.src.rpm'. Just a sanity
check, but this looks to me like its still the RC5 version of SA.

The tar directory is also named in this manner.

-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marco at MUW.EDU  Wed Sep 22 20:44:21 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2351.1137101218.24926.mailscanner@lists.mailscanner.info>

Hi,

Quoting Alan <mailscanner@ELKNET.NET>:

> I just downloaded your gz file, and when I examined its contents, in the rpm
> directory, I see 'perl-Mail-SpamAssassin-3.0.0-rc5.1.src.rpm'. Just a sanity
> check, but this looks to me like its still the RC5 version of SA.

I downloaded the same package and the content is correct. Here is the content:

perl-Mail-SpamAssassin-3.0.0-1.src.rpm (in perl-rpm)
Mail-SpamAssassin-3.0.0.tar.gz (in perl-tar)


I wonder if your browser has the older package cached somewhere.
(Or, your proxy is caching the older package ... Just guessing!)

Marco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 20:56:45 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2352.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:10 22/09/2004, you wrote:
>I'm in the process of setting up a box with MS. I think I have everything
>set correctly and it's filtering emails,
>BUT it seems to work 100% when I'm in debug mode!!
>
>The system is a 700Mhz with almost 400 megs memory.
>I am currently testing it with fetchmail.(Long story), but it works fine.
>
>So when I run MS with debug set to YES(also SA debug on), the system load is
>under 2(using uptime/top),
>I placed 150 spam messages into the pop account I'm fetching mail from.(I
>have a pop account with over 1000 spam
>emails). MS starts to process the messages about 30 at a time, I keep
>reloading the MS service and it continues
>to process the emails. All is well...
>
>So I figure everything is working fine, turn off the debug and reload MS.
>NOW the load on the system is up to 5+
>nothing in the logs to show it's processing anything.
>And if something does show up on the logs, it's timeout messages either from
>SA or RBL's

Make sure you have
         Log Spam = yes
so you can see it studying the messages. A load of over 5 is quite normal,
that's nothing to worry about. How many child processes are you running?
They will about 40 - 50Mb each, so with 400Mb of RAM then don't run too
many children or it will start swapping. What does top say? What does
vmstat say?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 22 21:11:10 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2353.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:58 22/09/2004, you wrote:
>On Wed, 22 Sep 2004 17:02:45 +0100, Julian Field
><mailscanner@ECS.SOTON.AC.UK> wrote:
>
> >It is there now. Please try it and let me know if it works for you or not
> >(and whether you are using the INSTALL-rpm.sh or INSTALL-tar.sh).
> >--
> >Julian Field
>
>Julian,
>I just downloaded your gz file, and when I examined its contents, in the rpm
>directory, I see 'perl-Mail-SpamAssassin-3.0.0-rc5.1.src.rpm'. Just a sanity
>check, but this looks to me like its still the RC5 version of SA.
>
>The tar directory is also named in this manner.

The file install-Clam-SA.tar.gz as linked from the downloads page
definitely has 3.0.0 in it, I've just checked. Be sure you are downloading
the right thing and no caches/proxies in the way aren't causing you trouble.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Wed Sep 22 21:26:05 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:58 2006
Subject: Spam.assassin.prefs.conf file available
Message-ID: <mailman.2354.1137101218.24926.mailscanner@lists.mailscanner.info>

To coincide with the release of SpamAssassin 3.0 we've added to our support
website: www.fsl.com/support

1. A new expanded spam.assassin.prefs.conf file for 3.0.

2. A new script to update the /etc/cron.daily/rules_du_jour script after
   it's updated itself.

3. And for those who might damage their bayes database during the upgrade,
   the 2.64 versions of our bayes database for Linux and FreeBSD are
   still available on out website. They can be easily upgraded to work with
   SA 3.0.

Any suggestions for improving these files are welcome. Please just fdrop me
a line off list.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevin at KEVINSPICER.CO.UK  Wed Sep 22 21:41:48 2004
From: kevin at KEVINSPICER.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:58 2006
Subject: MailScanner-MRTG, another unstable release
Message-ID: <mailman.2355.1137101218.24926.mailscanner@lists.mailscanner.info>

Well, the unstable release of 0.09.02 managed to live up to its name
(thanks to all those who beta tested it).  0.09.03 is now available to
download from http://mailscannermrtg.sourceforge.net  This release fixes
a number of bugs present in 0.09.02, including one bug which can cause
the timeout code in 0.09.02 to fail resulting serious performance
degradation on systems where the timeout should be triggered. As such
this upgrade is strongly recommended to anyone running a 0.09.00 or
0.09.02 release.

As ever all feedback appreciated via the forums on the sourceforge site.

Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  196bytes. ]
    [ Unable to print this part. ]


From alex at ERUS.CO.UK  Wed Sep 22 22:15:32 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:26:58 2006
Subject: OT: Re: Problems with F-Prot
Message-ID: <mailman.2356.1137101218.24926.mailscanner@lists.mailscanner.info>

Not normal but one that works for me....

All my mailing list traffic is either whitelisted or filtered first and the
ham:spam ratio on the rest is running at 40:60 ish at the moment, so 3 is my
way of making a stand :)

All the spam is tagged only, so I can check for false positives and there
are surprisingly few.

Also, normally emails from myself are whitelisted, but with the upgrade
problems I've been having, I didn't get round to putting the whitelist back.


There's always something you forget to do....

Regards

Alex

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Raymond Dijkxhoorn
Sent: 22 September 2004 18:56
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: OT: Re: Problems with F-Prot

Hi!

> Just a suggestion...you might not want to check for spam for emails
> coming from your server, or at least emails coming from you, or going to
> MAILSCANNER@JISCMAIL.AC.UK:
>
> X-Erus-MailScanner-SpamCheck: spam, SpamAssassin (score=3.767, required
> 3, AWL 0.46, MSGID_FROM_MTA_SHORT 3.31)

And a spam score of 3 i also think is uh, lets say, not normal ;)
Would rather put the threshold at 5 or something.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbrodeur+mailscanner at NEXTTIME.COM  Wed Sep 22 22:38:53 2004
From: mbrodeur+mailscanner at NEXTTIME.COM (Matt Brodeur)
Date: Thu Jan 12 21:26:58 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2357.1137101218.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   I'm new to both MailScanner and this list, so if there's an obvious
answer somewhere feel free to smack me with a clue by four.  Google
hasn't been much help on this.

   What I'd like is to skip file name/type checks within zip files,
while still checking the contents for known viruses.  Unzipped files
should still be subject to all checks.  I don't see a way to
selectively ignore zip contents, as the only option appears to be
disabling archive checking entirely.
   The point (in case there's a better approach) is that we have users
trained to zip files to get them through the virus scanners.  This was
fine with our old system which didn't even open archives.  Now we're
using MailScanner and it dutifully digs in, finds and blocks every
valid .exe, .chm, .avi, etc that our engineers pass around.  It's also
finding all the zipped viruses we get, so at least it's working.
   Is there a way to deal with this other than disabling archive
checks, disabling file name/type checks, manually whitelisting file
senders, or requiring users to encrypt thier zips?  Obviously none of
these are optimal, or I wouldn't be asking the question.

- --
Matt Brodeur                                                       RHCE
MBrodeur@NextTime.com                           http://www.NextTime.com

I don't suffer from insanity. I enjoy every minute of it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUfDtc8/WFSz+GKMRAoXoAJ9cczkycKrL0SEL6MN6JmJfQ/jKwACgiJB3
6xDAEGoOBIsAjhpS9c23xA8=
=f2+q
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From diego.fabara at ALEGROPCS.COM  Wed Sep 22 22:41:34 2004
From: diego.fabara at ALEGROPCS.COM (Diego Fabara)
Date: Thu Jan 12 21:26:58 2006
Subject: blacklist for subject
Message-ID: <mailman.2358.1137101218.24926.mailscanner@lists.mailscanner.info>

How stop mail with Subject: "re[9]:" for example ??




INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Wed Sep 22 22:54:24 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2359.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o = 
"urn:schemas-microsoft-com:office:office" xmlns:w = 
"urn:schemas-microsoft-com:office:word"><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=700475221-22092004><FONT face=Arial color=#0000ff size=2>Run 
spamassassin --sync to rebuild the bayes db and that should help.&nbsp; I had 
the same problem after upgrading to 3.0, and that fixed it for 
me.</FONT></SPAN></DIV>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
  face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> MailScanner 
  mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of </B>Michael 
  Freeman<BR><B>Sent:</B> Wednesday, September 22, 2004 2:57 PM<BR><B>To:</B> 
  MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> SA 3.0 + MailScanner Bayes 
  issue!<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">We are running Cpanel + 
  MailScanner (Latest) Spamassasin. Until last night, our SA was version 2.64. 
  After latest nights Cpanel update we are now running SA3.0. We can always 
  reply on wonderful Cpanel to mess with peoples installation but anyway. We 
  seem to be having a Bayes issue now. Everytime the Bayes db is queried; there 
  is a noticeable error in the logs.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm 
  line 160. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:06 srv05 
  spamd[15099]: processing message 
  &lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt; for plush:32050. 
  <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:06 srv05 
  spamd[15099]: bayes: bayes db version 2 is not able to be used, aborting! at 
  /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine SARE_HTML_URI_DEFASP_uri_test redefined at 
  /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP, line 5, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine PORN_URL_SLUT_uri_test redefined at 
  /usr/share/spamassassin/20_porn.cf, rule PORN_URL_SLUT, line 10, &lt;GEN53&gt; 
  line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine SARE_HTML_URI_LHOST30_uri_test redefined at 
  /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_LHOST30, line 10, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine USERPASS_uri_test redefined at 
  /usr/share/spamassassin/20_uri_tests.cf, rule USERPASS, line 10, &lt;GEN53&gt; 
  line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine __URI_PAYPAL_uri_test redefined at 
  /etc/mail/spamassassin/70_sare_spoof.cf, rule __URI_PAYPAL, line 10, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine SARE_HTML_URI_OPTPHP_uri_test redefined at 
  /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_OPTPHP, line 10, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Subroutine MAILTO_TO_SPAM_ADDR_uri_test redefined at 
  /usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR, line 10, 
  &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
  spamd[15099]: Failed to compile URI SpamAssassin tests, skipping:__(syntax 
  error at /etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, near 
  "eval:"_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule 
  WS_URI_RBL, line 1, near "eval:"_syntax error at 
  /etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 8, near 
  "}_&nbsp;&nbsp;&nbsp; }"_) <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:09 srv05 
  spamd[15099]: clean message (1.2/5.0) for plush:32050 in 4.6 seconds, 4886 
  bytes. <o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:09 srv05 
  spamd[15099]: result: .&nbsp; 1 - FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY 
  scantime=4.6,size=4886,mid=&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt;,autolearn=no 
  &nbsp;<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Does this mean I have to reinstall 
  a new copy of the Bayes DB just because of the upgrade? If so, how do we 
  refresh the db?<o:p></o:p></SPAN></FONT></P></DIV>------------------------ 
  MailScanner list ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From rpotter at RPCS.NET  Wed Sep 22 22:56:14 2004
From: rpotter at RPCS.NET (Richard Potter)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2360.1137101218.24926.mailscanner@lists.mailscanner.info>

On Wed, 22 Sep 2004, Michael Freeman wrote:

> We are running Cpanel + MailScanner (Latest) Spamassasin. Until last night,
> our SA was version 2.64. After latest nights Cpanel update we are now
> running SA3.0. We can always reply on wonderful Cpanel to mess with peoples
> installation but anyway. We seem to be having a Bayes issue now. Everytime
> the Bayes db is queried; there is a noticeable error in the logs.

<Snip>

> Does this mean I have to reinstall a new copy of the Bayes DB just because
> of the upgrade? If so, how do we refresh the db?

# sa-learn --sync

Ignore the error message, and be patient for it to complete.


Cheers!
--
Richard Potter RHCE
Re/Max
Kingston, ON  CANADA

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Wed Sep 22 22:56:39 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2361.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>We are running Cpanel + MailScanner (Latest) Spamassasin.
Until last night, our SA was version 2.64. After latest nights Cpanel update we
are now running SA3.0. We can always reply on wonderful Cpanel to mess with
peoples installation but anyway. We seem to be having a Bayes issue now.
Everytime the Bayes db is queried; there is a noticeable error in the logs.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:06 srv05 spamd[15099]: processing message
&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt; for plush:32050. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:06 srv05 spamd[15099]: bayes: bayes db version
2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm
line 160, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_DEFASP_uri_test redefined at
/etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP, line 5,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
PORN_URL_SLUT_uri_test redefined at /usr/share/spamassassin/20_porn.cf, rule
PORN_URL_SLUT, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_LHOST30_uri_test redefined at /etc/mail/spamassassin/70_sare_html.cf,
rule SARE_HTML_URI_LHOST30, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
USERPASS_uri_test redefined at /usr/share/spamassassin/20_uri_tests.cf, rule
USERPASS, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
__URI_PAYPAL_uri_test redefined at /etc/mail/spamassassin/70_sare_spoof.cf,
rule __URI_PAYPAL, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_OPTPHP_uri_test redefined at /etc/mail/spamassassin/70_sare_html.cf,
rule SARE_HTML_URI_OPTPHP, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
MAILTO_TO_SPAM_ADDR_uri_test redefined at
/usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR, line 10,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Failed to compile URI
SpamAssassin tests, skipping:__(syntax error at
/etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, near
&quot;eval:&quot;_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule
WS_URI_RBL, line 1, near &quot;eval:&quot;_syntax error at
/etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 8, near
&quot;}_&nbsp;&nbsp;&nbsp; }&quot;_) <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:09 srv05 spamd[15099]: clean message (1.2/5.0)
for plush:32050 in 4.6 seconds, 4886 bytes. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:09 srv05 spamd[15099]: result: .&nbsp; 1 -
FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY
scantime=4.6,size=4886,mid=&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt;,autolearn=no
&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Does this mean I have to reinstall a new copy of the Bayes
DB just because of the upgrade? If so, how do we refresh the db?<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From peter at UCGBOOK.COM  Wed Sep 22 23:02:25 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:58 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2362.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Brodeur wrote:
>    What I'd like is to skip file name/type checks within zip files,
> while still checking the contents for known viruses.  Unzipped files
> should still be subject to all checks.  I don't see a way to
> selectively ignore zip contents, as the only option appears to be
> disabling archive checking entirely.

# The maximum depth to which zip archives will be unpacked, to allow for
# checking filenames and filetypes within zip archives.
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
Maximum Archive Depth = 0

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From greg at BLASTZONE.COM  Wed Sep 22 23:05:06 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2363.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o = 
"urn:schemas-microsoft-com:office:office" xmlns:w = 
"urn:schemas-microsoft-com:office:word"><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=981160422-22092004><FONT face=Arial color=#0000ff size=2>sorry 
folks, that should be :</FONT></SPAN></DIV>
<DIV><SPAN class=981160422-22092004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=981160422-22092004><FONT face=Arial color=#0000ff 
size=2>sa-learn --sync</FONT></SPAN></DIV>
<DIV><SPAN class=981160422-22092004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=981160422-22092004><FONT face=Arial color=#0000ff size=2>not 
spamassassin --sync</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
  face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Greg Deputy 
  [mailto:greg@blastzone.com] <BR><B>Sent:</B> Wednesday, September 22, 2004 
  2:54 PM<BR><B>To:</B> 'admin@thenamegame.com'; 
  'MAILSCANNER@JISCMAIL.AC.UK'<BR><B>Subject:</B> RE: SA 3.0 + MailScanner Bayes 
  issue!<BR><BR></FONT></DIV>
  <DIV><SPAN class=700475221-22092004><FONT face=Arial color=#0000ff size=2>Run 
  spamassassin --sync to rebuild the bayes db and that should help.&nbsp; I had 
  the same problem after upgrading to 3.0, and that fixed it for 
  me.</FONT></SPAN></DIV>
  <BLOCKQUOTE 
  style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
    <DIV></DIV>
    <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
    face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> MailScanner 
    mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] <B>On Behalf Of </B>Michael 
    Freeman<BR><B>Sent:</B> Wednesday, September 22, 2004 2:57 PM<BR><B>To:</B> 
    MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> SA 3.0 + MailScanner Bayes 
    issue!<BR><BR></FONT></DIV>
    <DIV class=Section1>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">We are running Cpanel + 
    MailScanner (Latest) Spamassasin. Until last night, our SA was version 2.64. 
    After latest nights Cpanel update we are now running SA3.0. We can always 
    reply on wonderful Cpanel to mess with peoples installation but anyway. We 
    seem to be having a Bayes issue now. Everytime the Bayes db is queried; 
    there is a noticeable error in the logs.<o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm 
    line 160. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:06 srv05 
    spamd[15099]: processing message 
    &lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt; for plush:32050. 
    <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:06 srv05 
    spamd[15099]: bayes: bayes db version 2 is not able to be used, aborting! at 
    /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine SARE_HTML_URI_DEFASP_uri_test redefined at 
    /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP, line 5, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine PORN_URL_SLUT_uri_test redefined at 
    /usr/share/spamassassin/20_porn.cf, rule PORN_URL_SLUT, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine SARE_HTML_URI_LHOST30_uri_test redefined at 
    /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_LHOST30, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine USERPASS_uri_test redefined at 
    /usr/share/spamassassin/20_uri_tests.cf, rule USERPASS, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine __URI_PAYPAL_uri_test redefined at 
    /etc/mail/spamassassin/70_sare_spoof.cf, rule __URI_PAYPAL, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine SARE_HTML_URI_OPTPHP_uri_test redefined at 
    /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_OPTPHP, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Subroutine MAILTO_TO_SPAM_ADDR_uri_test redefined at 
    /usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR, line 10, 
    &lt;GEN53&gt; line 132. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:08 srv05 
    spamd[15099]: Failed to compile URI SpamAssassin tests, skipping:__(syntax 
    error at /etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, 
    near "eval:"_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule 
    WS_URI_RBL, line 1, near "eval:"_syntax error at 
    /etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 8, near 
    "}_&nbsp;&nbsp;&nbsp; }"_) <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:09 srv05 
    spamd[15099]: clean message (1.2/5.0) for plush:32050 in 4.6 seconds, 4886 
    bytes. <o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sep 22 17:34:09 srv05 
    spamd[15099]: result: .&nbsp; 1 - 
    FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY 
    scantime=4.6,size=4886,mid=&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt;,autolearn=no 
    &nbsp;<o:p></o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
    <P class=MsoNormal><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Does this mean I have to 
    reinstall a new copy of the Bayes DB just because of the upgrade? If so, how 
    do we refresh the 
    db?<o:p></o:p></SPAN></FONT></P></DIV>------------------------ MailScanner 
    list ------------------------ To unsubscribe, email <A 
    href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
    words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
    read the MAQ (<A 
    href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
    the archives (<A 
    href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
  </BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From admin at thenamegame.com  Wed Sep 22 23:27:29 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2364.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>Message</title>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>That did not fix the issue unfortunately.
Also, I have SpamcopURI installed from when I was using SURBL with 2.64. So do I
need to also change the SURBL lookups to version 3.0 format? Im still getting
error on Bayes.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Sep 22 18:13:54 srv05 spamd[4408]: bayes:
bayes db version 2 is not able to be used, aborting! at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> MailScanner
mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Greg Deputy<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, September 22,
2004 6:05 PM<br>
<b><span style='font-weight:bold'>To:</span></b> MAILSCANNER@JISCMAIL.AC.UK<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: SA 3.0 + MailScanner
Bayes issue!</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>sorry folks, that should be :</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>sa-learn --sync</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>not spamassassin --sync</span></font><o:p></o:p></p>

</div>

<blockquote style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Greg Deputy
[mailto:greg@blastzone.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, September 22,
2004 2:54 PM<br>
<b><span style='font-weight:bold'>To:</span></b> '<st1:PersonName w:st="on">admin@thenamegame.com</st1:PersonName>';
'MAILSCANNER@JISCMAIL.AC.UK'<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: SA 3.0 + MailScanner
Bayes issue!</span></font><o:p></o:p></p>

<div>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>Run spamassassin --sync to rebuild the
bayes db and that should help.&nbsp; I had the same problem after upgrading to
3.0, and that fixed it for me.</span></font><o:p></o:p></p>

</div>

<blockquote style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> MailScanner mailing list
[mailto:MAILSCANNER@JISCMAIL.AC.UK] <b><span style='font-weight:bold'>On Behalf
Of </span></b>Michael Freeman<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, September 22,
2004 2:57 PM<br>
<b><span style='font-weight:bold'>To:</span></b> MAILSCANNER@JISCMAIL.AC.UK<br>
<b><span style='font-weight:bold'>Subject:</span></b> SA 3.0 + MailScanner
Bayes issue!</span></font><o:p></o:p></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>We are running Cpanel + MailScanner (Latest) Spamassasin.
Until last night, our SA was version 2.64. After latest nights Cpanel update we
are now running SA3.0. We can always reply on wonderful Cpanel to mess with
peoples installation but anyway. We seem to be having a Bayes issue now.
Everytime the Bayes db is queried; there is a noticeable error in the logs.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:06 srv05 spamd[15099]: processing message
&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt; for plush:32050. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:06 srv05 spamd[15099]: bayes: bayes db version
2 is not able to be used, aborting! at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_DEFASP_uri_test redefined at
/etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP, line 5,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
PORN_URL_SLUT_uri_test redefined at /usr/share/spamassassin/20_porn.cf, rule
PORN_URL_SLUT, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_LHOST30_uri_test redefined at
/etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_LHOST30, line 10,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
USERPASS_uri_test redefined at /usr/share/spamassassin/20_uri_tests.cf, rule
USERPASS, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
__URI_PAYPAL_uri_test redefined at /etc/mail/spamassassin/70_sare_spoof.cf,
rule __URI_PAYPAL, line 10, &lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
SARE_HTML_URI_OPTPHP_uri_test redefined at
/etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_OPTPHP, line 10,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
MAILTO_TO_SPAM_ADDR_uri_test redefined at
/usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR, line 10,
&lt;GEN53&gt; line 132. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:08 srv05 spamd[15099]: Failed to compile URI
SpamAssassin tests, skipping:__(syntax error at
/etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, near
&quot;eval:&quot;_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule
WS_URI_RBL, line 1, near &quot;eval:&quot;_syntax error at /etc/mail/spamassassin/spamcop_uri.cf,
rule WS_URI_RBL, line 8, near &quot;}_&nbsp;&nbsp;&nbsp; }&quot;_) <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:09 srv05 spamd[15099]: clean message (1.2/5.0)
for plush:32050 in 4.6 seconds, 4886 bytes. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 22 17:34:09 srv05 spamd[15099]: result: .&nbsp; 1 -
FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY scantime=4.6,size=4886,mid=&lt;17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1&gt;,autolearn=no
&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Does this mean I have to reinstall a new copy of the Bayes
DB just because of the upgrade? If so, how do we refresh the db?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>------------------------ MailScanner list ------------------------ To
unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>
and the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
<o:p></o:p></span></font></p>

</blockquote>

</blockquote>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ELKNET.NET  Wed Sep 22 23:56:09 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3 release and MailScanner
Message-ID: <mailman.2365.1137101218.24926.mailscanner@lists.mailscanner.info>

On Wed, 22 Sep 2004 21:11:10 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>The file install-Clam-SA.tar.gz as linked from the downloads page
>definitely has 3.0.0 in it, I've just checked. Be sure you are downloading
>the right thing and no caches/proxies in the way aren't causing you trouble.

Thanks, that was it. Got it!

-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Thu Sep 23 00:01:40 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:58 2006
Subject: blacklist for subject
Message-ID: <mailman.2366.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Diego Fabara wrote:

> How stop mail with Subject: "re[9]:" for example ??

Write a spamassin rule and give it a high score.

There is a tutorial on the spamassassin web site on how to write rules.

There is info in this list's archive as well.

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Thu Sep 23 00:50:30 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2367.1137101218.24926.mailscanner@lists.mailscanner.info>

Sorry for the top posting but this thread is getting a bit confused â^ع

1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
2. Download and install spam.assassin.pref.conf from our support web site:
        www.fsl.com/support
   install the contents of this file as:
        /etc/MailScanner/spam.assassin.prefs.conf

Hope this helps,

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com 
________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Freeman
Sent: Wednesday, September 22, 2004 6:27 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SA 3.0 + MailScanner Bayes issue!

That did not fix the issue unfortunately. Also, I have SpamcopURI installed from when I was using SURBL with 2.64. So do I need to also change the SURBL lookups to version 3.0 format? Im still getting error on Bayes.

Sep 22 18:13:54 srv05 spamd[4408]: bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160.

________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Greg Deputy
Sent: Wednesday, September 22, 2004 6:05 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SA 3.0 + MailScanner Bayes issue!

sorry folks, that should be :
 
sa-learn --sync
 
not spamassassin --sync
-----Original Message-----
From: Greg Deputy [mailto:greg@blastzone.com] 
Sent: Wednesday, September 22, 2004 2:54 PM
To: 'admin@thenamegame.com'; 'MAILSCANNER@JISCMAIL.AC.UK'
Subject: RE: SA 3.0 + MailScanner Bayes issue!
Run spamassassin --sync to rebuild the bayes db and that should help.  I had the same problem after upgrading to 3.0, and that fixed it for me.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Freeman
Sent: Wednesday, September 22, 2004 2:57 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: SA 3.0 + MailScanner Bayes issue!
We are running Cpanel + MailScanner (Latest) Spamassasin. Until last night, our SA was version 2.64. After latest nights Cpanel update we are now running SA3.0. We can always reply on wonderful Cpanel to mess with peoples installation but anyway. We seem to be having a Bayes issue now. Everytime the Bayes db is queried; there is a noticeable error in the logs.

5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160. 
Sep 22 17:34:06 srv05 spamd[15099]: processing message <17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1> for plush:32050. 
Sep 22 17:34:06 srv05 spamd[15099]: bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine SARE_HTML_URI_DEFASP_uri_test redefined at /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP, line 5, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine PORN_URL_SLUT_uri_test redefined at /usr/share/spamassassin/20_porn.cf, rule PORN_URL_SLUT, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine SARE_HTML_URI_LHOST30_uri_test redefined at /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_LHOST30, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine USERPASS_uri_test redefined at /usr/share/spamassassin/20_uri_tests.cf, rule USERPASS, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine __URI_PAYPAL_uri_test redefined at /etc/mail/spamassassin/70_sare_spoof.cf, rule __URI_PAYPAL, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine SARE_HTML_URI_OPTPHP_uri_test redefined at /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_OPTPHP, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Subroutine MAILTO_TO_SPAM_ADDR_uri_test redefined at /usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR, line 10, <GEN53> line 132. 
Sep 22 17:34:08 srv05 spamd[15099]: Failed to compile URI SpamAssassin tests, skipping:__(syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, near "eval:"_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 1, near "eval:"_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 8, near "}_    }"_) 
Sep 22 17:34:09 srv05 spamd[15099]: clean message (1.2/5.0) for plush:32050 in 4.6 seconds, 4886 bytes. 
Sep 22 17:34:09 srv05 spamd[15099]: result: .  1 - FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY scantime=4.6,size=4886,mid=<17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1>,autolearn=no  

Does this mean I have to reinstall a new copy of the Bayes DB just because of the upgrade? If so, how do we refresh the db?
------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 01:32:56 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2368.1137101218.24926.mailscanner@lists.mailscanner.info>

Michael Freeman wrote:
> We are running Cpanel + MailScanner (Latest) Spamassasin.  Until last
> night, our SA was version 2.64. After latest nights Cpanel update we
> are now running SA3.0. We can always reply on wonderful Cpanel to
> mess with peoples installation but anyway. We seem to be having a
> Bayes issue now.  Everytime the Bayes db is queried; there is a
> noticeable error in the logs.     
> 
> 5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160.
> 
> Sep 22 17:34:06 srv05 spamd[15099]: processing message
> <17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1> for plush:32050. 
> 
> Sep 22 17:34:06 srv05 spamd[15099]: bayes: bayes db version 2 is not
> able to be used, aborting! at
> /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm
> line 160, <GEN53> line 132.   
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
> SARE_HTML_URI_DEFASP_uri_test redefined at
> /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_DEFASP,
> line 5, <GEN53> line 132.   
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine PORN_URL_SLUT_uri_test
> redefined at /usr/share/spamassassin/20_porn.cf, rule PORN_URL_SLUT,
> line 10, <GEN53> line 132.  
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
> SARE_HTML_URI_LHOST30_uri_test redefined at
> /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_LHOST30,
> line 10, <GEN53> line 132.   
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine USERPASS_uri_test
> redefined at /usr/share/spamassassin/20_uri_tests.cf, rule USERPASS,
> line 10, <GEN53> line 132.  
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine __URI_PAYPAL_uri_test
> redefined at /etc/mail/spamassassin/70_sare_spoof.cf, rule
> __URI_PAYPAL, line 10, <GEN53> line 132.  
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
> SARE_HTML_URI_OPTPHP_uri_test redefined at
> /etc/mail/spamassassin/70_sare_html.cf, rule SARE_HTML_URI_OPTPHP,
> line 10, <GEN53> line 132.   
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Subroutine
> MAILTO_TO_SPAM_ADDR_uri_test redefined at
> /usr/share/spamassassin/20_uri_tests.cf, rule MAILTO_TO_SPAM_ADDR,
> line 10, <GEN53> line 132.   
> 
> Sep 22 17:34:08 srv05 spamd[15099]: Failed to compile URI
> SpamAssassin tests, skipping:__(syntax error at
> /etc/mail/spamassassin/spamcop_uri.cf, rule AB_URI_RBL, line 1, near
> "eval:"_syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule
> WS_URI_RBL, line 1, near "eval:"_syntax error at
> /etc/mail/spamassassin/spamcop_uri.cf, rule WS_URI_RBL, line 8, near
> "}_    }"_)      
> 
> Sep 22 17:34:09 srv05 spamd[15099]: clean message (1.2/5.0) for
> plush:32050 in 4.6 seconds, 4886 bytes. 
> 
> Sep 22 17:34:09 srv05 spamd[15099]: result: .  1 -
> FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY
>
scantime=4.6,size=4886,mid=<17a04e01c4a0ed$e0845a00$a2d9ebd1@allposters1>,au
tolearn=no
> 
> Does this mean I have to reinstall a new copy of the Bayes DB just
> because of the upgrade? If so, how do we refresh the db? 

SA3's Bayes format is NOT compatible with the older version's Bayes' DB. 
You need to convert the old DB before you upgrade. If you haven't, which is
your case, then you will need to remove all the bayes entries and start
again

You will also need to remove all the custom rulesets as they are either
included in SA3 or are not compatible.

This is all documented in the INSTALL and UPGRADE files 

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 01:33:22 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: blacklist for subject
Message-ID: <mailman.2369.1137101218.24926.mailscanner@lists.mailscanner.info>

> How stop mail with Subject: "re[9]:" for example ??
You would need to write a custom rule or use MCP



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Thu Sep 23 02:28:03 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2370.1137101218.24926.mailscanner@lists.mailscanner.info>

Hmm, I didn't upgrade my bayes db until after the SA upgrade, but it
still worked.

<<SNIP>>>
> SA3's Bayes format is NOT compatible with the older version's
> Bayes' DB.
> You need to convert the old DB before you upgrade. If you
> haven't, which is your case, then you will need to remove all
> the bayes entries and start again
>
> You will also need to remove all the custom rulesets as they
> are either included in SA3 or are not compatible.
>
> This is all documented in the INSTALL and UPGRADE files
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbrodeur+mailscanner at NEXTTIME.COM  Thu Sep 23 04:47:36 2004
From: mbrodeur+mailscanner at NEXTTIME.COM (Matt Brodeur)
Date: Thu Jan 12 21:26:58 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2371.1137101218.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Sep 23, 2004 at 12:02:25AM +0200, Peter Bonivart wrote:

> # To disable this feature set this to 0.
> # A common useful setting is this option = 0, and Allow Password-Protected
> # Archives = no. That block password-protected archives but does not do
> # any filename/filetype checks on the files within the archive.
> Maximum Archive Depth = 0

   Maybe I misread this description the last 20 or so times I looked
at it.  Could someone clarify whether setting this to "0" still allows
virus scanning within the archive?
   Or is it the case that scanning for viruses inside zips is handled
separately, by the virus scanner (clamavmodule) itself?  If so, is
that tunable somewhere, or will it always look inside archives if
possible?


- --
Matt Brodeur                                                       RHCE
MBrodeur@NextTime.com                           http://www.NextTime.com

Because inside every old person is a young person wondering what happened.
                -- Terry Pratchett, "Moving Pictures"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUkdYc8/WFSz+GKMRAkMZAJ4rdyyZYFwbyNuC0WWsJeBohL1jKACgpwU4
5DKwvzHTwN1rYoOI+j76w1o=
=usUq
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mradford at ALSPEC.COM.AU  Thu Sep 23 07:46:29 2004
From: mradford at ALSPEC.COM.AU (mark radford)
Date: Thu Jan 12 21:26:58 2006
Subject: Attachment blocking and email queuing
Message-ID: <mailman.2372.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-AU style='font-size:
10.0pt;font-family:Arial'>Is it possible to block emails containing an
attachment and then place the email in a queue that can later be processed? For
example, initially block all emails containing .pps files to a queue. The queue
can then be check to determine if the emails look suspicious. If the emails
seem legit they can then be processed onto the intended recipient. This would
avoid simply dumping and losing all files that contain a specific attachment.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-AU style='font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span lang=EN-AU style='font-size:
10.0pt;font-family:Arial'>Thanks.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From gdoris at ROGERS.COM  Thu Sep 23 07:52:01 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2373.1137101218.24926.mailscanner@lists.mailscanner.info>

On Wed, 22 Sep 2004, Steve Swaney wrote:

> Sorry for the top posting but this thread is getting a bit confused â^ع
> 
> 1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
> 2. Download and install spam.assassin.pref.conf from our support web site:
>         www.fsl.com/support
>    install the contents of this file as:
>         /etc/MailScanner/spam.assassin.prefs.conf
> 
> Hope this helps,
> 
> Steve

I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these 
just not needed with SpamAssassin 3?  They aren't causing any errors.

-- 
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 08:38:56 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2374.1137101218.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> On Wed, 22 Sep 2004, Steve Swaney wrote:
> 
>> Sorry for the top posting but this thread is getting a bit confused â^ع
>> 
>> 1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
>> 2. Download and install spam.assassin.pref.conf from our support web
>>    site:         www.fsl.com/support install the contents of this
>>         file as: /etc/MailScanner/spam.assassin.prefs.conf
>> 
>> Hope this helps,
>> 
>> Steve
> 
> I still have the SURBL/URI files in /etc/mail/spamassassin.
> Are these just not needed with SpamAssassin 3?  They aren't causing
> any errors. 

I got clarification on this last night from one of the developers:

"We've reviewed the SARE files, and identified all other rules that overlap with 3.0.0, and have migrated them to new files.  For instance, see http://www.rulesemporium.com/rules.htm#header

70_sare_header_x30.cf contains those rule(s) which duplicate 3.0, and should not be used with that version.

70_sare_header_x264_x30.cf contains those rule(s) which duplicate both 3.0 and 2.64, and should not be used with either of those versions.

If we've done it correctly, even if you include those files in your system you /should/ be OK, since we coded these files to give preference to the 2.64 and/or 3.0 rules. There should be no harm in including those files, other than increased overhead, but it's better for 3.0 installations to avoid the x30 files."

HTH

Michele



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 09:09:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2375.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 04:47 23/09/2004, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Thu, Sep 23, 2004 at 12:02:25AM +0200, Peter Bonivart wrote:
>
> > # To disable this feature set this to 0.
> > # A common useful setting is this option = 0, and Allow Password-Protected
> > # Archives = no. That block password-protected archives but does not do
> > # any filename/filetype checks on the files within the archive.
> > Maximum Archive Depth = 0
>
>    Maybe I misread this description the last 20 or so times I looked
>at it.  Could someone clarify whether setting this to "0" still allows
>virus scanning within the archive?

Yes, archives will still be virus scanned, regardless of what you set this to.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From damian at SCIENCE.NUS.EDU.SG  Thu Sep 23 09:36:36 2004
From: damian at SCIENCE.NUS.EDU.SG (damian)
Date: Thu Jan 12 21:26:58 2006
Subject: Postfix with MailScanner
Message-ID: <mailman.2376.1137101218.24926.mailscanner@lists.mailscanner.info>

Dear all,

I had installed Postfix with Mail Scanner.

I followed the configuration in the documentation, however, when I try to send a mail,
I was return with the following errors:

Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9: to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19, status=SOFTBOUNCE (data format error. Command output: /usr/sbin/cyrdeliver:
/usr/local/lib/libsasl2.so.2: no version information available (required by /usr/sbin/cyrdeliver)
 damian: Message contains invalid header )


Any advise on what could be wrong?

Thanks and regards,
Damian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From adrian.inman at AFINITE.CO.UK  Thu Sep 23 09:36:38 2004
From: adrian.inman at AFINITE.CO.UK (Adrian Inman)
Date: Thu Jan 12 21:26:58 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2377.1137101218.24926.mailscanner@lists.mailscanner.info>

I have MailScanner running on Debian with Exim4 at a few sites rather
well. However, some legitimate traffic from one of our apps is being
rejected for having Bad Content. I can't do much about this, but as its
always from a specific address, I would like to be able to 'trust' this
address and have MailScanner pass the email.

The top of the email looks like this:

X-ORGNAME-MailScanner: Found to be clean
X-ORGNAME-MailScanner-SpamScore: sss
X-MailScanner-From: postmaster@symphony

The following e-mails were found to have: Other Bad Content Detected

    Sender: webwatcher@myorg.co.uk
IP Address: 0.0.0.0
 Recipient: someone@somewhere.co.uk
   Subject:  WebWatcher: www.zenith.co.uk has changed
 MessageID: 1CA2II-0001q3-10
    Report: MailScanner: Found a script in HTML message

SpamAssassin isn't what's causing it to be flagged so I can't use the
whitelist rules.

Please advise.

Thanks in advance, Adrian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 10:08:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: Postfix with MailScanner
Message-ID: <mailman.2378.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This a postfix delivery problem, not a MailScanner one. Are you sure
/usr/local/lib is in so ld.so.conf?

At 09:36 23/09/2004, you wrote:
>Dear all,
>
>I had installed Postfix with Mail Scanner.
>
>I followed the configuration in the documentation, however, when I try to
>send a mail,
>I was return with the following errors:
>
>Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9:
>to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19,
>status=SOFTBOUNCE (data format error. Command output: /usr/sbin/cyrdeliver:
>/usr/local/lib/libsasl2.so.2: no version information available (required
>by /usr/sbin/cyrdeliver)
>  damian: Message contains invalid header )
>
>
>Any advise on what could be wrong?
>
>Thanks and regards,
>Damian
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From damian at SCIENCE.NUS.EDU.SG  Thu Sep 23 10:15:33 2004
From: damian at SCIENCE.NUS.EDU.SG (damian)
Date: Thu Jan 12 21:26:58 2006
Subject: [Mail scanned] Re: Postfix with MailScanner
Message-ID: <mailman.2379.1137101218.24926.mailscanner@lists.mailscanner.info>

Yup, its in... you have got any idea what could be wrong?

Thanks and rgds,
Damain

On Thu, 2004-09-23 at 17:08, Julian Field wrote:
> This a postfix delivery problem, not a MailScanner one. Are you sure
> /usr/local/lib is in so ld.so.conf?
>
> At 09:36 23/09/2004, you wrote:
> >Dear all,
> >
> >I had installed Postfix with Mail Scanner.
> >
> >I followed the configuration in the documentation, however, when I try to
> >send a mail,
> >I was return with the following errors:
> >
> >Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9:
> >to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19,
> >status=SOFTBOUNCE (data format error. Command output: /usr/sbin/cyrdeliver:
> >/usr/local/lib/libsasl2.so.2: no version information available (required
> >by /usr/sbin/cyrdeliver)
> >  damian: Message contains invalid header )
> >
> >
> >Any advise on what could be wrong?
> >
> >Thanks and regards,
> >Damian
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
damian <damian@science.nus.edu.sg>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rvanwijn at XS4ALL.NL  Thu Sep 23 10:37:25 2004
From: rvanwijn at XS4ALL.NL (Reinier van Wijngaarden)
Date: Thu Jan 12 21:26:58 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2380.1137101218.24926.mailscanner@lists.mailscanner.info>

> The new version of MIME-tools has this all built in. You don't need to
> patch anything.
> I have been working on this with Martin and a couple of other folks for
> the
> past few weeks.
>

Fixed in the next release, that's very good news. I let my 'hack'
untouched, until there's an official stable release. I tried out beta
4.34.2 that didn't work that great for my.
Since I don't have test server yet, I don't wont to try it out a second
time. ;-) downtime was a little bit to long.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gareth at GRIFFIN.COM  Thu Sep 23 10:54:49 2004
From: gareth at GRIFFIN.COM (Gareth Campling)
Date: Thu Jan 12 21:26:58 2006
Subject: SpamAssasin 3.00 Install Fails uisng Julians Install Script
Message-ID: <mailman.2381.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>SpamAssasin 3.00 Install Fails uisng Julians Install Script</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P><FONT SIZE=2 FACE="Tahoma">Hi</FONT>
</P>

<P><FONT SIZE=2 FACE="Tahoma">Trying to install SpamAssasin 3.00 from the install-CLAM-SA install script and it fails out with the following</FONT>
</P>

<P><FONT SIZE=2 FACE="Tahoma">Checking if your kit is complete...</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">Looks good</FONT>
</P>

<P><FONT SIZE=2 FACE="Tahoma">Warning: I could not locate your pod2man program. Please make sure,</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; your pod2man program is in your PATH before you execute 'make'</FONT>
</P>

<P><FONT SIZE=2 FACE="Tahoma">Writing Makefile for Mail::SpamAssassin</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">Makefile written by ExtUtils::MakeMaker 6.05</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">+ make</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">Makefile:94: *** missing separator.&nbsp; Stop.</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">error: Bad exit status from /var/tmp/rpm-tmp.78467 (%build)</FONT>
</P>
<BR>

<P><FONT SIZE=2 FACE="Tahoma">RPM build errors:</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">&nbsp;&nbsp;&nbsp; Bad exit status from /var/tmp/rpm-tmp.78467 (%build)</FONT>
</P>
<BR>
<BR>

<P><FONT SIZE=2 FACE="Tahoma">Missing file /usr/src/redhat/RPMS/noarch/perl-Mail-SpamAssassin-3.0.0-1.noarch.rpm.</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">Maybe it did not build correctly?</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">*</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">* This Could Be A Problem. Press Ctrl-S Now!!</FONT>

<BR><FONT SIZE=2 FACE="Tahoma">*</FONT>
</P>

<P><FONT SIZE=2 FACE="Tahoma">This box use to run spamassasin 2 fine, have removed that tho so there was no clashes, anyone else got this or a fix for it.</FONT></P>

<P><FONT SIZE=2 FACE="Tahoma">thanks</FONT>
</P>

<P><FONT SIZE=2 FACE="Courier New">--</FONT>

<BR><FONT SIZE=2 FACE="Courier New">Gareth Campling</FONT>

<BR><FONT SIZE=2 FACE="Courier New">Network Operations Engineer</FONT>

<BR><FONT SIZE=2 FACE="Courier New">Griffin Internet<BR>
</FONT>

<BR><FONT COLOR="#555555" SIZE=1 FACE="Courier New">T&nbsp; :&nbsp; 0870 804 0 804</FONT><BR>
<FONT COLOR="#555555" SIZE=1 FACE="Courier New">F&nbsp; :&nbsp; 0870 804 0 805<BR>
DD :&nbsp; 0870 804 0 863<BR>
W&nbsp; :&nbsp; </FONT><A HREF="http://www.griffin.com"><U><FONT COLOR="#0000FF" SIZE=1 FACE="Courier New">www.griffin.com</FONT></U></A>
</P>

</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 11:09:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: [Mail scanned] Re: Postfix with MailScanner
Message-ID: <mailman.2382.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You aren't running cyrdeliver in a chroot jail are you? If so, check the
setup of your jail, that might be the problem.

At 10:15 23/09/2004, you wrote:
>Yup, its in... you have got any idea what could be wrong?
>
>Thanks and rgds,
>Damain
>
>On Thu, 2004-09-23 at 17:08, Julian Field wrote:
> > This a postfix delivery problem, not a MailScanner one. Are you sure
> > /usr/local/lib is in so ld.so.conf?
> >
> > At 09:36 23/09/2004, you wrote:
> > >Dear all,
> > >
> > >I had installed Postfix with Mail Scanner.
> > >
> > >I followed the configuration in the documentation, however, when I try to
> > >send a mail,
> > >I was return with the following errors:
> > >
> > >Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9:
> > >to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19,
> > >status=SOFTBOUNCE (data format error. Command output:
> /usr/sbin/cyrdeliver:
> > >/usr/local/lib/libsasl2.so.2: no version information available (required
> > >by /usr/sbin/cyrdeliver)
> > >  damian: Message contains invalid header )
> > >
> > >
> > >Any advise on what could be wrong?
> > >
> > >Thanks and regards,
> > >Damian

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 11:10:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2383.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Can you send me the PDF file? And a description of what happens in Acrobat
when you view the damaged version.
I'm running the latest code here, so it shouldn't get damaged I hope.

At 10:37 23/09/2004, you wrote:
> > The new version of MIME-tools has this all built in. You don't need to
> > patch anything.
> > I have been working on this with Martin and a couple of other folks for
> > the
> > past few weeks.
> >
>
>Fixed in the next release, that's very good news. I let my 'hack'
>untouched, until there's an official stable release. I tried out beta
>4.34.2 that didn't work that great for my.
>Since I don't have test server yet, I don't wont to try it out a second
>time. ;-) downtime was a little bit to long.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Uwe.Krause at FEP.FRAUNHOFER.DE  Thu Sep 23 11:18:26 2004
From: Uwe.Krause at FEP.FRAUNHOFER.DE (Krause, Dr. Uwe)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2384.1137101218.24926.mailscanner@lists.mailscanner.info>

> I still have the SURBL/URI files in /etc/mail/spamassassin.  
> Are these just not needed with SpamAssassin 3?  They aren't causing
any errors.

Look at /etc/mail/spamassassin/init.pre

This is all you will need ...

Uwe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 12:04:37 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon:: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: SpamAssasin 3.00 Install Fails uisng Julians Install Script
Message-ID: <mailman.2385.1137101218.24926.mailscanner@lists.mailscanner.info>

Gareth Campling wrote:
> Hi
> 
> Trying to install SpamAssasin 3.00 from the install-CLAM-SA install
> script and it fails out with the following 
> 
> Checking if your kit is complete...
> Looks good
> 
> Warning: I could not locate your pod2man program. Please make sure,
>          your pod2man program is in your PATH before you execute
> 'make' 
> 
> Writing Makefile for Mail::SpamAssassin
> Makefile written by ExtUtils::MakeMaker 6.05
> + make
> Makefile:94: *** missing separator.  Stop.
> error: Bad exit status from /var/tmp/rpm-tmp.78467 (%build)
> 
> RPM build errors:
>     Bad exit status from /var/tmp/rpm-tmp.78467 (%build)
> 
> Missing file
> /usr/src/redhat/RPMS/noarch/perl-Mail-SpamAssassin-3.0.0-1.noarch.rpm.
> Maybe it did not build correctly?
> *
> * This Could Be A Problem. Press Ctrl-S Now!!
> *
> 
> This box use to run spamassasin 2 fine, have removed that tho so
> there was no clashes, anyone else got this or a fix for it. 
> 
Type the following before running the installer:
export LANG=C


Michele

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gareth at GRIFFIN.COM  Thu Sep 23 12:35:18 2004
From: gareth at GRIFFIN.COM (Gareth Campling)
Date: Thu Jan 12 21:26:58 2006
Subject: SpamAssasin 3.00 Install Fails uisng Julians Install Script
Message-ID: <mailman.2386.1137101218.24926.mailscanner@lists.mailscanner.info>

Hi Michele

That worked a treat, so for the 2nd time today, Thanks ;)

--
Gareth Campling
Network Operations Engineer
Griffin Internet

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon:: Blacknight Solutions
Sent: 23 September 2004 12:05
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SpamAssasin 3.00 Install Fails uisng Julians Install Script

Gareth Campling wrote:
> Hi
> 
> Trying to install SpamAssasin 3.00 from the install-CLAM-SA install 
> script and it fails out with the following
> 
> Checking if your kit is complete...
> Looks good
> 
> Warning: I could not locate your pod2man program. Please make sure,
>          your pod2man program is in your PATH before you execute 
> 'make'
> 
> Writing Makefile for Mail::SpamAssassin Makefile written by 
> ExtUtils::MakeMaker 6.05
> + make
> Makefile:94: *** missing separator.  Stop.
> error: Bad exit status from /var/tmp/rpm-tmp.78467 (%build)
> 
> RPM build errors:
>     Bad exit status from /var/tmp/rpm-tmp.78467 (%build)
> 
> Missing file
> /usr/src/redhat/RPMS/noarch/perl-Mail-SpamAssassin-3.0.0-1.noarch.rpm.
> Maybe it did not build correctly?
> *
> * This Could Be A Problem. Press Ctrl-S Now!!
> *
> 
> This box use to run spamassasin 2 fine, have removed that tho so there 
> was no clashes, anyone else got this or a fix for it.
> 
Type the following before running the installer:
export LANG=C


Michele

------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Thu Sep 23 12:41:14 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:26:58 2006
Subject: [Mail scanned] Re: Postfix with MailScanner
Message-ID: <mailman.2387.1137101218.24926.mailscanner@lists.mailscanner.info>

On Thu, September 23, 2004 10:15, damian said:
>> >I was return with the following errors:
>> >
>> >Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9:
>> >to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19,
>> >status=SOFTBOUNCE (data format error. Command output:
>> /usr/sbin/cyrdeliver:
>> >/usr/local/lib/libsasl2.so.2: no version information available
>> (required
>> >by /usr/sbin/cyrdeliver)
>> >  damian: Message contains invalid header )

Just worth checking but what is set in your MailScanner.conf file for site
name (Sorry I can't remember exactly the line descrition but it's at the
top of the file) make sure there are no spaces etc so making your
x-<sitename>-MailScanner: headers legal.

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Thu Sep 23 13:25:28 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:26:58 2006
Subject: Webmin module or other web-based front end?
Message-ID: <mailman.2388.1137101218.24926.mailscanner@lists.mailscanner.info>

Anyone using the Webmin module for Mailscanner from http://lushsoft.dyndns.org/mailscanner-webmin/ ?  I need something for our helpdesk so that they can easily (ie, web front end) modify/add/delete the filename.rules.conf file.  I'm installing it on a secondary MailScanner box right now, but just wondering if anyone has used it, or any other Webmin module.   OR any other web-based front end that will allow easy changes to filename.rules.conf.   Thats all our helpdesk really has to touch...

thanks
Matt




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Thu Sep 23 13:59:17 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2389.1137101218.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Gerry Doris
> Sent: Thursday, September 23, 2004 2:52 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0 + MailScanner Bayes issue!
>
> On Wed, 22 Sep 2004, Steve Swaney wrote:
>
>
> > Sorry for the top posting but this thread is getting a bit confused ?
>
> >
>
> > 1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
>
> > 2. Download and install spam.assassin.pref.conf from our support web
> site:
>
> >         www.fsl.com/support
>
> >    install the contents of this file as:
>
> >         /etc/MailScanner/spam.assassin.prefs.conf
>
> >
>
> > Hope this helps,
>
> >
>
> > Steve
>
>
> I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these
>
> just not needed with SpamAssassin 3?  They aren't causing any errors.
>
>

It's been a while since I updated to SA 3.0 but I seem to remember that some
errors were generated by some of the original *uri.cf files. I'm now using
the multi.surbl.org rules and have put them in my spam.assassin.prefs.conf
file. This works for me. A copy of spam.assassin.prefs.conf.SA-3.0 is
available at www.fsl.com/support.


Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com >



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Thu Sep 23 14:21:24 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:58 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2390.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Adrian Inman wrote:

>    Report: MailScanner: Found a script in HTML message
>
Create a rule for script tags:

# Do you want to allow <Script> tags in email messages? This is a bad idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = %rules-dir%/AllowScriptTags.rules

In your %rules-dir%/AllowScriptTags.rules file:

From:            webwatcher@myorg.co.uk
FromOrTo:    default    no (or disarm)

Dustin
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Thu Sep 23 14:30:32 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:58 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2391.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dustin Baer wrote:

> From:            webwatcher@myorg.co.uk

Of course, you need "yes" on the end of that!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From alex at nkpanama.com  Thu Sep 23 14:32:15 2004
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:58 2006
Subject: using both MS and sendmail..
Message-ID: <mailman.2392.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You honestly should consider using MailScanner itself for everything and 
  dropping Trend.

I have had major headaches because of Trend - mostly because of their 
clue-challenged tech support personnel and poor support policies.

If you already plunked down your hard earned money you can still use 
Trend's product - just use the command line version from within 
MailScanner to check your e-mail for viruses; using ClamAV + BitDefender 
(both free AFAIK) should protect you better than Trend could.

The *one* thing you might consider using Trend for while your license is 
valid is to become a parent proxy for Squid. That way you can scan web 
content for viruses - although you can provide almost the same 
functionality using regexps for \.exe$ and such.

Matt Kehler wrote:
>>>>mailscanner@ECS.SOTON.AC.UK 09/21/04 12:58PM >>>
> 
> At 18:49 21/09/2004, you wrote:
> 
>>So I think I figured out my 'issue'.  Basically, I can't seem to get my
>>RBL's to work, either with Sendmail, OR with MS.  If I go into the details
>>of a MS message using MailWatch..the email always shows as coming from
>>127.0.0.1  So MS isn't aware of where the email *actually* came from,
>>therefore doesn't do a check.  I tried binding sendmail to both 127.0.0.1
>>only, its IP address only, as well as both.    (this server is configured
>>as a relay via mailertable, to push all email back onto our corporate mail
>>server).   FYI, I'm now upgraded to MS 4-33.3
>>
>>When I bind sendail to only 127.0.0.1, then MS *will* do the RBL's, as its
>>listening on the 'real' interface.  The issue is that I am using Trend
>>Interscan Viruswall, along with its eManager (file blocking).  What I
>>*want* is for mail to come in, get accepted by the *real* sendmail, go
>>through the Trend virus and file checks, THEN pass it to MailScanner, and
>>do ITS checks.  I figured that binding sendmail to the real IP would do
>>this...but it doesn't.   I know I can get MS to use the Trend virus
>>scanner, but I still want to have the file attachment checking done by
>>trends eManager as it has a great web based GUI that our helpdesk uses. So
>>I need it in there.   Plus I'd rather have sendmail do the RBL's and
>>reject email there, so it doesn't even have to get passed to MS and take
>>longer.
>>
>>any ideas?  I think essentially what I need to do is have sendmail listen
>>on the real IP address, do its Trend stuff as well as RBL's via sendmail,
>>and then pass it to MS, but via smtp.  So really MS no longer hooks into
>>sendmail...it just sits beside it.  Or am I missing the boat here? (quite
>>possible :)
> 
> 
>>>Get the Trend stuff to output on 127.0.0.1 port 26, and have MailScanner's
>>>incoming sendmail instance listen on 127.0.0.1 port 26. It won't be able to
>>>do its RBL check (as it was received from the remote host by Trend and not
>>>MailScanner) but everything else should work. Don't try to bind different
>>>things to the same port on different instances. It may be possible in
>>>theory, but I wouldn't guarantee you can actually make it work.
> 
> 
>>>For the above 26 is a random number closely related to 25. Feel free to use
>>>any unused port number you have lying around :-) ("netstat -an" is your
>>>friend)
>>>--
>>>Julian Field
> 
> 
> Okay, some mad reading later, I have come up with this plan to essentially build a sendmail-interscan-MS sandwich.  Thoughts?
> 
> - change the sendmail config.... ie, /etc/sendmail.cf to output to port 10024 via the define(`ESMTP_MAILER_ARGS~, define(RELAY_MAILER_ARGS~ , etc etc.
> - change Trend Interscan to daemon mode, listen on localhost port 10024, and output on port 10025 (via editing of the intscan.ini itself that the program uses)
> - change the MailScanner incoming instance to listen on 10025 via editing the MailScanner startup script.  I'm assuming I'll have to change, under the 'incoming sendmail' line
> 
> $SENDMAIL -bd -OPrivacyOptions=noetrn \
>                       -ODeliveryMode=queueonly \
>                       -OQueueDirectory=$INQDIR \
>                       -OPidFile=$INPID
> 
> ....to include a -C sendmail.listen.on.10025.cf
> 
> , where the above file is essentially my original sendmail.cf file, but with the 'DAEMON_OPTIONS' set to listen on port 10025
> 
> Does that pretty much sum it up?
> 
> Matt
> 
> 
> 
> 
> 
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From brent.bolin at gmail.com  Thu Sep 23 14:55:45 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:26:58 2006
Subject: Webmin module or other web-based front end?
Message-ID: <mailman.2393.1137101218.24926.mailscanner@lists.mailscanner.info>

On Thu, 23 Sep 2004 07:25:28 -0500, Matt Kehler <mkehler@wrha.mb.ca> wrote:
> Anyone using the Webmin module for Mailscanner from http://lushsoft.dyndns.org/mailscanner-webmin/ ?  I need something for our helpdesk so that they can easily (ie, web front end) modify/add/delete the filename.rules.conf file.  I'm installing it on a secondary MailScanner box right now, but just wondering if anyone has used it, or any other Webmin module.   OR any other web-based front end that will allow easy changes to filename.rules.conf.   Thats all our helpdesk really has to touch...
> 
> thanks
> Matt
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

Yes, it works well.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dan.spray at gmail.com  Thu Sep 23 15:40:49 2004
From: dan.spray at gmail.com (Dan Spray)
Date: Thu Jan 12 21:26:58 2006
Subject: Problems with 4.33.3 starting
Message-ID: <mailman.2394.1137101218.24926.mailscanner@lists.mailscanner.info>

Hello,

I recently upgraded MailScanner to  4.33.3 on  both of my scanning
computers from the previous version of 4.29.  One computer worked just
fine installed with no errors and runs, I think, better than 4.29.
However, the other computer, which has identical configurations had a
few bugs.  First of all I should say that I have to mailscanner.conf
files.  One of them has Virus Scanning enabled and SpamAssassin = on,
the other has these 2 turned off.  Because of a very high volume of
mail at certain times I usually copied the "off" configuration to the
running config to help lower the queue numbers.  Since I have put in
4.33.3 the "on" configuration works fine but the "off" configuration
gives me this error when starting MailScanner with debug on:

[root@nabu MailScanner]# check_mailscanner
Starting MailScanner...
In Debugging mode, not forking...
/usr/sbin/check_mailscanner: line 118: 31192 Segmentation fault
$process $config

Now, the funny thing is that the other server works just fine with the
same "off" configuration in place.

Any help with this would be very appreciated.

Thanks in advance,

Dan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at ZANKER.ORG  Thu Sep 23 15:45:28 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:58 2006
Subject: [BUG?] Turning off whitelisting with spamassassin 3.0-rc2 from
    mailscanner broken?
Message-ID: <mailman.2395.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 02 September 2004 12:15 +0100 Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

> I really can't find this one at the moment. My code definitely sets
> the
> right option. Are you sure you don't already have a
> "use_auto_whitelist 1"
> in your spam.assassin.prefs.conf or any other SA configuration files
> anywhere? That's about the only thing I can think of.

Just to add that I'm getting the same problem with SA 3.0 final
release. I can't see that I have set "use_auto_whitelist 1" anywhere.
I've checked in /etc/mail/spamassassin, /var/mail/.spamassassin and
/etc/MailScanner.

Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From torontodss at HOTMAIL.COM  Thu Sep 23 15:50:22 2004
From: torontodss at HOTMAIL.COM (Dave)
Date: Thu Jan 12 21:26:58 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2396.1137101218.24926.mailscanner@lists.mailscanner.info>

Ok now this is interesting..

MS seems to work now, as long as I have LOG SPAM set to YES. If it's set to
NO, MS doesn't seem to work! Just sits there.
I then change to back to YES from No and reload MS and bang starts to work
again...
Just as it was doing while in debug mode. So now I don't have it in debug
mode, and LOG SPAM set to YES and it's working...

I'm going to try and few things today and make sure this is what's
happening. Can someone else try this?




-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Wednesday, September 22, 2004 3:57 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: What is going on? Totally bizzare


At 17:10 22/09/2004, you wrote:
>I'm in the process of setting up a box with MS. I think I have 
>everything set correctly and it's filtering emails, BUT it seems to 
>work 100% when I'm in debug mode!!
>
>The system is a 700Mhz with almost 400 megs memory.
>I am currently testing it with fetchmail.(Long story), but it works 
>fine.
>
>So when I run MS with debug set to YES(also SA debug on), the system 
>load is under 2(using uptime/top), I placed 150 spam messages into the 
>pop account I'm fetching mail from.(I have a pop account with over 1000 
>spam emails). MS starts to process the messages about 30 at a time, I 
>keep reloading the MS service and it continues
>to process the emails. All is well...
>
>So I figure everything is working fine, turn off the debug and reload 
>MS. NOW the load on the system is up to 5+ nothing in the logs to show 
>it's processing anything. And if something does show up on the logs, 
>it's timeout messages either from SA or RBL's

Make sure you have
         Log Spam = yes
so you can see it studying the messages. A load of over 5 is quite normal,
that's nothing to worry about. How many child processes are you running?
They will about 40 - 50Mb each, so with 400Mb of RAM then don't run too many
children or it will start swapping. What does top say? What does vmstat say?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support Buy the MailScanner book at
www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 15:56:06 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: [BUG?] Turning off whitelisting with spamassassin 3.0-rc2 from
    mailscanner broken?
Message-ID: <mailman.2397.1137101218.24926.mailscanner@lists.mailscanner.info>

>> I really can't find this one at the moment. My code definitely sets
>> the right option. Are you sure you don't already have a
>> "use_auto_whitelist 1" in your spam.assassin.prefs.conf or any other
>> SA configuration files anywhere? That's about the only thing I can
>> think of.
>
> Just to add that I'm getting the same problem with SA 3.0
> final release. I can't see that I have set
> "use_auto_whitelist 1" anywhere.
> I've checked in /etc/mail/spamassassin,
> /var/mail/.spamassassin and /etc/MailScanner.
>
It's on by default in SA 3, so although you are not setting the option it is
there:

"- The --auto-whitelist and -a options for "spamd" and "spamassassin" to
    turn on the auto-whitelist have been removed and replaced by the
    "use_auto_whitelist" configuration option which is also now turned on
    by default. "



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at ZANKER.ORG  Thu Sep 23 16:05:49 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:58 2006
Subject: [BUG?] Turning off whitelisting with spamassassin 3.0-rc2 from
    mailscanner broken?
Message-ID: <mailman.2398.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 23 September 2004 15:56 +0100 "Michele Neylon :: Blacknight
Solutions" <michele@BLACKNIGHTSOLUTIONS.COM> wrote:

> It's on by default in SA 3, so although you are not setting the
> option it is there:
>
> "- The --auto-whitelist and -a options for "spamd" and "spamassassin"
> to     turn on the auto-whitelist have been removed and replaced by
> the     "use_auto_whitelist" configuration option which is also now
> turned on     by default. "

Thanks - I actually read that in the UPGRADE file about an hour ago. I
must be getting old...

Anyway, I've turned it off - it was adding 9 or 10 points to addresses
in the whitelist for some reason.

Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gdoris at rogers.com  Thu Sep 23 16:10:04 2004
From: gdoris at rogers.com (Gerry Doris)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2399.1137101218.24926.mailscanner@lists.mailscanner.info>

>> I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these
>>
>> just not needed with SpamAssassin 3?  They aren't causing any errors.
>>
>>
>
> It's been a while since I updated to SA 3.0 but I seem to remember that
> some
> errors were generated by some of the original *uri.cf files. I'm now using
> the multi.surbl.org rules and have put them in my spam.assassin.prefs.conf
> file. This works for me. A copy of spam.assassin.prefs.conf.SA-3.0 is
> available at www.fsl.com/support.
>
>
> Steve

I removed the SURBL/URI cf files and am using the SA 3.0
spam.assassin.prefs.conf file from the fsl website...thank you!

The only problem that I ran into with the upgrade to SA 3.0 is the loss of
my bayes data base.  I did the sa-learn --sync step and all seemed to be
working correctly until I noticed there were no bayes scores showing up.
Checking the spamassassin lint output I see that bayes has been disabled
because I have less than the required 200 spams.  I have no idea why that
happenned.

Gerry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 23 16:18:56 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2400.1137101218.24926.mailscanner@lists.mailscanner.info>

> I removed the SURBL/URI cf files and am using the SA 3.0
> spam.assassin.prefs.conf file from the fsl website...thank you!
>
> The only problem that I ran into with the upgrade to SA 3.0
> is the loss of my bayes data base.  I did the sa-learn --sync
> step and all seemed to be working correctly until I noticed
> there were no bayes scores showing up.
> Checking the spamassassin lint output I see that bayes has
> been disabled because I have less than the required 200
> spams.  I have no idea why that happenned.

Where are you keeping Bayes?




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at ZANKER.ORG  Thu Sep 23 16:25:38 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2401.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 23 September 2004 11:10 -0400 Gerry Doris <gdoris@ROGERS.COM> wrote:

> The only problem that I ran into with the upgrade to SA 3.0 is the
> loss of my bayes data base.  I did the sa-learn --sync step and all
> seemed to be working correctly until I noticed there were no bayes
> scores showing up.

Are you sure that running sa-learn --sync hasn't changed the
permissions on your bayes database so that the MailScanner user can't
write to them?

> Checking the spamassassin lint output I see that
> bayes has been disabled because I have less than the required 200
> spams.  I have no idea why that happenned.

Are you specifying "-p /etc/MailScanner/spam.assassin.prefs.conf" when
you run lint so that it checks the correct bayes database?

Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 16:50:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2402.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
If you aren't logging spam, it will sit there silently doing all the spam
analysis on the message batch before doing anything else. This can take
quite a while, depending on your spam settings. If something is wrong with
your network connection, this could be a few minutes.

At 15:50 23/09/2004, you wrote:
>Ok now this is interesting..
>
>MS seems to work now, as long as I have LOG SPAM set to YES. If it's set to
>NO, MS doesn't seem to work! Just sits there.
>I then change to back to YES from No and reload MS and bang starts to work
>again...
>Just as it was doing while in debug mode. So now I don't have it in debug
>mode, and LOG SPAM set to YES and it's working...
>
>I'm going to try and few things today and make sure this is what's
>happening. Can someone else try this?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From torontodss at HOTMAIL.COM  Thu Sep 23 17:33:36 2004
From: torontodss at HOTMAIL.COM (Dave)
Date: Thu Jan 12 21:26:58 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2403.1137101218.24926.mailscanner@lists.mailscanner.info>

Even if there is only one message to process it doesn't do anything just
sites there and does nothing.

I think I know what's going on, 5 children is a no go on this machine, just
doesn't like it. 2 children sometimes works.
1 child it works 100%. But even at 2 children the process load isn't that
much, at that point I start to get a lot of SA
timeouts. But at 1 it's fine! Go figure. Turned off Spam Logging and it
works fine at 1 child but iffy at 2.

What's the average people are seeing in processing mail per-minute? I just a
few tests, and seems like I'm able to chew away
at 10 messages a-minute.




-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Thursday, September 23, 2004 11:51 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: What is going on? Totally bizzare


If you aren't logging spam, it will sit there silently doing all the spam
analysis on the message batch before doing anything else. This can take
quite a while, depending on your spam settings. If something is wrong with
your network connection, this could be a few minutes.

At 15:50 23/09/2004, you wrote:
>Ok now this is interesting..
>
>MS seems to work now, as long as I have LOG SPAM set to YES. If it's 
>set to NO, MS doesn't seem to work! Just sits there. I then change to 
>back to YES from No and reload MS and bang starts to work again...
>Just as it was doing while in debug mode. So now I don't have it in debug
>mode, and LOG SPAM set to YES and it's working...
>
>I'm going to try and few things today and make sure this is what's 
>happening. Can someone else try this?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support Buy the MailScanner book at
www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Thu Sep 23 18:53:08 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:58 2006
Subject: Starter Bayes database for SA 3.0 is available
Message-ID: <mailman.2404.1137101218.24926.mailscanner@lists.mailscanner.info>

The bad news is I had trouble upgrading a Bayes database from SA 2.64 ->
3.0. The good news is that as a result, I was forced to build a new SA 3.0
DB from our saved ham and spam libraries.

This database is for Linux only and is available at www.fsl.com/support

With luck I'll have the FreeBSD database available shortly, late today or
over the weekend.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbrodeur+mailscanner at NEXTTIME.COM  Thu Sep 23 19:11:31 2004
From: mbrodeur+mailscanner at NEXTTIME.COM (Matt Brodeur)
Date: Thu Jan 12 21:26:58 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2405.1137101218.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Sep 23, 2004 at 09:09:32AM +0100, Julian Field wrote:
> At 04:47 23/09/2004, you wrote:
> >Could someone clarify whether setting this to "0" still allows
> >virus scanning within the archive?
>
> Yes, archives will still be virus scanned, regardless of what you set this
> to.

   Great, thanks.  I'll stop with the dumb questions now.

- --
Matt Brodeur                                                       RHCE
MBrodeur@NextTime.com                           http://www.NextTime.com

Time is just an illusion, lunchtime doubly so.
        -Ford Prefect
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUxHTc8/WFSz+GKMRApAXAJ94XwSJZCL+HUcra+7w0uYuENYtYwCgsCZP
/N0w4w1GfXVUDwyU5ilakDM=
=EEPI
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Sep 23 19:17:00 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:58 2006
Subject: Starter Bayes database for SA 3.0 is available
Message-ID: <mailman.2406.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 01:53 PM 9/23/2004, Steve Swaney wrote:
>The bad news is I had trouble upgrading a Bayes database from SA 2.64 ->
>3.0. The good news is that as a result, I was forced to build a new SA 3.0
>DB from our saved ham and spam libraries.
>
>This database is for Linux only and is available at www.fsl.com/support
>
>With luck I'll have the FreeBSD database available shortly, late today or
>over the weekend.

Hmm.. not to be overly critical, but doesn't the concept of using a starter
bayes database defeat some of the purpose of using bayes in the first place?

Remember, the primary advantage bayes has is that it learns the email
patterns of your site, which are very different from other people's sites.
While spam training is sharable in a reasonable way, ham training contains
considerable site-to-site variances.

I suppose in some situations a starter is better than nothing, and it's a
really good thing to have out there for people that need it. However I
think it would be wise to at least advise people that this is a rather
sub-optimal way to start a bayes DB, rather than give them the false
impression this is a good idea with no drawbacks.

Just my $0.02.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From wlamor at QWEST.NET  Thu Sep 23 19:22:30 2004
From: wlamor at QWEST.NET (wlamor)
Date: Thu Jan 12 21:26:58 2006
Subject: Solaris 9 - installing MS 4.33.3 & SpamAssassin 3
Message-ID: <mailman.2407.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C4A167.FEC73CB0">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        mso-style-noshow:yes;
        mso-ansi-font-size:10.0pt;
        mso-bidi-font-size:10.0pt;
        font-family:Arial;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:windowtext;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Table Normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0in 5.4pt 0in 5.4pt;
        mso-para-margin:0in;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Purchased the book and I have searched for the install for
MS 4.33.3 and SpamAssassin 3 on Solaris 9.<span
style='mso-spacerun:yes'>&nbsp;&nbsp; </span><b style='mso-bidi-font-weight:
normal'><span style='font-weight:bold;mso-bidi-font-weight:normal'>MailScanner 4.33.3
installed with no problem</span></b>. <span
style='mso-spacerun:yes'>&nbsp;</span>Followed documentation for installing SpamAssassin
2.60 posted on webpage and tried to install SpamAssassin 3 using the same
directions<span class=GramE>,<span style='mso-spacerun:yes'>&nbsp; </span>comes</span>
up with file errors for the </span></font><font color=black><span
style='color:black'>perl Makefile.PL ,Make ,Make test section of install. <span
style='mso-spacerun:yes'>&nbsp;&nbsp;</span>Perl Makefile.PL runs but when you
enter make or make test to continue the install the message no directory or
file exists. <span style='mso-spacerun:yes'>&nbsp;</span>They don&#8217;t seem
to be created? <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'># <span class=GramE>perl</span> -MCPAN -e
shell <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:44.0pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>Whenever it
asks for manual configuration, say no. <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; o conf prerequisites_policy ask <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-left:44.0pt'><span class=GramE><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt;color:black'>Stops
it running away and installing loads of extras.</span></font></span><font
color=black><span style='color:black'> <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; install Time::HiRes <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; install Net::DNS <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; quit <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'># <span class=GramE>tar</span> xzf
Mail-SpamAssassin-2.60.tar.gz <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'># <span class=GramE>cd</span>
Mail-SpamAssassin-2.60 <o:p></o:p></span></font></p>

<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt;color:black;
font-weight:bold;mso-bidi-font-weight:normal'># <span class=GramE>perl</span>
Makefile.PL <o:p></o:p></span></font></b></p>

<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt;color:black;
font-weight:bold;mso-bidi-font-weight:normal'># <span class=GramE>make</span> <o:p></o:p></span></font></b></p>

<p class=MsoNormal style='margin-left:44.0pt'><b style='mso-bidi-font-weight:
normal'><font size=3 color=black face="Times New Roman"><span style='font-size:
12.0pt;color:black;font-weight:bold;mso-bidi-font-weight:normal'>You may now
get some errors about pod2text. If you do, then do this command: <o:p></o:p></span></font></b></p>

<p class=MsoNormal style='margin-left:44.0pt'><b style='mso-bidi-font-weight:
normal'><font size=3 color=black face="Times New Roman"><span style='font-size:
12.0pt;color:black;font-weight:bold;mso-bidi-font-weight:normal'># <span
class=GramE>ln</span> -s /usr/bin/pod2man /usr/bin/pod2text <o:p></o:p></span></font></b></p>

<p class=MsoNormal style='margin-left:44.0pt'><b style='mso-bidi-font-weight:
normal'><font size=3 color=black face="Times New Roman"><span style='font-size:
12.0pt;color:black;font-weight:bold;mso-bidi-font-weight:normal'># <span
class=GramE>make</span> <o:p></o:p></span></font></b></p>

<p class=MsoNormal><b style='mso-bidi-font-weight:normal'><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt;color:black;
font-weight:bold;mso-bidi-font-weight:normal'># make test <o:p></o:p></span></font></b></p>

<p class=MsoNormal style='margin-left:44.0pt'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>This will
fail horribly due to the lack of the file Pod/Usage.pm so now do this to
install it: <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'># <span class=GramE>perl</span> -MCPAN -e
shell <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; o conf prerequisites_policy ask <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; install Pod::Usage <o:p></o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>cpan</span></font></span><font
color=black><span style='color:black'>&gt; quit <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'># make test <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Is the install for SpamAssassin <span
class=GramE>3 <span style='mso-spacerun:yes'>&nbsp;</span>and</span> <span
style='mso-spacerun:yes'>&nbsp;</span>MailScanner the same on Solaris 9 as it
has been for earlier versions?<span style='mso-spacerun:yes'>&nbsp;&nbsp;
</span><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>thanks</span></font></span><font
color=black><span style='color:black'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Sep 23 19:29:02 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 and RBLs
Message-ID: <mailman.2408.1137101218.24926.mailscanner@lists.mailscanner.info>

In the past, I've turned off RBL checking in SA, and let MailScanner do it.
Now that SA incorporates the SURBL stuff in it (the BigEvil stuff) should I
turn RBL checking on in SA and off in MS?  I wasn't using SURBL before - my
mail load is pretty humble (between 1K and 2K a day) so the mailservers
didn't grumble too much using BigEvil.

As an aside, I was noticing a lot of timeouts in SA yesterday, so I began
poking around.  Had a lot of bayes_toks.expire* files.  Ran a sa-learn
--sync --force-expire and then deleted the expire files.  That seems to have
cleared up the timeouts.  The --force-expire didn't get rid of any of the
expiry files - had to delete them by hand but maybe that's the norm, I
dunno.  No biggie either way.  Didn't seem to slow SA 2.6x down much.
Searched the archives, then set auto expire to 0 so hopefully it won't build
back up in the future.  I'll let MS handle it with the Rebuild Bayes Every
option.

TIA...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Thu Sep 23 19:33:23 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2409.1137101218.24926.mailscanner@lists.mailscanner.info>

Thank you for that information. I downloaded the new spam.assassin.conf file
as suggestion and replaced it in my /etc/MailScanner directory.

Im not sure why im getting these errors still. I installed the perl module

Mail::SpamAssassin::PerMsgStatus since its complaing about that and also
Mail::SpamAssassin::Plugin::URIDNSBL since that was not installed. Not sure
what check_uridnsbl. I would image that when spamassassin was installed
these perl modules should have also been installed.

Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_PH_SURBL SpamAssassin
test, skipping:__(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
<GEN3> line 44._)
Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_AB_SURBL SpamAssassin
test, skipping:__(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
<GEN3> line 44._)
Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_OB_SURBL SpamAssassin
test, skipping:__(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
<GEN3> line 44._)
Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_SC_SURBL SpamAssassin
test, skipping:__(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
<GEN3> line 44._)
Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_WS_SURBL SpamAssassin
test, skipping:__(Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
<GEN3> line 44._)
Sep 23 14:19:33 srv05 spamd[6721]: clean message (0.2/10.0) for
charles:32211 in 0.3 seconds, 1634 bytes.
Sep 23 14:19:33 srv05 spamd[6721]: result: .  0 - NO_REAL_NAME
scantime=0.3,size=1634,mid=<200409231744.i8NHi3GI026912@neomail03.traderonli
ne.com>,autolearn=no

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Gerry Doris
Sent: Thursday, September 23, 2004 11:10 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SA 3.0 + MailScanner Bayes issue!

>> I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these
>>
>> just not needed with SpamAssassin 3?  They aren't causing any errors.
>>
>>
>
> It's been a while since I updated to SA 3.0 but I seem to remember that
> some
> errors were generated by some of the original *uri.cf files. I'm now using
> the multi.surbl.org rules and have put them in my spam.assassin.prefs.conf
> file. This works for me. A copy of spam.assassin.prefs.conf.SA-3.0 is
> available at www.fsl.com/support.
>
>
> Steve

I removed the SURBL/URI cf files and am using the SA 3.0
spam.assassin.prefs.conf file from the fsl website...thank you!

The only problem that I ran into with the upgrade to SA 3.0 is the loss of
my bayes data base.  I did the sa-learn --sync step and all seemed to be
working correctly until I noticed there were no bayes scores showing up.
Checking the spamassassin lint output I see that bayes has been disabled
because I have less than the required 200 spams.  I have no idea why that
happenned.

Gerry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 19:52:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2410.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Do you have 2 Perl installations? The "make install" command for SA3 should
have installed this stuff for you.
And why are you running spamd? MailScanner doesn't use it.

At 19:33 23/09/2004, you wrote:
>Thank you for that information. I downloaded the new spam.assassin.conf file
>as suggestion and replaced it in my /etc/MailScanner directory.
>
>Im not sure why im getting these errors still. I installed the perl module
>
>Mail::SpamAssassin::PerMsgStatus since its complaing about that and also
>Mail::SpamAssassin::Plugin::URIDNSBL since that was not installed. Not sure
>what check_uridnsbl. I would image that when spamassassin was installed
>these perl modules should have also been installed.
>
>Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_PH_SURBL SpamAssassin
>test, skipping:__(Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
><GEN3> line 44._)
>Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_AB_SURBL SpamAssassin
>test, skipping:__(Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
><GEN3> line 44._)
>Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_OB_SURBL SpamAssassin
>test, skipping:__(Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
><GEN3> line 44._)
>Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_SC_SURBL SpamAssassin
>test, skipping:__(Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
><GEN3> line 44._)
>Sep 23 14:19:33 srv05 spamd[6721]: Failed to run URIBL_WS_SURBL SpamAssassin
>test, skipping:__(Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/PerMsgStatus.pm line 2296,
><GEN3> line 44._)
>Sep 23 14:19:33 srv05 spamd[6721]: clean message (0.2/10.0) for
>charles:32211 in 0.3 seconds, 1634 bytes.
>Sep 23 14:19:33 srv05 spamd[6721]: result: .  0 - NO_REAL_NAME
>scantime=0.3,size=1634,mid=<200409231744.i8NHi3GI026912@neomail03.traderonli
>ne.com>,autolearn=no
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Gerry Doris
>Sent: Thursday, September 23, 2004 11:10 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: SA 3.0 + MailScanner Bayes issue!
>
> >> I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these
> >>
> >> just not needed with SpamAssassin 3?  They aren't causing any errors.
> >>
> >>
> >
> > It's been a while since I updated to SA 3.0 but I seem to remember that
> > some
> > errors were generated by some of the original *uri.cf files. I'm now using
> > the multi.surbl.org rules and have put them in my spam.assassin.prefs.conf
> > file. This works for me. A copy of spam.assassin.prefs.conf.SA-3.0 is
> > available at www.fsl.com/support.
> >
> >
> > Steve
>
>I removed the SURBL/URI cf files and am using the SA 3.0
>spam.assassin.prefs.conf file from the fsl website...thank you!
>
>The only problem that I ran into with the upgrade to SA 3.0 is the loss of
>my bayes data base.  I did the sa-learn --sync step and all seemed to be
>working correctly until I noticed there were no bayes scores showing up.
>Checking the spamassassin lint output I see that bayes has been disabled
>because I have less than the required 200 spams.  I have no idea why that
>happenned.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 19:54:25 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 and RBLs
Message-ID: <mailman.2411.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Definitely ditch BigEvil and use SURBL instead. It is all installed by
default in SpamAssassin 3. Whether you want to keep using RBL checks in MS
is a separate issue really.

When you upgrade to SA3, you will need to convert your Bayes files to the
new format. An "sa-learn --sync --rebuild" should do it for you.

At 19:29 23/09/2004, you wrote:
>In the past, I've turned off RBL checking in SA, and let MailScanner do it.
>Now that SA incorporates the SURBL stuff in it (the BigEvil stuff) should I
>turn RBL checking on in SA and off in MS?  I wasn't using SURBL before - my
>mail load is pretty humble (between 1K and 2K a day) so the mailservers
>didn't grumble too much using BigEvil.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 19:56:39 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:58 2006
Subject: Solaris 9 - installing MS 4.33.3 & SpamAssassin 3
Message-ID: <mailman.2412.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html>
<body>
I have put together a package (originally built it for Solaris 9) which
installs Clam and SpamAssassin 3 including all their dependencies. It's
in the &quot;other stuff&quot; section at the bottom of the downloads
page. Download that, unpack it and run &quot;./INSTALL-tar.sh&quot; and
it should sit there and quietly get on with it all for you.<br><br>
At 19:22 23/09/2004, you wrote:<br>
<blockquote type=cite class=cite cite=""><font face="arial" size=2>Purchased
the book and I have searched for the install for MS 4.33.3 and
SpamAssassin 3 on Solaris 9.&nbsp;&nbsp; <b>MailScanner 4.33.3 installed
with no problem</b>.&nbsp; Followed documentation for installing
SpamAssassin 2.60 posted on webpage and tried to install SpamAssassin 3
using the same directions,&nbsp; comes up with file errors for the
</font>perl Makefile.PL ,Make ,Make test section of install.&nbsp;&nbsp;
Perl Makefile.PL runs but when you enter make or make test to continue
the install the message no directory or file exists.&nbsp; They don^Òt
seem to be created? <br>
<font face="arial" size=2>&nbsp;<br>
</font><font face="Times New Roman, Times"># perl -MCPAN -e shell <br>
Whenever it asks for manual configuration, say no. <br>
cpan</font>&gt; o conf prerequisites_policy ask <br>
<font face="Times New Roman, Times">Stops it running away and installing
loads of extras.</font> <br>
<font face="Times New Roman, Times">cpan</font>&gt; install Time::HiRes
<br>
<font face="Times New Roman, Times">cpan</font>&gt; install Net::DNS
<br>
<font face="Times New Roman, Times">cpan</font>&gt; quit <br>
<font face="Times New Roman, Times"># tar xzf
Mail-SpamAssassin-2.60.tar.gz <br>
# cd Mail-SpamAssassin-2.60 <br>
<b># perl Makefile.PL <br>
# make <br>
You may now get some errors about pod2text. If you do, then do this
command: <br>
# ln -s /usr/bin/pod2man /usr/bin/pod2text <br>
# make <br>
# make test <br>
</b>This will fail horribly due to the lack of the file Pod/Usage.pm so
now do this to install it: <br>
# perl -MCPAN -e shell <br>
cpan</font>&gt; o conf prerequisites_policy ask <br>
<font face="Times New Roman, Times">cpan</font>&gt; install Pod::Usage
<br>
<font face="Times New Roman, Times">cpan</font>&gt; quit <br>
<font face="Times New Roman, Times"># make test <br>
&nbsp;<br>
Is the install for SpamAssassin 3&nbsp; and&nbsp; MailScanner the same on
Solaris 9 as it has been for earlier versions?&nbsp;&nbsp;
</font></blockquote></body>
<br>
<div>-- </div>
<div>Julian Field</div>
<div><a href="http://www.mailscanner.info/" EUDORA=AUTOURL>www.MailScanner.info</a></div>
<div>Professional Support Services at
<a href="http://www.mailscanner.biz/" EUDORA=AUTOURL>www.MailScanner.biz</a></div>
<div>MailScanner thanks transtec Computers for their support</div>
<div>Buy the MailScanner book at
<a href="http://www.mailscanner.info/store" EUDORA=AUTOURL>www.MailScanner.info/store</a></div>
<br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Sep 23 20:11:49 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:26:58 2006
Subject: SA 3.0 and RBLs
Message-ID: <mailman.2413.1137101218.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> Definitely ditch BigEvil and use SURBL instead. It is all installed by
> default in SpamAssassin 3. Whether you want to keep using RBL checks
> in MS is a separate issue really.

Yup, I took BigEvil out of the /etc/mail/spamassassin dir and
My_Rules_du_jur/Rules_du_jur so it isn't being used.  Already upgraded to
3.0.  Just wasn't sure if I was duplicating effort by running the RBL checks
in MS as well as their being run in SA.  I have skip RBL check = 1; will
that turn off the SURBL and other new tests in SA?  My gut feeling is no,
but since SURBL has RBL in the name, I'm not exactly sure.  I definately
want to run them but don't want to run anything twice.


> When you upgrade to SA3, you will need to convert your Bayes files to
> the new format. An "sa-learn --sync --rebuild" should do it for you.

Did that before I got rid of the old bayes_toks.expire* files so I should be
good in that respect.

I also see in the FSL supplied spam.assassin.prefs.conf a stanza to disable
using razor2, dcc, and pyzor.  Are these automatically used by SA 3 now?  Or
are they just in there for user convenience/documentation purposes?

As always, thanks much...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkettler at EVI-INC.COM  Thu Sep 23 20:13:08 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 and RBLs
Message-ID: <mailman.2414.1137101218.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:29 PM 9/23/2004, Kevin Miller wrote:
>In the past, I've turned off RBL checking in SA, and let MailScanner do it.
>Now that SA incorporates the SURBL stuff in it (the BigEvil stuff) should I
>turn RBL checking on in SA and off in MS?  I wasn't using SURBL before - my
>mail load is pretty humble (between 1K and 2K a day) so the mailservers
>didn't grumble too much using BigEvil.

I for one prefer to run them in SA, as it's a bit more flexible. If I want
a single RBL to be a "one-hit-tag" I can jack up the scores, but
MailScanner doesn't have the flexibility of using a false-positive-prone
DNSBL as a small score increment.

(i.e.: I have some blackholes.us lists that add 1.0 or so. I clearly don't
want to one-shot tag-as-spam based on these lists, but it's nice to have
the extra score bias for mail from china/korea/etc to help pick up a few
mid-scoring FN's without risking FPs for the occasional list-post. It's
also useful statistics wise, even if you set the score to near-zero)

SURBL is MUCH nicer than bigevil. Not just for load reasons, but SURBL
contains many sources of data, not just Chris's work.



>As an aside, I was noticing a lot of timeouts in SA yesterday, so I began
>poking around.  Had a lot of bayes_toks.expire* files.  Ran a sa-learn
>--sync --force-expire and then deleted the expire files.

I for one like to disable opportunistic expiry under MailScanner.
         (needs to be in local.cf, will be ignored in spam.assassin.prefs.conf)

         #disable auto-expire, it messes with MailScanner
         bayes_auto_expire 0

I often add a daily cronjob to run a --force-expire, but if you have
"Rebuild Bayes Every" set in your MailScanner.conf this isn't needed.  I
still like to do it anyway as a failsafe measure.

(Julian: I have tested the Rebuild Bayes bit, and it appears to work, I see
SA expiring the bayes DB every couple days, and journal syncs every time
you call rebuild. )


>  The --force-expire didn't get rid of any of the
>expiry files - had to delete them by hand but maybe that's the norm, I
>dunno.

That's normal. SA when it starts the expire creates a temporary file to
work with using it's PID as an extension. After it's done, the temp file is
moved back over top of the main database. When mailscanner kills SA in the
middle of running, it winds up leaving the tempfile behind and no change is
made the the bayes DB.

When you later run --force-expire, it just starts a whole new expiry run,
and isn't aware of the old tempfiles laying around.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Thu Sep 23 20:21:44 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:59 2006
Subject: Starter Bayes database for SA 3.0 is available
Message-ID: <mailman.2415.1137101219.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Kettler
> Sent: Thursday, September 23, 2004 2:17 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Starter Bayes database for SA 3.0 is available
>
> At 01:53 PM 9/23/2004, Steve Swaney wrote:
> >The bad news is I had trouble upgrading a Bayes database from SA 2.64 ->
> >3.0. The good news is that as a result, I was forced to build a new SA
> 3.0
> >DB from our saved ham and spam libraries.
> >
> >This database is for Linux only and is available at www.fsl.com/support
> >
> >With luck I'll have the FreeBSD database available shortly, late today or
> >over the weekend.
>
> Hmm.. not to be overly critical, but doesn't the concept of using a
> starter
> bayes database defeat some of the purpose of using bayes in the first
> place?
>
> Remember, the primary advantage bayes has is that it learns the email
> patterns of your site, which are very different from other people's sites.
> While spam training is sharable in a reasonable way, ham training contains
> considerable site-to-site variances.
>
> I suppose in some situations a starter is better than nothing, and it's a
> really good thing to have out there for people that need it. However I
> think it would be wise to at least advise people that this is a rather
> sub-optimal way to start a bayes DB, rather than give them the false
> impression this is a good idea with no drawbacks.
>
> Just my $0.02.
>

I theory you're more than $0.02 right but we've had good results using this
database at many sites over the last year. It seems to match up fairly well
for general business and academic use. When used is conjunction with
bayes_auto_learn and regular database expiry, it seems to learn well enough
to match the sites email characteristics over time.

Also over the last year, I can remember only one database "poisoning" on all
the sites that have used this starter database and I can't be sure the
database caused the problem.

My personal experience with Bayes is that custom feeding of missed ham and
spam definitely increases correct spam detection and reduces false
positives. At the same time, using the starter database and then putting
Bayes on auto-pilot works well at sites where there is not enough time or
resources to hand feed the Bayes database.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From adrian.inman at AFINITE.CO.UK  Thu Sep 23 21:03:07 2004
From: adrian.inman at AFINITE.CO.UK (Adrian Inman)
Date: Thu Jan 12 21:26:59 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2416.1137101219.24926.mailscanner@lists.mailscanner.info>

Where do I add yes to the end of that?
In which file?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Dustin Baer
Sent: 23 September 2004 14:31
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Trusting mail from specified address

Dustin Baer wrote:

> From:            webwatcher@myorg.co.uk

Of course, you need "yes" on the end of that!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Thu Sep 23 21:06:57 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2417.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,
    I installed SA 3.0.0, ok (in running in debug mode I had to zap
everything in /var/spool/spamassassin, but otherwise ok).  Then I
zapped all of the backhair and other cf files in /etc/mail/spamassassin.
All I have there is a symlink

local.cf -> /opt/MailScanner/etc/spam.assassin.prefs.conf

And I downloaded the file below and put it into 
/etc/MailScanner/spam.assassin.prefs.conf.  Is this right?

Jeff Earickson
Colby College

On Wed, 22 Sep 2004, Steve Swaney wrote:

> Date: Wed, 22 Sep 2004 19:50:30 -0400
> From: Steve Swaney <Steve.Swaney@FSL.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0 + MailScanner Bayes issue!
> 
> Sorry for the top posting but this thread is getting a bit confused ^?^?
>
> 1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
> 2. Download and install spam.assassin.pref.conf from our support web site:
>        www.fsl.com/support
>   install the contents of this file as:
>        /etc/MailScanner/spam.assassin.prefs.conf

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From doko at CS.TU-BERLIN.DE  Thu Sep 23 21:20:47 2004
From: doko at CS.TU-BERLIN.DE (Matthias Klose)
Date: Thu Jan 12 21:26:59 2006
Subject: Debian MailScanner Package 4.33-2
Message-ID: <mailman.2418.1137101219.24926.mailscanner@lists.mailscanner.info>

damian writes:
> Hi,
>
> I tried to do an apt-get for the Debian Packages, but ti return me with
> the following error.
>
>
> debianmail:/etc/init.d# apt-get install mailscanner
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Suggested packages:
>   clamav f-prot-installer libnet-ldap-perl
> The following NEW packages will be installed:
>   mailscanner
> 0 upgraded, 1 newly installed, 0 to remove and 415 not upgraded.
> 9 not fully installed or removed.
> Need to get 0B/815kB of archives.
> After unpacking 4485kB of additional disk space will be used.
> Preconfiguring packages ...
> (Reading database ... 48781 files and directories currently installed.)
> Unpacking mailscanner (from .../mailscanner_4.33.3-2_all.deb) ...
> /var/lib/dpkg/tmp.ci/preinst: db_get: command not found

not sure, why, but try:

apt-get update
apt-get install debconf mailscanner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From doko at CS.TU-BERLIN.DE  Thu Sep 23 21:23:16 2004
From: doko at CS.TU-BERLIN.DE (Matthias Klose)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2419.1137101219.24926.mailscanner@lists.mailscanner.info>

Alex Pimperton writes:
> Hi
>
> This morning I tried to update my MailScanner, running on Debian Unstable,
> to 4.33.3-2 using apt.
>
> When I try to start MailScanner after the upgrade I get several errors
> relating to permissions on directories such as /var/run/MailScanner, saying
> that the directory was owned by mail and not Debian-Exim.
>
> After fixing the permissions on the directories I tried to start MailScanner
> again but nothing happens.
>
> I get the usual:
>
> Starting mail spam/virus scanner: MailScanner.
>
> ...and then nothing. No entries in syslog, and mailscanner fails to start.
>
> Turning on debug for both mailscanner and spamassassin fails to show
> anything in the logs.

this is certainly a bug in mailscanner. it doesn't print the error
messages about incorrect dependencies to syslog.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From doko at CS.TU-BERLIN.DE  Thu Sep 23 21:28:40 2004
From: doko at CS.TU-BERLIN.DE (Matthias Klose)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2420.1137101219.24926.mailscanner@lists.mailscanner.info>

Alex Pimperton writes:
> Thanks. I've managed to fix the problem now.
>
> I ran the check_mailscanner (/usr/sbin) script which gave:
>
> Starting MailScanner...
> MIME::QuotedPrint version 3.03 required--this is only version 3.01 at
> /usr/share/perl5/MIME/Words.pm line 86.
> BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Words.pm line 86.
> Compilation failed in require at /usr/share/perl5/MIME/Head.pm line 123.
> BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Head.pm line 123.
> Compilation failed in require at /usr/share/perl5/MIME/Parser.pm line 147.
> BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Parser.pm line
> 147.
> Compilation failed in require at
> /usr/share/MailScanner/MailScanner/MCPMessage.pm line 40.
>
> ...so I upgraded MIME::QuotedPrint (and probably others at the same time)
> using cpan and it seems to be working properly now after fixing the
> permissions again.

yes, messed up dependency. The mailscanner release notes say that
MIME-Base64 3.01 is needed, but MIME-tools 5.412 needs 3.03 at least.

- Added MIME-tools 5.412 and MIME-Base64 3.03. You must have 3.01 or newer now.

not wrong, but insufficient.

        Matthias

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Thu Sep 23 21:32:57 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2421.1137101219.24926.mailscanner@lists.mailscanner.info>

Hendrik den Hartog wrote:
> Recently our MS machine has been grinding to a halt. You can't 'get'
> to it, won't respond to pings etc. These periods have lasted several
> hours. In the past,it has eventually been 'springing' back to life of
> its own accord, allowing me to get a quick look. TOP showed
> occassionally a MS child hogging 100% CPU. Also we've had some SA
> timeouts recently.
>
> Currently its down, been down for over 12 hours now, seems I may have
> to go visit this machine to recusitate it.
>
> P4, 640 MegRam, MS v 4.33.3-1 (IIRC), SA v2.60, 2 child processes.
> Using DCC, and RAZOR2.
> Only recent change to the config is introducing eTRUST (to 'work'
> with SophosSAVI).
>
> Once back up, is there anything I should check? disable? test?
> change? in order to solve this problem?
>
> Any help/advise appreciated.
>
> Cheers!
> Hendrik
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Are you running bigevil.cf?  What are the contents of
/etc/mail/.spamassassin?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rvanwijn at XS4ALL.NL  Thu Sep 23 21:33:50 2004
From: rvanwijn at XS4ALL.NL (Reinier van Wijngaarden)
Date: Thu Jan 12 21:26:59 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2422.1137101219.24926.mailscanner@lists.mailscanner.info>

With beta the problem was not the PDF, but the program itself, I couldn't get it to start right.

Somthing like this:

Sep 15 11:55:41 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:55:51 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:56:01 127.0.0.1 mail: Process did not exit cleanly, returned 255 with signal 0
Sep 15 11:56:11 127.0.0.1 mail: Process did not exit cleanly, returned 255 with signal 0
Sep 15 11:56:21 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:56:31 127.0.0.1 mail: Process did not exit cleanly, returned 255 with signal 0
Sep 15 11:56:41 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:56:51 127.0.0.1 mail: Process did not exit cleanly, returned 2 with signal 0
Sep 15 11:57:01 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:57:21 127.0.0.1 last message repeated 2 times
Sep 15 11:57:31 127.0.0.1 mail: Process did not exit cleanly, returned 255 with signal 0
Sep 15 11:57:41 127.0.0.1 mail: Process did not exit cleanly, returned 29 with signal 0
Sep 15 11:57:42 esmail MailScanner: MailScanner -15 succeeded
Sep 15 11:57:42 esmail MailScanner: exim shutdown succeeded
Sep 15 11:57:42 esmail MailScanner:  succeeded

So if PDF problem was over with this beta I wouldn't know it didn't start.
If you still want my "test" pdf let me know. ( it's a small one)



> Can you send me the PDF file? And a description of what happens in Acrobat
> when you view the damaged version.
> I'm running the latest code here, so it shouldn't get damaged I hope.

From ugob at CAMO-ROUTE.COM  Thu Sep 23 21:35:17 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2423.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hendrik den Hartog wrote:

> Recently our MS machine has been grinding to a halt. You can't
> 'get' to it, won't respond to pings etc. These periods have lasted
> several hours. In the past,it has eventually been 'springing' back
> to life of its own accord, allowing me to get a quick look. TOP
> showed occassionally a MS child hogging 100% CPU. Also we've had
> some SA timeouts recently.
>
> Currently its down, been down for over 12 hours now, seems I may
> have to go visit this machine to recusitate it.
>
> P4, 640 MegRam, MS v 4.33.3-1 (IIRC), SA v2.60, 2 child processes.
> Using DCC, and RAZOR2.
> Only recent change to the config is introducing eTRUST (to 'work'
> with SophosSAVI).
>
> Once back up, is there anything I should check? disable? test?
> change? in order to solve this problem?

I think you should take a couple of minutes before rebooting or anything:

Check your logs: maillog, secure, messages (for memory allocation problems).

Check the output of free and "vmstat 5" and "iostat 5" (ctrl-c to stop)

See SAR logs if you find any special trends.

Do you have mailscanner-mrtg installed?  I would look that first...


>
> Any help/advise appreciated.
>
> Cheers!
> Hendrik
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep 23 21:36:02 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2424.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hendrik den Hartog wrote:

> Recently our MS machine has been grinding to a halt. You can't
> 'get' to it, won't respond to pings etc. These periods have lasted
> several hours. In the past,it has eventually been 'springing' back
> to life of its own accord, allowing me to get a quick look. TOP
> showed occassionally a MS child hogging 100% CPU. Also we've had
> some SA timeouts recently.

100% cpu for MS child is normal, as long as it doesn't stay like that
forever.

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hden at KCBBS.GEN.NZ  Thu Sep 23 21:37:16 2004
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2425.1137101219.24926.mailscanner@lists.mailscanner.info>

Recently our MS machine has been grinding to a halt. You can't
'get' to it, won't respond to pings etc. These periods have lasted
several hours. In the past,it has eventually been 'springing' back
to life of its own accord, allowing me to get a quick look. TOP
showed occassionally a MS child hogging 100% CPU. Also we've had
some SA timeouts recently.

Currently its down, been down for over 12 hours now, seems I may
have to go visit this machine to recusitate it.

P4, 640 MegRam, MS v 4.33.3-1 (IIRC), SA v2.60, 2 child processes.
Using DCC, and RAZOR2.
Only recent change to the config is introducing eTRUST (to 'work'
with SophosSAVI).

Once back up, is there anything I should check? disable? test?
change? in order to solve this problem?

Any help/advise appreciated.

Cheers!
Hendrik

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 21:44:46 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner 4.33.3-2 on Debian
Message-ID: <mailman.2426.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:28 23/09/2004, you wrote:
>Alex Pimperton writes:
> > Thanks. I've managed to fix the problem now.
> >
> > I ran the check_mailscanner (/usr/sbin) script which gave:
> >
> > Starting MailScanner...
> > MIME::QuotedPrint version 3.03 required--this is only version 3.01 at
> > /usr/share/perl5/MIME/Words.pm line 86.
> > BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Words.pm
> line 86.
> > Compilation failed in require at /usr/share/perl5/MIME/Head.pm line 123.
> > BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Head.pm line
> 123.
> > Compilation failed in require at /usr/share/perl5/MIME/Parser.pm line 147.
> > BEGIN failed--compilation aborted at /usr/share/perl5/MIME/Parser.pm line
> > 147.
> > Compilation failed in require at
> > /usr/share/MailScanner/MailScanner/MCPMessage.pm line 40.
> >
> > ...so I upgraded MIME::QuotedPrint (and probably others at the same time)
> > using cpan and it seems to be working properly now after fixing the
> > permissions again.
>
>yes, messed up dependency. The mailscanner release notes say that
>MIME-Base64 3.01 is needed, but MIME-tools 5.412 needs 3.03 at least.
>
>- Added MIME-tools 5.412 and MIME-Base64 3.03. You must have 3.01 or newer
>now.
>
>not wrong, but insufficient.

The 4.34 release notes say you need 3.03 :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 21:46:16 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:59 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2427.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:33 23/09/2004, you wrote:
>If you still want my "test" pdf let me know. ( it's a small one)

Yes please.

To resolve your startup problem, run in Debug mode and see what it says.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From adrian.inman at AFINITE.CO.UK  Thu Sep 23 22:05:01 2004
From: adrian.inman at AFINITE.CO.UK (Adrian Inman)
Date: Thu Jan 12 21:26:59 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2428.1137101219.24926.mailscanner@lists.mailscanner.info>

Thanks!

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Dustin Baer
Sent: 23 September 2004 14:21
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Trusting mail from specified address

Adrian Inman wrote:

>    Report: MailScanner: Found a script in HTML message
>
Create a rule for script tags:

# Do you want to allow <Script> tags in email messages? This is a bad
idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100%
safe!
# This can also be the filename of a ruleset.
Allow Script Tags = %rules-dir%/AllowScriptTags.rules

In your %rules-dir%/AllowScriptTags.rules file:

From:            webwatcher@myorg.co.uk
FromOrTo:    default    no (or disarm)

Dustin
--
Dustin Baer
Transport Extranet Network Services
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rvanwijn at XS4ALL.NL  Thu Sep 23 22:20:21 2004
From: rvanwijn at XS4ALL.NL (Reinier van Wijngaarden)
Date: Thu Jan 12 21:26:59 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2429.1137101219.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Julian,

If you put this one through the "old" mime tools it gets corrupted big time, unreadable.

> >If you still want my "test" pdf let me know. ( it's a small one)
> 
> Yes please.

 
> To resolve your startup problem, run in Debug mode and see what it says.
> --
> Julian Field

We still are running RedHat 7.3, in a couple weeks ( first a few weeks vacation) I'll upgrade it to Fedora core 2 en give the latest beta of MailScanner an another try.

Reinier.


    [ Part 2, Application/X-ZIP-COMPRESSED  5.1KB. ]
    [ Unable to print this part. ]


From shendershot at PEERLESSMFG.COM  Thu Sep 23 22:21:12 2004
From: shendershot at PEERLESSMFG.COM (Sean Hendershot)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner: Could not analyze message
Message-ID: <mailman.2430.1137101219.24926.mailscanner@lists.mailscanner.info>

Hi,

Since upgrading to the latest mailscanner in debian I have been getting
a lot of reports with the subject of "Other Bad Content Detected."  The
reason mailscanner gives is "Report: MailScanner: Could not analyze
message."  This seems to happen at random and to a wide variety of
messages.  Does anyone know what would cause this or how to prevent it?

Thanks,
sean

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 23 22:26:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:59 2006
Subject: Possible solution for the PDF gets corrupted issue
Message-ID: <mailman.2431.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:20 23/09/2004, you wrote:
>Hi Julian,
>
>If you put this one through the "old" mime tools it gets corrupted big
>time, unreadable.

As a little note for everyone for future reference: if you want to send me
some attachment, then fine. But please don't send it to the entire mailing
list! It wastes a lot of storage and bandwidth.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Thu Sep 23 22:37:41 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: Skipping filename checks inside zip files
Message-ID: <mailman.2432.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Matt Brodeur wrote:
>>>Could someone clarify whether setting this to "0" still allows
>>>virus scanning within the archive?
>>
>>Yes, archives will still be virus scanned, regardless of what you set this
>>to.
>
>    Great, thanks.  I'll stop with the dumb questions now.

MS has been able to scan zip files for viruses for a long time but the
possibility to apply filename/type rules to zip files is a more recent
addition to MS so the mentioned setting is only for that, not for virus
scanning. Since you're new it can be hard to see through this but don't
feel dumb, it's hard for the rest of us too. :-) MS has over 200
settings now.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep 23 23:00:50 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner: Could not analyze message
Message-ID: <mailman.2433.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sean Hendershot wrote:
> Hi,
>
> Since upgrading to the latest mailscanner in debian I have been getting
> a lot of reports with the subject of "Other Bad Content Detected."  The
> reason mailscanner gives is "Report: MailScanner: Could not analyze
> message."  This seems to happen at random and to a wide variety of
> messages.  Does anyone know what would cause this or how to prevent it?

Can you provide us with a sample of message or logs?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Thu Sep 23 23:38:44 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner: Could not analyze message
Message-ID: <mailman.2434.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ugo Bellavance wrote:
> Sean Hendershot wrote:
>
>> Hi,
>>
>> Since upgrading to the latest mailscanner in debian I have been getting
>> a lot of reports with the subject of "Other Bad Content Detected."  The
>> reason mailscanner gives is "Report: MailScanner: Could not analyze
>> message."  This seems to happen at random and to a wide variety of
>> messages.  Does anyone know what would cause this or how to prevent it?
>
>
> Can you provide us with a sample of message or logs?

Isn't this TNEF related? Try switching between the binary and the perl
TNEF expander.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From vachanta at GMAIL.COM  Thu Sep 23 23:45:39 2004
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2435.1137101219.24926.mailscanner@lists.mailscanner.info>

Hello all,

I want to specify what attachements are allowed/disallowed in BOTH
DIRECTIONS (i.e. the incoming and outgoing as well,our company doesnt want
to send some file outside but is willing to accept them from outside.In
this scenario only one filename.rules will not suffice)

Hence,I have specified them in two files namely (matches the examples in
actual filename.rules.conf)

filetypeoutgoing.rules.conf
filetypeincoming.rules.conf

These are not the same files.

and my filename.rules.conf looks like this

From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
From:   default         /etc/rules/filetypeincoming.rules.conf


(The ip address is internal mail server address,its been modified to fake
ip for posting purposes)

When i am starting the mailscanner i get this message

Possible syntax error on line 1 of /etc/rules/filename.rules.conf
Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields with tab
characters!

obviously there is something wrong with the filename.rules.conf

Let me know where i am doing wrong or is there other way to accomplish what
i am trying to do.

or can i do this at all ?

Please advise.


Many thanks to all of the developers of Mailscanner,

--Venkata Achanta

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gdoris at ROGERS.COM  Thu Sep 23 23:53:53 2004
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2436.1137101219.24926.mailscanner@lists.mailscanner.info>

On Thu, 23 Sep 2004, Mike Zanker wrote:

> On 23 September 2004 11:10 -0400 Gerry Doris <gdoris@ROGERS.COM> wrote:
>
> > The only problem that I ran into with the upgrade to SA 3.0 is the
> > loss of my bayes data base.  I did the sa-learn --sync step and all
> > seemed to be working correctly until I noticed there were no bayes
> > scores showing up.
>
> Are you sure that running sa-learn --sync hasn't changed the
> permissions on your bayes database so that the MailScanner user can't
> write to them?

The permissions are 660 and the files are owned by root.apache

>
> > Checking the spamassassin lint output I see that
> > bayes has been disabled because I have less than the required 200
> > spams.  I have no idea why that happenned.
>
> Are you specifying "-p /etc/MailScanner/spam.assassin.prefs.conf" when
> you run lint so that it checks the correct bayes database?

I am running "spamassassin -D -p /etc/mail/spamassassin --lint" and it is
using the spam.assassin.prefs.conf file.

I downloaded and installed the starter bayes database from the fsl
website.  I put the files into the /etc/MailScanner/bayes directory, made
sure the ownership and permissions were correct and it worked fine.

Something bad happened to my bayes database and it was trashed during the
upgrade.

--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Fri Sep 24 00:07:38 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2437.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Venkata Achanta wrote:
> Hello all,
>
> I want to specify what attachements are allowed/disallowed in BOTH
> DIRECTIONS (i.e. the incoming and outgoing as well,our company doesnt want
> to send some file outside but is willing to accept them from outside.In
> this scenario only one filename.rules will not suffice)
>
> Hence,I have specified them in two files namely (matches the examples in
> actual filename.rules.conf)
>
> filetypeoutgoing.rules.conf
> filetypeincoming.rules.conf
>
> These are not the same files.
>
> and my filename.rules.conf looks like this
>
> From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
> From:   default         /etc/rules/filetypeincoming.rules.conf
>
>
> (The ip address is internal mail server address,its been modified to fake
> ip for posting purposes)
>
> When i am starting the mailscanner i get this message
>
> Possible syntax error on line 1 of /etc/rules/filename.rules.conf
> Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields with tab
> characters!

You need to set in MailScanner.conf:

Filename Rules = %rules-dir%/filename.rules.rules

In the above file you put your content:

From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
From:   default          /etc/rules/filenameincoming.rules.conf

Copy the standard filename.rules.conf into the two above files and edit
them to suite your purpose. Reload MailScanner.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From vachanta at gmail.com  Fri Sep 24 00:22:23 2004
From: vachanta at gmail.com (Phani Achanta)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2438.1137101219.24926.mailscanner@lists.mailscanner.info>

> Filename Rules = %rules-dir%/filename.rules.rules

sorry i didnt mention that in my earlier but i did make this change.I
did exactly what you said Mr.Peter Bonivart and that didnt work out so
i e-mailed the list




On Fri, 24 Sep 2004 01:07:38 +0200, Peter Bonivart <peter@ucgbook.com> wrote:
> Venkata Achanta wrote:
> > Hello all,
> >
> > I want to specify what attachements are allowed/disallowed in BOTH
> > DIRECTIONS (i.e. the incoming and outgoing as well,our company doesnt want
> > to send some file outside but is willing to accept them from outside.In
> > this scenario only one filename.rules will not suffice)
> >
> > Hence,I have specified them in two files namely (matches the examples in
> > actual filename.rules.conf)
> >
> > filetypeoutgoing.rules.conf
> > filetypeincoming.rules.conf
> >
> > These are not the same files.
> >
> > and my filename.rules.conf looks like this
> >
> > From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
> > From:   default         /etc/rules/filetypeincoming.rules.conf
> >
> >
> > (The ip address is internal mail server address,its been modified to fake
> > ip for posting purposes)
> >
> > When i am starting the mailscanner i get this message
> >
> > Possible syntax error on line 1 of /etc/rules/filename.rules.conf
> > Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields with tab
> > characters!
>
> You need to set in MailScanner.conf:
>
> Filename Rules = %rules-dir%/filename.rules.rules
>
> In the above file you put your content:
>
> From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
> From:   default          /etc/rules/filenameincoming.rules.conf
>
> Copy the standard filename.rules.conf into the two above files and edit
> them to suite your purpose. Reload MailScanner.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From phil at ICSERV.NET  Fri Sep 24 00:46:36 2004
From: phil at ICSERV.NET (Philip Waters)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2439.1137101219.24926.mailscanner@lists.mailscanner.info>

There has to be more that you can do to keep the processor from going to
100 % Adding and adding hardware can't be the only answer because it
just gives spammers more power to spam. Where email everywhere is free
we can't keep upgrading and adding servers once the machine gets
processor bound.

What are other people doing?

If you want to derail as a CTO, just make the CEO feel like a ninny. -- 
Ted "Dililies" Sept 6, 2004 InfoWorld, pg 12
   _
  °v°  There's no place like root#cd ~/
 /(_)\
  ^ ^


----- Original Message ----- 
From: "Ugo Bellavance" <ugob@CAMO-ROUTE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 23, 2004 2:36 PM
Subject: Re: MS killing CPU


> Hendrik den Hartog wrote:
>
> > Recently our MS machine has been grinding to a halt. You can't
> > 'get' to it, won't respond to pings etc. These periods have lasted
> > several hours. In the past,it has eventually been 'springing' back
> > to life of its own accord, allowing me to get a quick look. TOP
> > showed occassionally a MS child hogging 100% CPU. Also we've had
> > some SA timeouts recently.
>
> 100% cpu for MS child is normal, as long as it doesn't stay like that
> forever.
>
> Ugo
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shendershot at PEERLESSMFG.COM  Fri Sep 24 00:50:11 2004
From: shendershot at PEERLESSMFG.COM (Sean Hendershot)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner: Could not analyze message
Message-ID: <mailman.2440.1137101219.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 23, 2004 at 06:00:50PM -0400, Ugo Bellavance wrote:
>
> Can you provide us with a sample of message or logs?
>

And if it helps, this is the relevant log snip.

Sep 23 16:30:39 smh MailScanner[8301]: Virus and Content Scanning:
Starting
Sep 23 16:30:39 smh MailScanner[8301]: Content Checks: Need to convert
HTML to plain text in 7 messages
Sep 23 16:30:39 smh MailScanner[8301]: Saved entire message to
/var/spool/MailScanner/quarantine/20040923/1CAb9H-0000I9-JY
Sep 23 16:30:39 smh MailScanner[8301]: Uninfected: Delivered 6 messages
Sep 23 16:30:39 smh MailScanner[8301]: Cleaned: Delivered 1 cleaned
messages
Sep 23 16:30:39 smh MailScanner[8301]: Notices: Warned about 1 messages

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vachanta at gmail.com  Fri Sep 24 00:59:17 2004
From: vachanta at gmail.com (Phani Achanta)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2441.1137101219.24926.mailscanner@lists.mailscanner.info>

Peter,

Thanks for the reply i just did what you told me to do but i am
getting this error in the logs when i reload the mailscanner.

cannot open filename-rules file /etc/rules/filetypeincoming.rules.conf, skipping

is this a permissions issue or something else...thanks


On Fri, 24 Sep 2004 01:07:38 +0200, Peter Bonivart <peter@ucgbook.com> wrote:
> Venkata Achanta wrote:
> > Hello all,
> >
> > I want to specify what attachements are allowed/disallowed in BOTH
> > DIRECTIONS (i.e. the incoming and outgoing as well,our company doesnt want
> > to send some file outside but is willing to accept them from outside.In
> > this scenario only one filename.rules will not suffice)
> >
> > Hence,I have specified them in two files namely (matches the examples in
> > actual filename.rules.conf)
> >
> > filetypeoutgoing.rules.conf
> > filetypeincoming.rules.conf
> >
> > These are not the same files.
> >
> > and my filename.rules.conf looks like this
> >
> > From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
> > From:   default         /etc/rules/filetypeincoming.rules.conf
> >
> >
> > (The ip address is internal mail server address,its been modified to fake
> > ip for posting purposes)
> >
> > When i am starting the mailscanner i get this message
> >
> > Possible syntax error on line 1 of /etc/rules/filename.rules.conf
> > Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields with tab
> > characters!
>
> You need to set in MailScanner.conf:
>
> Filename Rules = %rules-dir%/filename.rules.rules
>
> In the above file you put your content:
>
> From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
> From:   default          /etc/rules/filenameincoming.rules.conf
>
> Copy the standard filename.rules.conf into the two above files and edit
> them to suite your purpose. Reload MailScanner.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at nkpanama.com  Fri Sep 24 00:59:54 2004
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2442.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Perhaps you're using the wrong set of rules? Look for "bigevil" in the 
archives and you'll find a lot of discussions about it.

Another issue can be the fact that you're starting more than one 
MailScanner child. You probably have it at the default (5). It's 
something I've noticed a while back - it really helps to tune this. Too 
few children, and your mail queue becomes huge, or messages take forever 
to get to recipients. Too many children, and you overwhelm your 
cpu/ram/resources. Some clients I have work wonderfully well on an 
underpowered Celeron 2.0 w/256MB of RAM (even using clamavmodule, SA 
with Bayes/Razor/Pyzor/DCC/RBL's) because their message volume is low 
enough to use only 1 child. I have clients with dual Xeons and 2GB RAM 
with thousands of messages per day that work equally well with children 
set to 10 or 20. The time between you hitting "send" and them getting 
their e-mail when they hit "Send+Receive" is usually under 30 seconds, 
in clients both big and small.

Try disabling SpamAssassin temporarily - or exaggerate and turn off 
everything and then turn it back on one by one - first AV, then Spam 
Checking through RBL's in MS if you have it, and then SpamAssassin.

MS is not complicated - but it *is* complex; it's made up of several 
parts. When any of those parts break, you get to keep both pieces ;)

Cheers,

Alex

Philip Waters wrote:
> There has to be more that you can do to keep the processor from going to
> 100 % Adding and adding hardware can't be the only answer because it
> just gives spammers more power to spam. Where email everywhere is free
> we can't keep upgrading and adding servers once the machine gets
> processor bound.
> 
> What are other people doing?
> 
> If you want to derail as a CTO, just make the CEO feel like a ninny. -- 
> Ted "Dililies" Sept 6, 2004 InfoWorld, pg 12
>    _
>   °v°  There's no place like root#cd ~/
>  /(_)\
>   ^ ^
> 
> 
> ----- Original Message ----- 
> From: "Ugo Bellavance" <ugob@CAMO-ROUTE.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Thursday, September 23, 2004 2:36 PM
> Subject: Re: MS killing CPU
> 
> 
> 
>>Hendrik den Hartog wrote:
>>
>>
>>>Recently our MS machine has been grinding to a halt. You can't
>>>'get' to it, won't respond to pings etc. These periods have lasted
>>>several hours. In the past,it has eventually been 'springing' back
>>>to life of its own accord, allowing me to get a quick look. TOP
>>>showed occassionally a MS child hogging 100% CPU. Also we've had
>>>some SA timeouts recently.
>>
>>100% cpu for MS child is normal, as long as it doesn't stay like that
>>forever.
>>
>>Ugo
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From vachanta at gmail.com  Fri Sep 24 01:34:58 2004
From: vachanta at gmail.com (Phani Achanta)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2443.1137101219.24926.mailscanner@lists.mailscanner.info>

Thanks for all your replies...I got it work...thanks to all who responded.

You guyz rock...


On Fri, 24 Sep 2004 01:07:38 +0200, Peter Bonivart <peter@ucgbook.com> wrote:
> Venkata Achanta wrote:
> > Hello all,
> >
> > I want to specify what attachements are allowed/disallowed in BOTH
> > DIRECTIONS (i.e. the incoming and outgoing as well,our company doesnt want
> > to send some file outside but is willing to accept them from outside.In
> > this scenario only one filename.rules will not suffice)
> >
> > Hence,I have specified them in two files namely (matches the examples in
> > actual filename.rules.conf)
> >
> > filetypeoutgoing.rules.conf
> > filetypeincoming.rules.conf
> >
> > These are not the same files.
> >
> > and my filename.rules.conf looks like this
> >
> > From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
> > From:   default         /etc/rules/filetypeincoming.rules.conf
> >
> >
> > (The ip address is internal mail server address,its been modified to fake
> > ip for posting purposes)
> >
> > When i am starting the mailscanner i get this message
> >
> > Possible syntax error on line 1 of /etc/rules/filename.rules.conf
> > Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields with tab
> > characters!
>
> You need to set in MailScanner.conf:
>
> Filename Rules = %rules-dir%/filename.rules.rules
>
> In the above file you put your content:
>
> From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
> From:   default          /etc/rules/filenameincoming.rules.conf
>
> Copy the standard filename.rules.conf into the two above files and edit
> them to suite your purpose. Reload MailScanner.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From admin at thenamegame.com  Fri Sep 24 01:44:31 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2444.1137101219.24926.mailscanner@lists.mailscanner.info>

I was looking at the spam.assassin.prefs.conf from this site, www.fsl.com/support.

Im wondering why the Multi surbl rules should be included in the prefs.conf again if its already part of the rules for SA3.0 located in this file?

config: read file /usr/share/spamassassin/25_uribl.cf

Seems like one would be duplicating the rules.



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris
Sent: Thursday, September 23, 2004 2:52 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SA 3.0 + MailScanner Bayes issue!

On Wed, 22 Sep 2004, Steve Swaney wrote:

> Sorry for the top posting but this thread is getting a bit confused â^ع
> 
> 1. Remove all of the old SURBL/URI cf files in /etc/mail/spamassassin
> 2. Download and install spam.assassin.pref.conf from our support web site:
>         www.fsl.com/support
>    install the contents of this file as:
>         /etc/MailScanner/spam.assassin.prefs.conf
> 
> Hope this helps,
> 
> Steve

I still have the SURBL/URI files in /etc/mail/spamassassin.  Are these 
just not needed with SpamAssassin 3?  They aren't causing any errors.

-- 
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hden at KCBBS.GEN.NZ  Fri Sep 24 01:48:21 2004
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2445.1137101219.24926.mailscanner@lists.mailscanner.info>

[Snipperts from several replies]

> 100% cpu for MS child is normal,

 OK, thats good to know.

 Guess I have to keep an open mind on the cause for this problem
 then. I'm aware of previous problems with MS killing a machine,
 but none recently. Maybe I've jumped to a wrong conclusion.

> Check your logs: maillog, secure, messages [snip]

 Done. Nothing really leaps out to me

> Check the output of free and "vmstat 5" and "iostat 5"

 Again, Nothing unusual as far as I can tell

> Look for "bigevil" [snip]

 Is this  RBL something that had to be added in Spam_Assassin.conf?
 I can't find it anywhere, so can discount this [I think].

Gotta add that MS has been working flawlessly for quite a long time,
I'm worried I may have jumped to the wrong conclusion.

Thanks for the help/replies, well keep a close eye on things.

Cheers!
Hendrik

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From damian at SCIENCE.NUS.EDU.SG  Fri Sep 24 02:18:57 2004
From: damian at SCIENCE.NUS.EDU.SG (damian)
Date: Thu Jan 12 21:26:59 2006
Subject: [Mail scanned] Re: [Mail scanned] Re: Postfix with MailScanner
Message-ID: <mailman.2446.1137101219.24926.mailscanner@lists.mailscanner.info>

Thanks Drew, that solve the problem!

Rgds,
Damian

On Thu, 2004-09-23 at 19:41, Drew Marshall wrote:
> On Thu, September 23, 2004 10:15, damian said:
> >> >I was return with the following errors:
> >> >
> >> >Sep 24 00:22:54 debianmail postfix/pipe[5433]: 8D7DAA71D9:
> >> >to=<damian@itumail.servebeer.com>, relay=cyrus, delay=19,
> >> >status=SOFTBOUNCE (data format error. Command output:
> >> /usr/sbin/cyrdeliver:
> >> >/usr/local/lib/libsasl2.so.2: no version information available
> >> (required
> >> >by /usr/sbin/cyrdeliver)
> >> >  damian: Message contains invalid header )
>
> Just worth checking but what is set in your MailScanner.conf file for site
> name (Sorry I can't remember exactly the line descrition but it's at the
> top of the file) make sure there are no spaces etc so making your
> x-<sitename>-MailScanner: headers legal.
>
> Drew
>
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
--
damian <damian@science.nus.edu.sg>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Sep 24 03:46:44 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:59 2006
Subject: MS killing CPU
Message-ID: <mailman.2447.1137101219.24926.mailscanner@lists.mailscanner.info>

Hendrik den Hartog wrote:
> [Snipperts from several replies]
>
>> 100% cpu for MS child is normal,
>
>  OK, thats good to know.
>
>  Guess I have to keep an open mind on the cause for this problem
> then. I'm aware of previous problems with MS killing a machine,  but
> none recently. Maybe I've jumped to a wrong conclusion.
>
>> Check your logs: maillog, secure, messages [snip]
>
>  Done. Nothing really leaps out to me
>
>> Check the output of free and "vmstat 5" and "iostat 5"
>
>  Again, Nothing unusual as far as I can tell
>
>> Look for "bigevil" [snip]
>
>  Is this  RBL something that had to be added in Spam_Assassin.conf?
>  I can't find it anywhere, so can discount this [I think].
>
> Gotta add that MS has been working flawlessly for quite a long time,
> I'm worried I may have jumped to the wrong conclusion.
>
> Thanks for the help/replies, well keep a close eye on things.
>
> Cheers!
> Hendrik
>


Look for /etc/mail/.spamassassin/bigevil.cf

If it's there, delete it and then reload MS.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jon.beets at PACER.COM  Fri Sep 24 04:58:44 2004
From: jon.beets at PACER.COM (test)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2448.1137101219.24926.mailscanner@lists.mailscanner.info>

I just installed MailScanner 4.33 and SA 3.0.0 on a RaQ 550...  When I get
start sendmail and Mailscanner I get these spamd errors in the maillog.

Sep 23 20:45:30 www last message repeated 5 times
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1437, <GEN3397> line 41.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www sendmail[13839]: i8NAE7h03915: to=<info@e-mktng.com>,
delay=17:31:17, xdelay=00:00:00, mailer=esmtp, pri=1742355,
relay=e-mktng.com., dsn=4.0.0, stat=Deferred: Connection refused by
e-mktng.com.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www last message repeated 2 times
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1437, <GEN3397> line 41.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www last message repeated 4 times
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1437, <GEN3397> line 41.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www spamd[7493]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line
163, <GEN3401> line 156.
Sep 23 20:45:30 www sendmail[13839]: i8NAE7g03915: to=<info@e-mktng.com>,
delay=17:31:17, xdelay=00:00:00, mailer=esmtp, pri=1742355,
relay=e-mktng.com., dsn=4.0.0, stat=Deferred: Connection refused by
e-mktng.com.
Sep 23 20:45:30 www spamd[7493]: Use of uninitialized value in numeric gt
(>) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 279, <GEN3401> line 156.
Sep 23 20:45:30 www spamd[7493]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 172, <GEN3401> line 156.
Sep 23 20:45:30 www spamd[7493]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line
966, <GEN3401> line 156.
Sep 23 20:45:30 www spamd[7493]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line 967,
<GEN3401> line 156.
Sep 23 20:45:30 www spamd[7435]: Use of uninitialized value in numeric eq
(==) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 1423, <GEN3397> line 41.
Sep 23 20:45:30 www last message repeated 3 times


Then that clears after about a minute and I see these errors repeatedly

Sep 23 20:48:56 www MailScanner[6573]: Spam Checks: Found 1 spam messages
Sep 23 20:48:56 www MailScanner[6573]: Spam Actions: message i8O3mhq07902
actions are delete
Sep 23 20:48:56 www MailScanner[6573]: Virus and Content Scanning: Starting
Sep 23 20:48:56 www spamd[7917]: info: setuid to wildbill succeeded
Sep 23 20:48:56 www spamd[1019]: connection from localhost [127.0.0.1] at
port 39221
Sep 23 20:48:57 www spamd[7922]: info: setuid to cn succeeded
Sep 23 20:48:58 www spamd[7922]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line
163.
Sep 23 20:48:58 www spamd[7922]: Use of uninitialized value in numeric gt
(>) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 279.
Sep 23 20:48:58 www spamd[7922]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 172.
Sep 23 20:48:58 www spamd[7922]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line
966.
Sep 23 20:48:58 www spamd[7922]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line 967.
Sep 23 20:48:58 www spamd[7917]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm line
163.
Sep 23 20:48:58 www spamd[7917]: Use of uninitialized value in numeric gt
(>) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 279.
Sep 23 20:48:58 www spamd[7917]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/BayesStore.pm
line 172.
Sep 23 20:48:58 www spamd[7917]: Use of uninitialized value in numeric lt
(<) at /usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line
966.
Sep 23 20:48:58 www spamd[7917]: Use of uninitialized value in concatenation
(.) or string at
/usr/local/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Bayes.pm line 967.
Sep 23 20:48:58 www spamd[7917]: processing message
<b51c01c4a177$24b04b10$c7ecf4c9@sdfsdfsdfufjctfgous> for wildbill:838.
Sep 23 20:48:58 www spamd[7922]: processing message
<905145.1095995590372.JavaMail.root@web12.eharmony.com> for cn:934.


I have searched Google and have found a viable solution. Thanks

Jon Beets

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Sep 24 06:41:08 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:59 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2449.1137101219.24926.mailscanner@lists.mailscanner.info>

I just noticed that I have a TON of the files mentioned above in my
/root/.spamassassin directory.

Is it safe to delete these after a period of time?  I'm thinking something
like this in crontab:

0 2 * * * /usr/bin/find /root/.spamassassin -mtime +7|xargs rm -f >/dev/null
2>&1

Yes?  No?  Maybe?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at ZANKER.ORG  Fri Sep 24 06:50:45 2004
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:26:59 2006
Subject: SA 3.0 + MailScanner Bayes issue!
Message-ID: <mailman.2450.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On 23 September 2004 18:53 -0400 Gerry Doris <gdoris@ROGERS.COM> wrote:

> The permissions are 660 and the files are owned by root.apache

Unless MailScanner is running as root then that is most likely your
problem. If you ran "sa-learn --sync" as root then it will have changed
the permissions to root.apache - change them back to mail.apache
(assuming MS runs as user "mail") and bayes should start working again.

Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at LISTS.COM.AR  Fri Sep 24 12:32:59 2004
From: mailscanner at LISTS.COM.AR (Leonardo Helman)
Date: Thu Jan 12 21:26:59 2006
Subject: What is going on? Totally bizzare
Message-ID: <mailman.2451.1137101219.24926.mailscanner@lists.mailscanner.info>

On Thu, Sep 23, 2004 at 12:33:14PM -0400, Dave wrote:
> Even if there is only one message to process it doesn't do anything just
> sites there and does nothing.
>
> I think I know what's going on, 5 children is a no go on this machine, just
> doesn't like it. 2 children sometimes works.
> 1 child it works 100%. But even at 2 children the process load isn't that
> much, at that point I start to get a lot of SA
> timeouts. But at 1 it's fine! Go figure. Turned off Spam Logging and it
> works fine at 1 child but iffy at 2.
>
> What's the average people are seeing in processing mail per-minute? I just a
> few tests, and seems like I'm able to chew away
> at 10 messages a-minute.
It depends, we have more than 1 per second on
a Intel(R) Xeon(TM) CPU 3.06GHz (6094 bogomips) 2Gb
but, you have this in the MAQ

  <http://www.mailscanner.biz/maq/#examples>


Please people, do read the tail -2 of each mail!
-------------------------------------------------------------------------------
" Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and "
" the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).   "
-------------------------------------------------------------------------------

Saludos
LeoH

>
>
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Julian Field
> Sent: Thursday, September 23, 2004 11:51 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: What is going on? Totally bizzare
>
>
> If you aren't logging spam, it will sit there silently doing all the spam
> analysis on the message batch before doing anything else. This can take
> quite a while, depending on your spam settings. If something is wrong with
> your network connection, this could be a few minutes.
>
> At 15:50 23/09/2004, you wrote:
> >Ok now this is interesting..
> >
> >MS seems to work now, as long as I have LOG SPAM set to YES. If it's
> >set to NO, MS doesn't seem to work! Just sits there. I then change to
> >back to YES from No and reload MS and bang starts to work again...
> >Just as it was doing while in debug mode. So now I don't have it in debug
> >mode, and LOG SPAM set to YES and it's working...
> >
> >I'm going to try and few things today and make sure this is what's
> >happening. Can someone else try this?
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz MailScanner thanks
> transtec Computers for their support Buy the MailScanner book at
> www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email. Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jmarc1 at jemconsult.biz  Fri Sep 24 14:26:44 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:26:59 2006
Subject: Don't see any X tags (from my server) NEWBIE HELP Please
Message-ID: <mailman.2452.1137101219.24926.mailscanner@lists.mailscanner.info>

Hello Everyone,

I'm new with MailScanner. I'm running Red Hat Enterprise Linux 3.0 with postfix,
cyrus-imapd, clamav and spamassassin.

I just installed and configured my system with mailscanner-4.33.3-1 and I think
I configured everything properly. However when I look at the mail source of my
emails I don't see any X- tags from my server indicating they've been scanned.

I did not use spamassassin before so I never configured it with postfix. Does
this still need to be done or is this all handled by MailScanner. BTW - I have
been looking through the archives too.

It looks like everything's running OK but I can't truly tell. Any help would be
appreciated.

Thanks,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Fri Sep 24 15:12:43 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:26:59 2006
Subject: OT: Separate Mailwatch dbserver and  access to quarantene
Message-ID: <mailman.2453.1137101219.24926.mailscanner@lists.mailscanner.info>

Hi
Ive been planing to setup a separate mailwatch server for my 2 gateways to
be able to have larger db's. Ive more or less figured out how to get the
logging done but Im not sure how to solve the access to quarantene directory
on the 2 gateways. Should I use NFS to access the quaranten dirs or is there
a better solution.
Another idea was to have one db-server for the logging and instead use the
interfaces on each server for releasing files etc, but it would be easier
for the supportppl to only have one inteface.

How have you solved this if it can be solved

/Anders

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dwinkler at ALGORITHMICS.COM  Fri Sep 24 15:28:49 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:26:59 2006
Subject: Problem with $hostname in Reports - Solved
Message-ID: <mailman.2454.1137101219.24926.mailscanner@lists.mailscanner.info>

The CustomConfig.pm functions Hostname and IBlock both use the variable
$hostname, this mangles the hostname for reports and elsewhere probably, I
just noticed it in the reports.

Since it was easier, I changed the Hostname CustomConfig function to user
$hostname2 instead.

Also, had to add...

my($hostname);

after,

my(%IP2Limit, %IPBWhiteCIDR);
my(%CIDRtoLimit); # Map CIDR onto limit
my(@CIDRlist);    # Ordered list of rules, all in CIDR form

in the IPBlock code.

Thanks,

Derek

---







This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From yoloits at ycoe.org  Fri Sep 24 15:35:54 2004
From: yoloits at ycoe.org (Jay Ehrhart)
Date: Thu Jan 12 21:26:59 2006
Subject: Spammers using my server
Message-ID: <mailman.2455.1137101219.24926.mailscanner@lists.mailscanner.info>

This morning I had over 7000 emails in my Linux server's outbound queue
which I deleted.  My firewall log shows over 20,000 emails went out with a
SunTrust bank announce saying to login and enter your username and password.
I do not see the emails coming in like I would in a relay.  How can I stop
this or how are they doing this?

My firewall using a SMTP proxy and only allows my domain in.  I run
MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has the
lastest patches from Red Hat.  I have Sendmail setup to accept only my
domain email.

The non-deliverable reports are coming from my Linux apache user.
Non-deliverables usually come from root.  I am running apache on the server
with forms.  The forms software is the latest version and patches.

Can anybody help on this?

Thanks,
Jay

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 24 16:12:30 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:59 2006
Subject: Problem with $hostname in Reports - Solved
Message-ID: <mailman.2456.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Many thanks for that. I have made the change in the master copy of the source.

At 15:28 24/09/2004, you wrote:
>The CustomConfig.pm functions Hostname and IBlock both use the variable
>$hostname, this mangles the hostname for reports and elsewhere probably, I
>just noticed it in the reports.
>
>Since it was easier, I changed the Hostname CustomConfig function to user
>$hostname2 instead.
>
>Also, had to add...
>
>my($hostname);
>
>after,
>
>my(%IP2Limit, %IPBWhiteCIDR);
>my(%CIDRtoLimit); # Map CIDR onto limit
>my(@CIDRlist);    # Ordered list of rules, all in CIDR form
>
>in the IPBlock code.
>
>Thanks,
>
>Derek
>
>---
>
>
>
>
>
>
>
>This email and any files transmitted with it are confidential and
>proprietary to Algorithmics Incorporated and its affiliates
>("Algorithmics").  If received in error, use is prohibited.  Please destroy,
>and notify sender.  Sender does not waive confidentiality or privilege.
>Internet communications cannot be guaranteed to be timely, secure, error or
>virus-free.  Algorithmics does not accept liability for any errors or
>omissions.  Any commitment intended to bind Algorithmics must be reduced to
>writing and signed by an authorized signatory.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Fri Sep 24 16:22:33 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:59 2006
Subject: Trusting mail from specified address
Message-ID: <mailman.2457.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Adrian Inman wrote:

>Where do I add yes to the end of that?
>In which file?
>
>Dustin Baer wrote:
>
>>From:  webwatcher@myorg.co.uk
>>
>>

From: webwather@myorg.co.uk yes

Have a look at MailScanner/etc/rules/EXAMPLES.  Should be quite helpful.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jbuda at NOTICIASARGENTINAS.COM  Fri Sep 24 16:31:27 2004
From: jbuda at NOTICIASARGENTINAS.COM (Jose Julian Buda)
Date: Thu Jan 12 21:26:59 2006
Subject: Fw: Missing Mails !!!
Message-ID: <mailman.2458.1137101219.24926.mailscanner@lists.mailscanner.info>

This way (hold queue) does not work either
But the problem is with a directory inside the /var/spool/postfix/incoming
called "8"
i can't see this directory with anything
if i do ls -lsa /var/spool/postfix/incoming , none 8
but if a try to create it , this directory already exist(?)
if i rename it to anything else ,i can do that , so "8"  was there
if a do  ls  /var/spool/postfix/incoming/8
then appear every mail that si not delivered
so if a email is requeue as 8...., then,  it stay there for ever : postfix
can't read from the 8 directory because...it's not (really?) there
i've pointed postfix and mailscanner to a new queue directory
/var/spool/postfixletssee/
to recreate all the queue directory
so i'll check the complain...and i'll see...if it work

thank you


----- Original Message -----
From: "Jose Julian Buda" <jbuda@noticiasargentinas.com>
To: "MailScanner mailing list" <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 2:11 PM
Subject: Re: Missing Mails !!!


Mmmm. i'm using the old way
I'll try this one and let's see...


Thank you

Julian



----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 1:57 PM
Subject: Re: Missing Mails !!!


Have you set it up according to the current Postfix instructions on
www.mailscanner.info/install?
Most people (assuming you are using Postfix 2) find it more reliable using
a single instance of Postfix, with the "hold queue" setup.

At 17:12 21/09/2004, you wrote:
>I have postfix + Mailscanner + clamav and i have some problems with some
>mail
>there's some mails that is not delivered , when i send and email
>Looking for some error in the /var/log/maillog file i see this about this
>missing message:
>
>...
>0D4515EFD7 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>0D4515EFD7 : to =<destination@mydomain.com> relay=none, delay=0,
>status=deferred ( deferred transport )
>...
>Requeue : 0D4515EFD7 to 8916C670F8
>...
>
>Until this it is ok, the postfix.in procces take the message and the
>mailscanner procces it from de deferred queue....
>But what happened with 8916C670F8 message ?
>there's nothing else line about this message, there's no lines from the
>postfix outgoing proccess like :
>...
>8916C670F8 : from = <source@mydomain.com> size=1031, nrcpt=1 (queue active)
>8916C670F8 : to =<destination@mydomain.com> relay=none, delay=0,
status=sent
>( mailbox )
>...
>or something about it from the postfix outgoing proccess
>i recieve some complaints about missing mails from my users and i need to
>solve this problem
>Any idea ?
>
>May be this message i need to resent it...
>
>Thank you
>
>Julian
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Fri Sep 24 16:40:34 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:59 2006
Subject: Exim msglog link question
Message-ID: <mailman.2459.1137101219.24926.mailscanner@lists.mailscanner.info>

I've just moved from MS/sendmail to MS/exim, and have a question related to
the Exim migration documentation in the FAQ. This is one of the steps:

Link the exim msglog dirs so the msglog mechanism exim uses wont break.

        ln -s /var/spool/exim/msglog /var/spool/exim.in/msglog

Can anyone explain why this is done? What problem does it solve, and how?

I just like to know why I do things...

Thanks!
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Fri Sep 24 16:42:37 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2460.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,

Looks like my Bitdefender has something wrong:
root     24498 24487  0 11:09 ?        00:00:00 /usr/bin/perl 
/usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc
root     24503 24498  0 11:09 ?        00:00:00 sh -c /opt/bdc/bdc 
--vlist > /opt/bdc/afterupdate.txt
root     24504 24503 86 11:09 ?        00:10:06 /opt/bdc/bdc --vlist

The autoupdate script is hung on a bdc --vlist.  The same happens on the 
command line but the scanner seems to be working OK...

Anyone seeing the same behaviour?  All my servers are stuck on a bdc 
--vlist...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From ugob at CAMO-ROUTE.COM  Fri Sep 24 16:54:04 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2461.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Denis Beauchemin wrote:

> Hello,
>
> Looks like my Bitdefender has something wrong:
> root     24498 24487  0 11:09 ?        00:00:00 /usr/bin/perl
> /usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc
> root     24503 24498  0 11:09 ?        00:00:00 sh -c /opt/bdc/bdc
> --vlist > /opt/bdc/afterupdate.txt
> root     24504 24503 86 11:09 ?        00:10:06 /opt/bdc/bdc --vlist
>
> The autoupdate script is hung on a bdc --vlist.  The same happens on the
> command line but the scanner seems to be working OK...
>
> Anyone seeing the same behaviour?  All my servers are stuck on a bdc
> --vlist...

Same thing here.  Both my home server and at the office.

Ugo

>
> Denis
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From josephwatson at FSE.US  Fri Sep 24 16:57:51 2004
From: josephwatson at FSE.US (Joseph Watson)
Date: Thu Jan 12 21:26:59 2006
Subject: Sophos Anti-Virus
Message-ID: <mailman.2462.1137101219.24926.mailscanner@lists.mailscanner.info>

Hello,

Just today I decided to try a trial version of Sophos Anti-Virus with
MailScanner.  By default, it was installed in the following location:

  - binaries in /usr/local/bin
  - the shared library in /usr/local/lib
  - the virus data in /usr/local/sav
  - manual pages in /usr/local/man

In /etc/Mailscanner/virus.scanners.conf the default package directory is set
to /usr/local/Sophos.  Also in the sophos-wrapper, the IDE directory was
"ide".  But my default install put it under a "sav" directory.  So I had to
edit both the sophos-wrapper and the virus.scanners.conf to make it work.

This is really no big deal, but was just wondering:  Did I install something
that is different then what others are using from Sophos, or did Sophos
change the installation location?  I am just curious if anyone else has seen
this?

Mandrake Linux 10.0
MailScanner 4.33.3

- Regards

Joseph Watson

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Fri Sep 24 17:10:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:26:59 2006
Subject: Sophos Anti-Virus
Message-ID: <mailman.2463.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remove all trace of Sophos's installation, and use my "Sophos.install"
utility. This will install it in all the places MailScanner likes, so you
won't need to edit anything at all.

cd /tmp
Download the Sophos tar.Z file to /tmp
/usr/sbin/Sophos.install


At 16:57 24/09/2004, you wrote:
>Hello,
>
>Just today I decided to try a trial version of Sophos Anti-Virus with
>MailScanner.  By default, it was installed in the following location:
>
>   - binaries in /usr/local/bin
>   - the shared library in /usr/local/lib
>   - the virus data in /usr/local/sav
>   - manual pages in /usr/local/man
>
>In /etc/Mailscanner/virus.scanners.conf the default package directory is set
>to /usr/local/Sophos.  Also in the sophos-wrapper, the IDE directory was
>"ide".  But my default install put it under a "sav" directory.  So I had to
>edit both the sophos-wrapper and the virus.scanners.conf to make it work.
>
>This is really no big deal, but was just wondering:  Did I install something
>that is different then what others are using from Sophos, or did Sophos
>change the installation location?  I am just curious if anyone else has seen
>this?
>
>Mandrake Linux 10.0
>MailScanner 4.33.3
>
>- Regards
>
>Joseph Watson
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kodak at FRONTIERHOMEMORTGAGE.COM  Fri Sep 24 17:10:40 2004
From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki)
Date: Thu Jan 12 21:26:59 2006
Subject: Sophos Anti-Virus
Message-ID: <mailman.2464.1137101219.24926.mailscanner@lists.mailscanner.info>

Joseph Watson <> wrote:
> This is really no big deal, but was just wondering:  Did I install
> something that is different then what others are using from Sophos,
> or did Sophos change the installation location?  I am just curious if
> anyone else has seen this?

MailScanner has it's own Sophos.install script that
you should use instead of the Sophos supplied install
script.

Untar your sophos package, cd into the directory and invoke
the MailScanner supplied Sophos.install.

HTH,

--J(K)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Fri Sep 24 17:11:00 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: Mailscanner and pyzor for spamassassin
Message-ID: <mailman.2465.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Chris Connell wrote:

> Hello All,
>
> Today I installed pyzor as a plug in to spamassassin(2.6.4) and
> mailscanner(latest) on Sol9 and I notcied a performance drop
> in mailscanner delivery. I have installed dcc and am using dccifd with a
> socket which speeds it up. Does anyone know if there is a similar way to
> do this with Pyzor? I have seen you can run it as a daemon and use it
> with Ready Exec and a socket to save running the script each time but I
> dont know how you get spamassassin to use this. If someone has
> configured this could they let me know how, I have looked on faqs etc
> but cannot find the answer.


Maybe ask on the pyzor mailing list?

>
> Thanks
> Chris
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Fri Sep 24 17:12:23 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:26:59 2006
Subject: Sophos Anti-Virus
Message-ID: <mailman.2466.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Joseph Watson wrote:

>Hello,
>
>Just today I decided to try a trial version of Sophos Anti-Virus with
>MailScanner.  By default, it was installed in the following location:
>
>  - binaries in /usr/local/bin
>  - the shared library in /usr/local/lib
>  - the virus data in /usr/local/sav
>  - manual pages in /usr/local/man
>
>In /etc/Mailscanner/virus.scanners.conf the default package directory is set
>to /usr/local/Sophos.  Also in the sophos-wrapper, the IDE directory was
>"ide".  But my default install put it under a "sav" directory.  So I had to
>edit both the sophos-wrapper and the virus.scanners.conf to make it work.
>
>This is really no big deal, but was just wondering:  Did I install something
>that is different then what others are using from Sophos, or did Sophos
>change the installation location?  I am just curious if anyone else has seen
>this?
>
You probably used Sophos install file to install it.  You should use
MailScanner's Sophos.install script.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Fri Sep 24 17:21:08 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2467.1137101219.24926.mailscanner@lists.mailscanner.info>

Denis Beauchemin wrote:
> Anyone seeing the same behaviour?  All my servers are stuck on a bdc 
> --vlist...

<aol>Me too!</aol> 

Killed them all,  The bdc --vlist command is in the autoupdate script -
but I need to go out right now so don't have the time to work out what
its doing (the fact its commented in Spanish doesn't help much either -
for me at least).




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greg at BLASTZONE.COM  Fri Sep 24 17:26:33 2004
From: greg at BLASTZONE.COM (Greg Deputy)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2468.1137101219.24926.mailscanner@lists.mailscanner.info>

Wait, so you're essentially doing nested/include rules files?  I thought
that wasn't supported?  Did I miss something?

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Phani Achanta
> Sent: Thursday, September 23, 2004 5:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: checking outgoing mail attachments
>
>
> Thanks for all your replies...I got it work...thanks to all
> who responded.
>
> You guyz rock...
>
>
> On Fri, 24 Sep 2004 01:07:38 +0200, Peter Bonivart
> <peter@ucgbook.com> wrote:
> > Venkata Achanta wrote:
> > > Hello all,
> > >
> > > I want to specify what attachements are
> allowed/disallowed in BOTH
> > > DIRECTIONS (i.e. the incoming and outgoing as well,our company
> > > doesnt want to send some file outside but is willing to
> accept them
> > > from outside.In this scenario only one filename.rules will not
> > > suffice)
> > >
> > > Hence,I have specified them in two files namely (matches the
> > > examples in actual filename.rules.conf)
> > >
> > > filetypeoutgoing.rules.conf
> > > filetypeincoming.rules.conf
> > >
> > > These are not the same files.
> > >
> > > and my filename.rules.conf looks like this
> > >
> > > From:   192.168.217.26   /etc/rules/filetypeoutgoing.rules.conf
> > > From:   default         /etc/rules/filetypeincoming.rules.conf
> > >
> > >
> > > (The ip address is internal mail server address,its been
> modified to
> > > fake ip for posting purposes)
> > >
> > > When i am starting the mailscanner i get this message
> > >
> > > Possible syntax error on line 1 of /etc/rules/filename.rules.conf
> > > Sep 23 14:02:04  MailScanner[31112]: Remember to separate fields
> > > with tab characters!
> >
> > You need to set in MailScanner.conf:
> >
> > Filename Rules = %rules-dir%/filename.rules.rules
> >
> > In the above file you put your content:
> >
> > From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
> > From:   default          /etc/rules/filenameincoming.rules.conf
> >
> > Copy the standard filename.rules.conf into the two above files and
> > edit them to suite your purpose. Reload MailScanner.
> >
> > --
> > /Peter Bonivart
> >
> > --Unix lovers do it in the Sun
> >
> >
> >
> > ------------------------ MailScanner list
> ------------------------ To
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> > mailscanner' in the body of the email. Before posting, read the MAQ
> > (http://www.mailscanner.biz/maq/) and the archives
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Fri Sep 24 17:27:36 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2469.1137101219.24926.mailscanner@lists.mailscanner.info>

No response from www.bitdefender.com either - looks like they have
problems with their connectivity.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
> Sent: 24 September 2004 16:54
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Bitdefender problems
>
> Denis Beauchemin wrote:
>
> > Hello,
> >
> > Looks like my Bitdefender has something wrong:
> > root     24498 24487  0 11:09 ?        00:00:00 /usr/bin/perl
> > /usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc
> > root     24503 24498  0 11:09 ?        00:00:00 sh -c /opt/bdc/bdc
> > --vlist > /opt/bdc/afterupdate.txt
> > root     24504 24503 86 11:09 ?        00:10:06 /opt/bdc/bdc --vlist
> >
> > The autoupdate script is hung on a bdc --vlist.  The same
> happens on
> > the command line but the scanner seems to be working OK...
> >
> > Anyone seeing the same behaviour?  All my servers are stuck
> on a bdc
> > --vlist...
>
> Same thing here.  Both my home server and at the office.
>
> Ugo
>
> >
> > Denis
> >
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Fri Sep 24 17:58:59 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2470.1137101219.24926.mailscanner@lists.mailscanner.info>

Oops, that was a glitch at our end!

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil
> Sent: 24 September 2004 17:28
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Bitdefender problems
>
> No response from www.bitdefender.com either - looks like they
> have problems with their connectivity.
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
> > Sent: 24 September 2004 16:54
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Bitdefender problems
> >
> > Denis Beauchemin wrote:
> >
> > > Hello,
> > >
> > > Looks like my Bitdefender has something wrong:
> > > root     24498 24487  0 11:09 ?        00:00:00 /usr/bin/perl
> > > /usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc
> > > root     24503 24498  0 11:09 ?        00:00:00 sh -c /opt/bdc/bdc
> > > --vlist > /opt/bdc/afterupdate.txt
> > > root     24504 24503 86 11:09 ?        00:10:06
> /opt/bdc/bdc --vlist
> > >
> > > The autoupdate script is hung on a bdc --vlist.  The same
> > happens on
> > > the command line but the scanner seems to be working OK...
> > >
> > > Anyone seeing the same behaviour?  All my servers are stuck
> > on a bdc
> > > --vlist...
> >
> > Same thing here.  Both my home server and at the office.
> >
> > Ugo
> >
> > >
> > > Denis
> > >
> >
> > ------------------------ MailScanner list
> > ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk
> > with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ
> > (http://www.mailscanner.biz/maq/) and the archives
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martinh at SOLID-STATE-LOGIC.COM  Fri Sep 24 18:17:07 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:26:59 2006
Subject: OT: Separate Mailwatch dbserver and  access to quarantene
Message-ID: <mailman.2471.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Anders

Steve Freeguard (MW author) has some updates on this due for the 0.6
release.

I'm offsite in LA (as opposed to UK normally) and hope to try and pull
together some todo's etc for the 0.6 release soon). Steve's also getting
married soon (if not this weekend) and so his time for MW is limited at
the moment. Keep an eye on the MW users email list and hopefully in the
next few weeks.

But I think there are issues with NFS for this, can't remember what, but
i's to do with where you run the interface vs what machine actually hold
s the file.

More later on the MW list

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Anders Andersson, IT wrote:
> Hi
> Ive been planing to setup a separate mailwatch server for my 2 gateways to
> be able to have larger db's. Ive more or less figured out how to get the
> logging done but Im not sure how to solve the access to quarantene directory
> on the 2 gateways. Should I use NFS to access the quaranten dirs or is there
> a better solution.
> Another idea was to have one db-server for the logging and instead use the
> interfaces on each server for releasing files etc, but it would be easier
> for the supportppl to only have one inteface.
>
> How have you solved this if it can be solved
>
> /Anders
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Fri Sep 24 18:24:55 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:59 2006
Subject: OT: Separate Mailwatch dbserver and  access to quarantene
Message-ID: <mailman.2472.1137101219.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, September 24, 2004 1:17 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: OT: Separate Mailwatch dbserver and access to quarantene
>
> Anders
>
> Steve Freeguard (MW author) has some updates on this due for the 0.6
> release.
>
> I'm offsite in LA (as opposed to UK normally) and hope to try and pull
> together some todo's etc for the 0.6 release soon). Steve's also getting
> married soon (if not this weekend) and so his time for MW is limited at
> the moment. Keep an eye on the MW users email list and hopefully in the
> next few weeks.

Steve was married last weekend and is now enjoying his honeymoon. Our
congratulations to Steve and many thanks for MailWatch!

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

>
> But I think there are issues with NFS for this, can't remember what, but
> i's to do with where you run the interface vs what machine actually hold
> s the file.
>
> More later on the MW list
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Anders Andersson, IT wrote:
> > Hi
> > Ive been planing to setup a separate mailwatch server for my 2 gateways
> to
> > be able to have larger db's. Ive more or less figured out how to get the
> > logging done but Im not sure how to solve the access to quarantene
> directory
> > on the 2 gateways. Should I use NFS to access the quaranten dirs or is
> there
> > a better solution.
> > Another idea was to have one db-server for the logging and instead use
> the
> > interfaces on each server for releasing files etc, but it would be
> easier
> > for the supportppl to only have one inteface.
> >
> > How have you solved this if it can be solved
> >
> > /Anders
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From josephwatson at FSE.US  Fri Sep 24 18:32:06 2004
From: josephwatson at FSE.US (Joseph Watson)
Date: Thu Jan 12 21:26:59 2006
Subject: Sophos Anti-Virus
Message-ID: <mailman.2473.1137101219.24926.mailscanner@lists.mailscanner.info>

Thanks to everyone who replied.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Friday, September 24, 2004 12:11 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Sophos Anti-Virus


Remove all trace of Sophos's installation, and use my "Sophos.install"
utility. This will install it in all the places MailScanner likes, so you
won't need to edit anything at all.

cd /tmp
Download the Sophos tar.Z file to /tmp
/usr/sbin/Sophos.install


At 16:57 24/09/2004, you wrote:
>Hello,
>
>Just today I decided to try a trial version of Sophos Anti-Virus with
>MailScanner.  By default, it was installed in the following location:
>
>   - binaries in /usr/local/bin
>   - the shared library in /usr/local/lib
>   - the virus data in /usr/local/sav
>   - manual pages in /usr/local/man
>
>In /etc/Mailscanner/virus.scanners.conf the default package directory is
set
>to /usr/local/Sophos.  Also in the sophos-wrapper, the IDE directory was
>"ide".  But my default install put it under a "sav" directory.  So I had to
>edit both the sophos-wrapper and the virus.scanners.conf to make it work.
>
>This is really no big deal, but was just wondering:  Did I install
something
>that is different then what others are using from Sophos, or did Sophos
>change the installation location?  I am just curious if anyone else has
seen
>this?
>
>Mandrake Linux 10.0
>MailScanner 4.33.3
>
>- Regards
>
>Joseph Watson
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Fri Sep 24 19:45:20 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2474.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Greg Deputy wrote:
> Wait, so you're essentially doing nested/include rules files?  I thought
> that wasn't supported?  Did I miss something?

>>>You need to set in MailScanner.conf:
>>>
>>>Filename Rules = %rules-dir%/filename.rules.rules
>>>
>>>In the above file you put your content:
>>>
>>>From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
>>>From:   default          /etc/rules/filenameincoming.rules.conf
>>>
>>>Copy the standard filename.rules.conf into the two above files and
>>>edit them to suite your purpose. Reload MailScanner.

No, he's just setting the value of Filename Rules to a file name. Don't
confuse the file name rules with a ruleset.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Fri Sep 24 20:06:11 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2475.1137101219.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 17:21, Spicer, Kevin wrote:
> Denis Beauchemin wrote:
> > Anyone seeing the same behaviour?  All my servers are stuck on a bdc
> > --vlist...
>
> <aol>Me too!</aol>
>
> Killed them all,  The bdc --vlist command is in the autoupdate script -
> but I need to go out right now so don't have the time to work out what
> its doing (the fact its commented in Spanish doesn't help much either -
> for me at least).

Okay, got home, had a look.  It seems the file in the Plugins directory,
"jpeg.xmd" is the cause of the problem.  For the time being I've
commented out these lines in the bitdefender-autoupdate script...


LINE 190
system  "$bitDCmd > $origFile ";

LINE 253
system  "$bitDCmd > $destFile ";

That seems to have done the trick.  I have reported the problem and my
findings to bitdefender support.

Kevin




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Fri Sep 24 20:15:39 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2476.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Kevin Spicer wrote:

> On Fri, 2004-09-24 at 17:21, Spicer, Kevin wrote:
>
>>Denis Beauchemin wrote:
>>
>>>Anyone seeing the same behaviour?  All my servers are stuck on a bdc
>>>--vlist...
>>
>><aol>Me too!</aol>
>>
>>Killed them all,  The bdc --vlist command is in the autoupdate script -
>>but I need to go out right now so don't have the time to work out what
>>its doing (the fact its commented in Spanish doesn't help much either -
>>for me at least).
>
>
> Okay, got home, had a look.  It seems the file in the Plugins directory,
> "jpeg.xmd" is the cause of the problem.  For the time being I've
> commented out these lines in the bitdefender-autoupdate script...
>
>
> LINE 190
> system  "$bitDCmd > $origFile ";
>
> LINE 253
> system  "$bitDCmd > $destFile ";
>
> That seems to have done the trick.  I have reported the problem and my
> findings to bitdefender support.

Thanks Kevin.

I was about to do it, 'cause I just checked and the processes accumulate
and use all spare cpu time.  I'm not too worried since my servers are
almost idle most of the time, but I'll try your trick.

Ugo
>
> Kevin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Fri Sep 24 20:27:24 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2477.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Kercher wrote:
> I just noticed that I have a TON of the files mentioned above in my
> /root/.spamassassin directory.
>
> Is it safe to delete these after a period of time?  I'm thinking something
> like this in crontab:
>
> 0 2 * * * /usr/bin/find /root/.spamassassin -mtime +7|xargs rm -f >/dev/null
> 2>&1
>
> Yes?  No?  Maybe?

Yes but you have a problem with the expire mechanism of SA. Read here
for more info:

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/317.html

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From KGoods at AIAINSURANCE.COM  Fri Sep 24 20:40:54 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2478.1137101219.24926.mailscanner@lists.mailscanner.info>

I finally bit the bullet and upgraded this morning. I also used Julian's
install.sh for the latest and greatest ClamAV and SA. The SA seemed to have
a problem so I'll have to go back and look at that. I think it was a pod2man
dependency problem and have ran into that before but can't remember what I
did to fix it.

But my question for now is... the following is the output of MailScanner -v.
I see at the bottom there are a few missing, I don't use LDAP and don't know
what SAVI is, but is "missing Mail::ClamAV" a problem?


[root@gw-mail log]# MailScanner -v
Running on
Linux gw-mail.aiainsurance.com 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004
i686 i686 i386 GNU/Linux
This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.33.3
Module versions are:
1.00    AnyDBM_File
1.10    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
2.12    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
missing Mail::ClamAV
0.31    Net::DNS


TIA!
Ken

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Fri Sep 24 20:51:07 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner book came today
Message-ID: <mailman.2479.1137101219.24926.mailscanner@lists.mailscanner.info>

I received my copy of Julian's MailScanner book today. Was excited to use
it, as I needed to look something up right away...

First, thanks for producing it... but...

The index pages are wrong. I wanted to look up info on the 'sendmail='
option, which is listed as being on page 268 (along with a number of other
items). Page 268 is a blank page between chapters. I have not found any
other indicies that work yet. Razor is listed as being on page 155, 282, and
284. The word Razor appears on 155, no mention of it on 282 or 284, nor any
pages near those.

Inline HTML Signature is shown as being on pg 253, which is a cover page. I
found that entry on pg 244.

Julian, as an index is important for reference use, could a corrected index
be posted somewhere so we could print it out and glue it into our books?

thanks!
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Fri Sep 24 20:56:04 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2480.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ken Goods wrote:
> But my question for now is... the following is the output of MailScanner -v.
> I see at the bottom there are a few missing, I don't use LDAP and don't know
> what SAVI is, but is "missing Mail::ClamAV" a problem?

> Optional module versions are:
> 2.63    Mail::SpamAssassin
> missing Net::LDAP
> missing SAVI
> missing Mail::ClamAV
> 0.31    Net::DNS

As it says, it's optional, not required. It's the perl module for Clam,
it doesn't mean it can't find the Clam binary.

SAVI is the equivalent for Sophos.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marco at MUW.EDU  Fri Sep 24 20:56:49 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:59 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2481.1137101219.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

What is the logic behind searching for all installed virus scanners before
running updage_virus_scanners script? If I am specifying in MailScanner.conf
that Sophos is the virus scanner, why search the system for all scanners?

I installed BitDefender (demo) a month ago to try it out. Today my server was
crawling only to find out that the update_virus_scanners script was dragging my
system to its knees because of an obvious problem with BitDefender bdc --vlist
(which I am not using). I use Sophos and obviously the update scanner spotted
that I have BitDefender installed and therefore it assumed that I use it.

Is there any way that the update script *only* looks for what is setup in
MailScanner.conf rather than what virus scanners are installed on the system?
If not, that is okay ... I just learned a good lesson today.

I am sure your update_virus_scanners is constructed that way for a good reason,
I just don't see it.

Thank you for any insights
Marco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From KGoods at AIAINSURANCE.COM  Fri Sep 24 20:58:55 2004
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2482.1137101219.24926.mailscanner@lists.mailscanner.info>

Peter Bonivart scribbled on Friday, September 24, 2004 12:56 PM:

> Ken Goods wrote:
>> But my question for now is... the following is the output of
>> MailScanner -v. I see at the bottom there are a few missing, I don't
>> use LDAP and don't know what SAVI is, but is "missing Mail::ClamAV"
>> a problem?
>
>> Optional module versions are:
>> 2.63    Mail::SpamAssassin
>> missing Net::LDAP
>> missing SAVI
>> missing Mail::ClamAV
>> 0.31    Net::DNS
>
> As it says, it's optional, not required. It's the perl module for
> Clam, it doesn't mean it can't find the Clam binary.
>
> SAVI is the equivalent for Sophos.

Peter,

Thanks so much! One less thing to worry about.

Ken Goods
Network Administrator
AIA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Fri Sep 24 21:00:19 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon : Blacknight Solutions)
Date: Thu Jan 12 21:26:59 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2483.1137101219.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 14:56 -0500, Marco Obaid wrote:
> Hi Julian,
>
> What is the logic behind searching for all installed virus scanners before
> running updage_virus_scanners script? If I am specifying in MailScanner.conf
> that Sophos is the virus scanner, why search the system for all scanners?
>
> I installed BitDefender (demo) a month ago to try it out. Today my server was
> crawling only to find out that the update_virus_scanners script was dragging my
> system to its knees because of an obvious problem with BitDefender bdc --vlist
> (which I am not using). I use Sophos and obviously the update scanner spotted
> that I have BitDefender installed and therefore it assumed that I use it.
>
> Is there any way that the update script *only* looks for what is setup in
> MailScanner.conf rather than what virus scanners are installed on the system?
> If not, that is okay ... I just learned a good lesson today.
>
> I am sure your update_virus_scanners is constructed that way for a good reason,
> I just don't see it.
>
> Thank you for any insights
> Marco
>
There's a bug with bitdefender. See the earlier thread

>
--
Mr Michele Neylon
Blacknight Solutions
http://www.blacknight.ie
059 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Fri Sep 24 21:03:42 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:26:59 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2484.1137101219.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Ken Goods
> Sent: Friday, September 24, 2004 3:41 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailScanner upgrade question.
>
> I finally bit the bullet and upgraded this morning. I also used Julian's
> install.sh for the latest and greatest ClamAV and SA. The SA seemed to
> have
> a problem so I'll have to go back and look at that. I think it was a
> pod2man
> dependency problem and have ran into that before but can't remember what I
> did to fix it.
>
> But my question for now is... the following is the output of MailScanner -
> v.
> I see at the bottom there are a few missing, I don't use LDAP and don't
> know
> what SAVI is, but is "missing Mail::ClamAV" a problem?
>
>
> [root@gw-mail log]# MailScanner -v
> Running on
> Linux gw-mail.aiainsurance.com 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004
> i686 i686 i386 GNU/Linux
> This is Red Hat Linux release 9 (Shrike)
> This is Perl version 5.008000 (5.8.0)
> This is MailScanner version 4.33.3
> Module versions are:
> 1.00    AnyDBM_File
> 1.10    Archive::Zip
> 1.01    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.04    Fcntl
> 2.71    File::Basename
> 2.05    File::Copy
> 2.01    FileHandle
> 1.05    File::Path
> 1.23    HTML::Entities
> 3.26    HTML::Parser
> 2.24    HTML::TokeParser
> 1.20    IO
> 1.09    IO::File
> 1.122   IO::Pipe
> 2.12    MIME::Base64
> 5.403   MIME::Decoder
> 5.403   MIME::Decoder::UU
> 5.403   MIME::Head
> 5.406   MIME::Parser
> 5.411   MIME::Tools
> 0.09    Net::CIDR
> 1.05    POSIX
> 1.75    Socket
> 0.03    Sys::Syslog
> 1.02    Time::localtime
> Optional module versions are:
> 2.63    Mail::SpamAssassin
> missing Net::LDAP
> missing SAVI
> missing Mail::ClamAV
> 0.31    Net::DNS
>
>

SAVI is only needed if you want to run Spohos as "sophossavi"
Mail::ClamAV is only needed if youe want to run clamav as "calmavmodule"


Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marco at MUW.EDU  Fri Sep 24 21:07:03 2004
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:26:59 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2485.1137101219.24926.mailscanner@lists.mailscanner.info>

I am aware of the bug. I do not think you read my e-mail though.

Quoting "Michele Neylon : Blacknight Solutions"
<michele@BLACKNIGHTSOLUTIONS.COM>:

> On Fri, 2004-09-24 at 14:56 -0500, Marco Obaid wrote:
> > Hi Julian,
> >
> > What is the logic behind searching for all installed virus scanners before
> > running updage_virus_scanners script? If I am specifying in
> MailScanner.conf
> > that Sophos is the virus scanner, why search the system for all scanners?
> >
> > I installed BitDefender (demo) a month ago to try it out. Today my server
> was
> > crawling only to find out that the update_virus_scanners script was
> dragging my
> > system to its knees because of an obvious problem with BitDefender bdc
> --vlist
> > (which I am not using). I use Sophos and obviously the update scanner
> spotted
> > that I have BitDefender installed and therefore it assumed that I use it.
> >
> > Is there any way that the update script *only* looks for what is setup in
> > MailScanner.conf rather than what virus scanners are installed on the
> system?
> > If not, that is okay ... I just learned a good lesson today.
> >
> > I am sure your update_virus_scanners is constructed that way for a good
> reason,
> > I just don't see it.
> >
> > Thank you for any insights
> > Marco
> >
> There's a bug with bitdefender. See the earlier thread
>
> >
> --
> Mr Michele Neylon
> Blacknight Solutions
> http://www.blacknight.ie
> 059 9137101
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>



"I don't know the key to success, but the key to failure  is trying to
please everybody." -Bill Cosby

____________________________________________________________
    _/     _/  _/    _/  _/     _/ | Marco Obaid
   _/_/ _/_/  _/    _/  _/     _/  | Network Administrator
  _/  _/ _/  _/    _/  _/  _/ _/   | McDevitt Hall
 _/     _/  _/    _/  _/_/ _/_/    | W-Box 1621
_/     _/   _/_/_/   _/     _/     | Columbus MS 39701
____________________________________________________________
M I S S I S S I P P I  U N I V E R S I T Y  F O R  W O M E N

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Fri Sep 24 21:16:32 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:26:59 2006
Subject: Spammers using my server
Message-ID: <mailman.2486.1137101219.24926.mailscanner@lists.mailscanner.info>

Jay Ehrhart wrote:
> This morning I had over 7000 emails in my Linux server's outbound
> queue which I deleted.  My firewall log shows over 20,000 emails went
> out with a SunTrust bank announce saying to login and enter your
> username and password.
> I do not see the emails coming in like I would in a relay.  How can I
> stop this or how are they doing this?
>
> My firewall using a SMTP proxy and only allows my domain in.  I run
> MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has
> the lastest patches from Red Hat.  I have Sendmail setup to accept
> only my domain email.
>
> The non-deliverable reports are coming from my Linux apache user.
> Non-deliverables usually come from root.  I am running apache on the
> server with forms.  The forms software is the latest version and
> patches.
>
> Can anybody help on this?
>
> Thanks,
> Jay

I would certainly look at the configuration of that form processor!  I'd
take it out of service until you figure out how to secure it.  I'd also look
for other form processors on the system that maybe YOU didn't install.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Fri Sep 24 21:20:24 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2487.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> Okay, got home, had a look.  It seems the file in the Plugins directory,
> "jpeg.xmd" is the cause of the problem.  For the time being I've
> commented out these lines in the bitdefender-autoupdate script...
>
>
> LINE 190
> system  "$bitDCmd > $origFile ";

I also have Bitdefender installed, i dont even use it withing MailScanner,
but the auto update scripts gets the updates, since its installeed. I had
an load of 3 (usually .5) of the 3 x bdc, so it seems something is
fishy... And has not much to do with processsing any files, it seems some
update is doing f00.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Fri Sep 24 21:21:36 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:26:59 2006
Subject: Bitdefender problems
Message-ID: <mailman.2488.1137101219.24926.mailscanner@lists.mailscanner.info>

 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer
> Sent: Friday, September 24, 2004 12:06 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Bitdefender problems
> 
> On Fri, 2004-09-24 at 17:21, Spicer, Kevin wrote:
> > Denis Beauchemin wrote:
> > > Anyone seeing the same behaviour?  All my servers are 
> stuck on a bdc 
> > > --vlist...
> >
> > <aol>Me too!</aol>
> >
> > Killed them all,  The bdc --vlist command is in the 
> autoupdate script 
> > - but I need to go out right now so don't have the time to work out 
> > what its doing (the fact its commented in Spanish doesn't help much 
> > either - for me at least).
> 
> Okay, got home, had a look.  It seems the file in the Plugins 
> directory, "jpeg.xmd" is the cause of the problem.  For the 
> time being I've commented out these lines in the 
> bitdefender-autoupdate script...
> 
> 
> LINE 190
> system  "$bitDCmd > $origFile ";
> 
> LINE 253
> system  "$bitDCmd > $destFile ";
> 
> That seems to have done the trick.  I have reported the 
> problem and my findings to bitdefender support.
> 
> Kevin

Any word from the support yet ??? I am having the same problem..





> 
> 
> 
> 
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the 
> recipient and may contain confidential and/or privileged 
> material.  If you have received this in error, please contact 
> the sender and delete this message immediately.  Disclosure, 
> copying or other action taken in respect of this email or in 
> reliance on it is prohibited.  BMRB International Limited 
> accepts no liability in relation to any personal emails, or 
> content of any email which does not directly relate to our business.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Fri Sep 24 21:22:46 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:26:59 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2489.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> I installed BitDefender (demo) a month ago to try it out. Today my server was
> crawling only to find out that the update_virus_scanners script was dragging my
> system to its knees because of an obvious problem with BitDefender bdc --vlist
> (which I am not using). I use Sophos and obviously the update scanner spotted
> that I have BitDefender installed and therefore it assumed that I use it.

Same here, it would be VERY handy if the auto update would only update
ones mentioned the MS config, the active ones...

Completely uninstalled Bitdefender now to get it going again. Nasty.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Fri Sep 24 21:29:08 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:26:59 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2490.1137101219.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Marco Obaid wrote:
> What is the logic behind searching for all installed virus scanners before
> running updage_virus_scanners script? If I am specifying in MailScanner.conf
> that Sophos is the virus scanner, why search the system for all scanners?

This has been discussed before and I think Julian said he wanted all
virus scanners on the system to be up to date automatically.

You can just edit virus.scanners.conf if you don't like it.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Fri Sep 24 21:45:29 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2491.1137101219.24926.mailscanner@lists.mailscanner.info>

All down to a bug in Word, would you believe it. If you create the index in
normal/page view, it wraps the text differently from when in Print Preview.
So the page numbers come out all wrong.
Really sorry about this.
Corrected index is attached.

At 20:51 24/09/2004, you wrote:
>I received my copy of Julian's MailScanner book today. Was excited to use
>it, as I needed to look something up right away...
>
>First, thanks for producing it... but...
>
>The index pages are wrong. I wanted to look up info on the 'sendmail='
>option, which is listed as being on page 268 (along with a number of other
>items). Page 268 is a blank page between chapters. I have not found any
>other indicies that work yet. Razor is listed as being on page 155, 282, and
>284. The word Razor appears on 155, no mention of it on 282 or 284, nor any
>pages near those.
>
>Inline HTML Signature is shown as being on pg 253, which is a cover page. I
>found that entry on pg 244.
>
>Julian, as an index is important for reference use, could a corrected index
>be posted somewhere so we could print it out and glue it into our books?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/PDF  32KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From kevins at BMRB.CO.UK  Fri Sep 24 21:45:42 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:00 2006
Subject: Bitdefender problems
Message-ID: <mailman.2492.1137101220.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 21:21, Philip Parsons wrote:
> > That seems to have done the trick.  I have reported the
> > problem and my findings to bitdefender support.
> >
> > Kevin
>
> Any word from the support yet ??? I am having the same problem..

No, but commenting out those two lines seems to have solvd the immediate
issue.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dwinkler at ALGORITHMICS.COM  Fri Sep 24 21:49:07 2004
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:27:00 2006
Subject: Problem with IPBlock
Message-ID: <mailman.2493.1137101220.24926.mailscanner@lists.mailscanner.info>

I'd like to be able to use IPBlock but it won't open my sendmail access
file.

I've created a new blank database using:

makemap hash /etc/mail/access-ipblock < /etc/mail/access-ipblock

it creates the /etc/mail/access-ipblock.db file. I wanted to use a seperate
access file for it to test initially. By moving this file to anther system,
I can get:

# file access-ipblock.db
access-ipblock.db: Berkeley DB (Hash, version 5, big-endian)

The IPBlock DB returns:

# file IPBlock.db
IPBlock.db: Berkeley DB 1.85 (Hash, version 2, big-endian)

I made the modifications as mentioned in CustomConfig.pm, here's the
relevant section:

# You may need to configure these for your site:
my $WhitelistFile= '/opt/MailScanner/etc/IPBlock.conf';
my $LockFile     = '/var/spool/MailScanner/IPBlock.lock';
my $LogFile      = '/var/spool/MailScanner/IPBlock.log';
my $BlockDB      = '/var/spool/MailScanner/IPBlock.db';
my $AccessDB     = '/etc/mail/access-ipblock.db';
my $Refusal      = '"550 Site blocked due to excessive email"';
my $DefaultMaxMessagesPerHour = 1000; # 999999999

and created the IPBlock.conf file in /opt/MailScanner/etc.

I get these messages in the log:

Sep 24 16:02:32 lime MailScanner[4164]: IPBlock: Could not open access
database /etc/mail/access-ipblock.db

Even when running the maintenance script, I get:

# ./IPBlock-cleanup.pl
Failed to open /etc/mail/access-ipblock.db, have you got the path wrong?
Invalid argument, Illegal seek at ./IPBlock-cleanup.pl line 144.
#

I'm running MailScanner 4.32.5 and Sendmail 8.11.7p1+Sun/8.11.7.

Here's some sendmail information:

# /usr/lib/sendmail -bt -d0.10
Version 8.11.7p1+Sun
 Compiled with: LDAPMAP MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS
                QUEUE SCANF SMTP USERDB XDEBUG
    OS Defines: HASFCHOWN HASFCHMOD HASGETUSERSHELL HASINITGROUPS
                HASLSTAT HASRANDOM HASSETREUID HASSETRLIMIT HASSETSID
                HASSETVBUF HASSNPRINTF HASSTRERROR HASULIMIT HASUNAME
                HASWAITPID IDENTPROTO IP_SRCROUTE SAFENFSPATHCONF
SYS5SETPGRP
                SYSTEM5 USE_SA_SIGACTION USE_SIGLONGJMP USESETEUID

Is my sendmail just too old? Should I be upgrading some perl modules?

Thanks,

Derek

---


This email and any files transmitted with it are confidential and
proprietary to Algorithmics Incorporated and its affiliates
("Algorithmics").  If received in error, use is prohibited.  Please destroy,
and notify sender.  Sender does not waive confidentiality or privilege.
Internet communications cannot be guaranteed to be timely, secure, error or
virus-free.  Algorithmics does not accept liability for any errors or
omissions.  Any commitment intended to bind Algorithmics must be reduced to
writing and signed by an authorized signatory.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Fri Sep 24 21:50:43 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2494.1137101220.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 21:45, Julian Field wrote:
> All down to a bug in Word, would you believe it. If you create the index in
> normal/page view, it wraps the text differently from when in Print Preview.
> So the page numbers come out all wrong.
> Really sorry about this.
> Corrected index is attached.

Now if only you hadn't turned Office Assistant off..

"It looks like you're writing a book on open source software. Shall I
screw up the index for you?  [Okay]"





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pparsons at COLUMBIAFUELS.COM  Fri Sep 24 21:54:30 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:27:00 2006
Subject: Bitdefender problems
Message-ID: <mailman.2495.1137101220.24926.mailscanner@lists.mailscanner.info>

> No, but commenting out those two lines seems to have solvd 
> the immediate issue.

Yes that did the trick for me as well, thanks for that.. 



> 
> 
> 
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the 
> recipient and may contain confidential and/or privileged 
> material.  If you have received this in error, please contact 
> the sender and delete this message immediately.  Disclosure, 
> copying or other action taken in respect of this email or in 
> reliance on it is prohibited.  BMRB International Limited 
> accepts no liability in relation to any personal emails, or 
> content of any email which does not directly relate to our business.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Fri Sep 24 21:56:45 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:00 2006
Subject: Spammers using my server
Message-ID: <mailman.2496.1137101220.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 21:16, Mike Kercher wrote:
> Jay Ehrhart wrote:
> > This morning I had over 7000 emails in my Linux server's outbound
> > queue which I deleted.  My firewall log shows over 20,000 emails went
> > out with a SunTrust bank announce saying to login and enter your
> > username and password.
> > I do not see the emails coming in like I would in a relay.  How can I
> > stop this or how are they doing this?
> >
> > My firewall using a SMTP proxy and only allows my domain in.  I run
> > MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has
> > the lastest patches from Red Hat.  I have Sendmail setup to accept
> > only my domain email.
> >
> > The non-deliverable reports are coming from my Linux apache user.
> > Non-deliverables usually come from root.  I am running apache on the
> > server with forms.  The forms software is the latest version and
> > patches.
> >
> > Can anybody help on this?
> >
> > Thanks,
> > Jay
>
> I would certainly look at the configuration of that form processor!  I'd
> take it out of service until you figure out how to secure it.  I'd also look
> for other form processors on the system that maybe YOU didn't install.
>

And, if your ssh port is public make sure that the apache account
doesn't have a working login (with perhaps an easy to guess password).
There are spammers out there running programs to guess common usernames
and passwords in an attempt to grab accounts for spam sending.

It's worth auditing home directories for scripts etc. (look for hidden
directories) - also worthwhile mounting /home noexec unless you need the
exec capability in /home.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From miguelk at KONSULTEX.COM.BR  Fri Sep 24 22:16:31 2004
From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy)
Date: Thu Jan 12 21:27:00 2006
Subject: Spammers using my server
Message-ID: <mailman.2497.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jay;

I had a similar problem last month; extremely frustrating. In my case I 
tracked it down to a configuration problem with Apache. I had the 
"ProxyPass" directive on and this let the spammers use apache as a route 
to sendmail.

Check for something like this in your apache log:

access_log:168.61.4.12 - - [08/Aug/2004:16:54:45 -0300] "POST 
http://168.61.5.196:25/ HTTP/1.0" 200 2027

Miguel

Kevin Spicer wrote:

>On Fri, 2004-09-24 at 21:16, Mike Kercher wrote:
>  
>
>>Jay Ehrhart wrote:
>>    
>>
>>>This morning I had over 7000 emails in my Linux server's outbound
>>>queue which I deleted.  My firewall log shows over 20,000 emails went
>>>out with a SunTrust bank announce saying to login and enter your
>>>username and password.
>>>I do not see the emails coming in like I would in a relay.  How can I
>>>stop this or how are they doing this?
>>>
>>>My firewall using a SMTP proxy and only allows my domain in.  I run
>>>MailScanner on my Red Hat 3.0 mail server with Sendmail.  The box has
>>>the lastest patches from Red Hat.  I have Sendmail setup to accept
>>>only my domain email.
>>>
>>>The non-deliverable reports are coming from my Linux apache user.
>>>Non-deliverables usually come from root.  I am running apache on the
>>>server with forms.  The forms software is the latest version and
>>>patches.
>>>
>>>Can anybody help on this?
>>>
>>>Thanks,
>>>Jay
>>>      
>>>
>>I would certainly look at the configuration of that form processor!  I'd
>>take it out of service until you figure out how to secure it.  I'd also look
>>for other form processors on the system that maybe YOU didn't install.
>>
>>    
>>
>
>And, if your ssh port is public make sure that the apache account
>doesn't have a working login (with perhaps an easy to guess password).
>There are spammers out there running programs to guess common usernames
>and passwords in an attempt to grab accounts for spam sending.
>
>It's worth auditing home directories for scripts etc. (look for hidden
>directories) - also worthwhile mounting /home noexec unless you need the
>exec capability in /home.
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>  
>

-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From Kevin_Miller at CI.JUNEAU.AK.US  Fri Sep 24 22:20:20 2004
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2498.1137101220.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> All down to a bug in Word, would you believe it. If you create the
> index in normal/page view, it wraps the text differently from when in
> Print Preview. So the page numbers come out all wrong.
> Really sorry about this.
> Corrected index is attached.

Thanks Julian.

Might I recommend OpenOffice.org? <g>



...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator 155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ELKNET.NET  Fri Sep 24 23:31:10 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2499.1137101220.24926.mailscanner@lists.mailscanner.info>

On Fri, 24 Sep 2004 21:45:29 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

>All down to a bug in Word, would you believe it. If you create the index in
>normal/page view, it wraps the text differently from when in Print Preview.
>So the page numbers come out all wrong.
>Really sorry about this.
>Corrected index is attached.

Thanks Julian! Excellent fast response!

-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Fri Sep 24 23:38:05 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:00 2006
Subject: Another f-prot update just out
Message-ID: <mailman.2500.1137101220.24926.mailscanner@lists.mailscanner.info>

One of our customers just now reported:

"FYI.. Another release of f-prot just hit. Guess thare was a problem with
the one that just came out.."

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Fri Sep 24 23:43:05 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:00 2006
Subject: Another f-prot update just out
Message-ID: <mailman.2501.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> One of our customers just now reported:
>
> "FYI.. Another release of f-prot just hit. Guess thare was a problem with
> the one that just came out.."

No, they improoved MIME handling.

Its been running whole day on my server(s) and doing fine.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jmarc1 at jemconsult.biz  Fri Sep 24 23:44:23 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:27:00 2006
Subject: newbie help
Message-ID: <mailman.2502.1137101220.24926.mailscanner@lists.mailscanner.info>

hello Everyone,

I'm running Red Hat Enterprise Linux 3.0 with postfix and cyrus-imapd. I decided
to implement MailScanner/clamav and spamassassin. Everything seems to be running
and I've reviewed the FAQ's and configuration information. However I don't see
any tags in my emails indicating that the mail has been checked by my server.
I'm still getting spam though all the daemons are running. Can anyone help me
out?

james

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From anders.andersson at LTKALMAR.SE  Sat Sep 25 00:17:16 2004
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:27:00 2006
Subject: SV: OT: Separate Mailwatch dbserver and  access to quarantene
Message-ID: <mailman.2503.1137101220.24926.mailscanner@lists.mailscanner.info>

Thanks, I'll keep an eye on the list and let him enjoy his honeymoon in
peace.

> -----Ursprungligt meddelande-----
> Från: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] 
> Skickat: den 24 september 2004 19:17
> Till: MAILSCANNER@JISCMAIL.AC.UK
> Ämne: Re: OT: Separate Mailwatch dbserver and access to quarantene
> 
> Anders
> 
> Steve Freeguard (MW author) has some updates on this due for 
> the 0.6 release.
> 
> I'm offsite in LA (as opposed to UK normally) and hope to try 
> and pull together some todo's etc for the 0.6 release soon). 
> Steve's also getting married soon (if not this weekend) and 
> so his time for MW is limited at the moment. Keep an eye on 
> the MW users email list and hopefully in the next few weeks.
> 
> But I think there are issues with NFS for this, can't 
> remember what, but i's to do with where you run the interface 
> vs what machine actually hold s the file.
> 
> More later on the MW list
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> 
> Anders Andersson, IT wrote:
> > Hi
> > Ive been planing to setup a separate mailwatch server for my 2 
> > gateways to be able to have larger db's. Ive more or less 
> figured out 
> > how to get the logging done but Im not sure how to solve 
> the access to 
> > quarantene directory on the 2 gateways. Should I use NFS to 
> access the 
> > quaranten dirs or is there a better solution.
> > Another idea was to have one db-server for the logging and 
> instead use 
> > the interfaces on each server for releasing files etc, but 
> it would be 
> > easier for the supportppl to only have one inteface.
> >
> > How have you solved this if it can be solved
> >
> > /Anders
> >
> > ------------------------ MailScanner list 
> ------------------------ To 
> > unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the 
> > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential 
> and intended solely for the use of the individual or entity 
> to whom they are addressed. If you have received this email 
> in error please notify the system manager.
> 
> This footnote confirms that this email message has been swept 
> for the presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Sat Sep 25 02:24:21 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:27:00 2006
Subject: PDF Problems
Message-ID: <mailman.2504.1137101220.24926.mailscanner@lists.mailscanner.info>

Hello,

I know that a number of people on this list have had some issues with
corrupted PDF attachments which I am now experiencing. What is not clear, to
me at least, is if the solution was to upgrade MailScanner, ClamAV or both.
Here is what I am currently running:

This is MailScanner version 4.33.3
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
2.12    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
3.000000        Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV
0.31    Net::DNS

Can someone enlighten me? Is there a solution to this problem? I think I saw
somewhere where signing cleaned emails was a contributor to this issue. I am
signing cleaned emails so should I not be?

Cheers

Dave

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From denis at CROOMBS.ORG  Sat Sep 25 08:51:51 2004
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2505.1137101220.24926.mailscanner@lists.mailscanner.info>

> >All down to a bug in Word, would you believe it. If you create the index
in
> >normal/page view, it wraps the text differently from when in Print
Preview.
> >So the page numbers come out all wrong.
> >Really sorry about this.
> >Corrected index is attached.
>
> Thanks Julian! Excellent fast response!
Hi Julian

Can I also have a copy of the corrected index as my copy of the book has
been dispatched to me.

Thanks

Denis


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Marvin the E-Mail scanner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From pz at CHRIST-NET.SK  Sat Sep 25 09:38:30 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:27:00 2006
Subject: MailWatch authentification
Message-ID: <mailman.2506.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello,
can anybody help me with this problem?

I have installed last version of MailWatch for MailScanner.

MailScanner works fine - record are stored in the MySQL database
mailscanner.

conf.php in mailscanner web directory is configured (username and
password), but i still cant log in into web MailWatch.

Please help.

Peter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Sat Sep 25 10:54:03 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions)
Date: Thu Jan 12 21:27:00 2006
Subject: Bitdefender problems
Message-ID: <mailman.2507.1137101220.24926.mailscanner@lists.mailscanner.info>

On Fri, 2004-09-24 at 20:06 +0100, Kevin Spicer wrote:
> On Fri, 2004-09-24 at 17:21, Spicer, Kevin wrote:
> > Denis Beauchemin wrote:
> > > Anyone seeing the same behaviour?  All my servers are stuck on a bdc
> > > --vlist...
> >
> > <aol>Me too!</aol>
> >
> > Killed them all,  The bdc --vlist command is in the autoupdate script -
> > but I need to go out right now so don't have the time to work out what
> > its doing (the fact its commented in Spanish doesn't help much either -
> > for me at least).
>
> Okay, got home, had a look.  It seems the file in the Plugins directory,
> "jpeg.xmd" is the cause of the problem.  For the time being I've
> commented out these lines in the bitdefender-autoupdate script...
>
>
> LINE 190
> system  "$bitDCmd > $origFile ";
>
> LINE 253
> system  "$bitDCmd > $destFile ";
>
> That seems to have done the trick.  I have reported the problem and my
> findings to bitdefender support.
Kevin

Thank you ever so much for that! We found it killing any server that
bitdefender was running on :(

Michele

--
 Mr. Michele Neylon
Blacknight Solutions
Hosting, Co-location & Domain Registration
http://www.blacknight.ie/
Tel. +353 (0)59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sat Sep 25 11:55:47 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2508.1137101220.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-09-25 at 08:51, Denis Croombs wrote:
> Can I also have a copy of the corrected index as my copy of the book has
> been dispatched to me.

It was attached to Julians previous post.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Sat Sep 25 11:57:27 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:00 2006
Subject: MailWatch authentification
Message-ID: <mailman.2509.1137101220.24926.mailscanner@lists.mailscanner.info>

On Sat, 2004-09-25 at 09:38, Peter Zimen wrote:
> Hello,
> can anybody help me with this problem?
>
When you start a new thread please start with a new message - don't
reply to an existing message and change the subject as this breaks tings
for people with threaded message lists in their mail clients.

Thanks




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 13:26:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner book came today
Message-ID: <mailman.2510.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just updated the book on the web site so it has a fixed index. Very
sorry about that, never imagined that page view and print preview would
paginate the document differently!
Aargh!

At 20:51 24/09/2004, you wrote:
>The index pages are wrong.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 14:12:17 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: checking outgoing mail attachments
Message-ID: <mailman.2511.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:45 24/09/2004, you wrote:
>Greg Deputy wrote:
>>Wait, so you're essentially doing nested/include rules files?  I thought
>>that wasn't supported?  Did I miss something?
>
>>>>You need to set in MailScanner.conf:
>>>>
>>>>Filename Rules = %rules-dir%/filename.rules.rules
>>>>
>>>>In the above file you put your content:
>>>>
>>>>From:   192.168.217.26   /etc/rules/filenameoutgoing.rules.conf
>>>>From:   default          /etc/rules/filenameincoming.rules.conf
>>>>
>>>>Copy the standard filename.rules.conf into the two above files and
>>>>edit them to suite your purpose. Reload MailScanner.
>
>No, he's just setting the value of Filename Rules to a file name. Don't
>confuse the file name rules with a ruleset.

The one place you can effectively nest rules is that you can have a line in
a ruleset that looks like
From: /path/to/file/customers.txt yes
This will produce the value "yes" for mail from any address/pattern/domain
listed in /path/to/file/customers.txt.
You might want to use this in your spam whitelist for example.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 14:14:21 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2512.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I did some more work on this script yesterday, adding a few more modules to
it to improve the behaviour of the RPM version.

At 20:40 24/09/2004, you wrote:
>I finally bit the bullet and upgraded this morning. I also used Julian's
>install.sh for the latest and greatest ClamAV and SA. The SA seemed to have
>a problem so I'll have to go back and look at that. I think it was a pod2man
>dependency problem and have ran into that before but can't remember what I
>did to fix it.
>
>But my question for now is... the following is the output of MailScanner -v.
>I see at the bottom there are a few missing, I don't use LDAP and don't know
>what SAVI is, but is "missing Mail::ClamAV" a problem?

SAVI is Sophos's equivalent of Mail::ClamAV. Mail::ClamAV is a perl module
which allows you to use the "clamavmodule" scanner in MailScanner.conf.
It's not needed if you use "clamav", only if you use "clamavmodule".



>[root@gw-mail log]# MailScanner -v
>Running on
>Linux gw-mail.aiainsurance.com 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004
>i686 i686 i386 GNU/Linux
>This is Red Hat Linux release 9 (Shrike)
>This is Perl version 5.008000 (5.8.0)
>This is MailScanner version 4.33.3
>Module versions are:
>1.00    AnyDBM_File
>1.10    Archive::Zip
>1.01    Carp
>1.119   Convert::BinHex
>1.00    DirHandle
>1.04    Fcntl
>2.71    File::Basename
>2.05    File::Copy
>2.01    FileHandle
>1.05    File::Path
>1.23    HTML::Entities
>3.26    HTML::Parser
>2.24    HTML::TokeParser
>1.20    IO
>1.09    IO::File
>1.122   IO::Pipe
>2.12    MIME::Base64
>5.403   MIME::Decoder
>5.403   MIME::Decoder::UU
>5.403   MIME::Head
>5.406   MIME::Parser
>5.411   MIME::Tools
>0.09    Net::CIDR
>1.05    POSIX
>1.75    Socket
>0.03    Sys::Syslog
>1.02    Time::localtime
>Optional module versions are:
>2.63    Mail::SpamAssassin
>missing Net::LDAP
>missing SAVI
>missing Mail::ClamAV
>0.31    Net::DNS
>
>
>TIA!
>Ken
>
>Ken Goods
>Network Administrator
>AIA Insurance, Inc.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 14:16:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: Updating Virus Scanners
Message-ID: <mailman.2513.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:56 24/09/2004, you wrote:
>Hi Julian,
>
>What is the logic behind searching for all installed virus scanners before
>running updage_virus_scanners script? If I am specifying in MailScanner.conf
>that Sophos is the virus scanner, why search the system for all scanners?
>
>I installed BitDefender (demo) a month ago to try it out. Today my server was
>crawling only to find out that the update_virus_scanners script was
>dragging my
>system to its knees because of an obvious problem with BitDefender bdc --vlist
>(which I am not using). I use Sophos and obviously the update scanner spotted
>that I have BitDefender installed and therefore it assumed that I use it.
>
>Is there any way that the update script *only* looks for what is setup in
>MailScanner.conf rather than what virus scanners are installed on the system?
>If not, that is okay ... I just learned a good lesson today.
>
>I am sure your update_virus_scanners is constructed that way for a good
>reason,
>I just don't see it.

The reason is that you might well install a scanner, come back a while
later and decide to start using it. At the point you start using it, you
need it to be already up to date with virus signatures. If I only updated
scanners that were in active use by MailScanner, then when you started
using a new scanner it wouldn't be up to date for the first hour, and would
let viruses through.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 14:20:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: Problem with IPBlock
Message-ID: <mailman.2514.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I guess it's to do with the db format. Have you tried updating DBI and
AnyDBM_File? you might want to check the exact names of them in CPAN, I may
have got the names wrong.

Your sendmail certainly isn't too old, I have used this on 8.9.1.

At 21:49 24/09/2004, you wrote:
>I'd like to be able to use IPBlock but it won't open my sendmail access
>file.
>
>I've created a new blank database using:
>
>makemap hash /etc/mail/access-ipblock < /etc/mail/access-ipblock
>
>it creates the /etc/mail/access-ipblock.db file. I wanted to use a seperate
>access file for it to test initially. By moving this file to anther system,
>I can get:
>
># file access-ipblock.db
>access-ipblock.db: Berkeley DB (Hash, version 5, big-endian)
>
>The IPBlock DB returns:
>
># file IPBlock.db
>IPBlock.db: Berkeley DB 1.85 (Hash, version 2, big-endian)
>
>I made the modifications as mentioned in CustomConfig.pm, here's the
>relevant section:
>
># You may need to configure these for your site:
>my $WhitelistFile= '/opt/MailScanner/etc/IPBlock.conf';
>my $LockFile     = '/var/spool/MailScanner/IPBlock.lock';
>my $LogFile      = '/var/spool/MailScanner/IPBlock.log';
>my $BlockDB      = '/var/spool/MailScanner/IPBlock.db';
>my $AccessDB     = '/etc/mail/access-ipblock.db';
>my $Refusal      = '"550 Site blocked due to excessive email"';
>my $DefaultMaxMessagesPerHour = 1000; # 999999999
>
>and created the IPBlock.conf file in /opt/MailScanner/etc.
>
>I get these messages in the log:
>
>Sep 24 16:02:32 lime MailScanner[4164]: IPBlock: Could not open access
>database /etc/mail/access-ipblock.db
>
>Even when running the maintenance script, I get:
>
># ./IPBlock-cleanup.pl
>Failed to open /etc/mail/access-ipblock.db, have you got the path wrong?
>Invalid argument, Illegal seek at ./IPBlock-cleanup.pl line 144.
>#
>
>I'm running MailScanner 4.32.5 and Sendmail 8.11.7p1+Sun/8.11.7.
>
>Here's some sendmail information:
>
># /usr/lib/sendmail -bt -d0.10
>Version 8.11.7p1+Sun
>  Compiled with: LDAPMAP MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
>                 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS
>                 QUEUE SCANF SMTP USERDB XDEBUG
>     OS Defines: HASFCHOWN HASFCHMOD HASGETUSERSHELL HASINITGROUPS
>                 HASLSTAT HASRANDOM HASSETREUID HASSETRLIMIT HASSETSID
>                 HASSETVBUF HASSNPRINTF HASSTRERROR HASULIMIT HASUNAME
>                 HASWAITPID IDENTPROTO IP_SRCROUTE SAFENFSPATHCONF
>SYS5SETPGRP
>                 SYSTEM5 USE_SA_SIGACTION USE_SIGLONGJMP USESETEUID
>
>Is my sendmail just too old? Should I be upgrading some perl modules?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 14:23:23 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: PDF Problems
Message-ID: <mailman.2515.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Please can you try MailScanner 4.34.4, MIME::Base64 3.03 and MIME-tools 5.413.
This combination should have fixed all the PDF attachment problems, which
are caused by incorrect quoted-printable MIME encoding of PDF files by Outlook.

At 02:24 25/09/2004, you wrote:
>Hello,
>
>I know that a number of people on this list have had some issues with
>corrupted PDF attachments which I am now experiencing. What is not clear, to
>me at least, is if the solution was to upgrade MailScanner, ClamAV or both.
>Here is what I am currently running:
>
>This is MailScanner version 4.33.3
>Module versions are:
>1.00    AnyDBM_File
>1.13    Archive::Zip
>1.01    Carp
>1.119   Convert::BinHex
>1.00    DirHandle
>1.04    Fcntl
>2.71    File::Basename
>2.05    File::Copy
>2.01    FileHandle
>1.05    File::Path
>0.13    File::Temp
>1.23    HTML::Entities
>3.26    HTML::Parser
>2.24    HTML::TokeParser
>1.20    IO
>1.09    IO::File
>1.122   IO::Pipe
>2.12    MIME::Base64
>5.403   MIME::Decoder
>5.403   MIME::Decoder::UU
>5.403   MIME::Head
>5.406   MIME::Parser
>5.411   MIME::Tools
>0.09    Net::CIDR
>1.05    POSIX
>1.75    Socket
>0.03    Sys::Syslog
>1.02    Time::localtime
>Optional module versions are:
>3.000000        Mail::SpamAssassin
>missing Net::LDAP
>missing SAVI
>0.11    Mail::ClamAV
>0.31    Net::DNS
>
>Can someone enlighten me? Is there a solution to this problem? I think I saw
>somewhere where signing cleaned emails was a contributor to this issue. I am
>signing cleaned emails so should I not be?
>
>Cheers
>
>Dave
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Sat Sep 25 14:51:30 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:00 2006
Subject: MailWatch authentification
Message-ID: <mailman.2516.1137101220.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Peter Zimen
> Sent: Saturday, September 25, 2004 4:39 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailWatch authentification
>
> Hello,
> can anybody help me with this problem?
>
> I have installed last version of MailWatch for MailScanner.
>
> MailScanner works fine - record are stored in the MySQL database
> mailscanner.
>
> conf.php in mailscanner web directory is configured (username and
> password), but i still cant log in into web MailWatch.
>
> Please help.
>

You probably need to create the "Web user" in the users table in the
mailscanner database:

mysql mailscanner -umailwatch -p<Your mailwatch user's password>

mysql> INSERT INTO users VALUES ('mailwatch',md5('password'),'MailWatch Web
User','A');

mysql> flush privileges;

mysql> quit

Then login to the web interface with:

username:        mailwatch
password:        password

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rpotter at RPCS.NET  Sat Sep 25 14:53:20 2004
From: rpotter at RPCS.NET (Richard Potter)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2517.1137101220.24926.mailscanner@lists.mailscanner.info>

On Sat, 25 Sep 2004, Julian Field wrote:

> I did some more work on this script yesterday, adding a few more modules to
> it to improve the behaviour of the RPM version.

Julian...  perl-Test-Manifest-0.95-1.src.rpm is missing from the perl-rpm
directory.

Richard


> At 20:40 24/09/2004, you wrote:
> >I finally bit the bullet and upgraded this morning. I also used Julian's
> >install.sh for the latest and greatest ClamAV and SA. The SA seemed to have
> >a problem so I'll have to go back and look at that. I think it was a pod2man
> >dependency problem and have ran into that before but can't remember what I
> >did to fix it.
> >
> >But my question for now is... the following is the output of MailScanner -v.
> >I see at the bottom there are a few missing, I don't use LDAP and don't know
> >what SAVI is, but is "missing Mail::ClamAV" a problem?
>
> SAVI is Sophos's equivalent of Mail::ClamAV. Mail::ClamAV is a perl module
> which allows you to use the "clamavmodule" scanner in MailScanner.conf.
> It's not needed if you use "clamav", only if you use "clamavmodule".
>
>
>
> >[root@gw-mail log]# MailScanner -v
> >Running on
> >Linux gw-mail.aiainsurance.com 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004
> >i686 i686 i386 GNU/Linux
> >This is Red Hat Linux release 9 (Shrike)
> >This is Perl version 5.008000 (5.8.0)
> >This is MailScanner version 4.33.3
> >Module versions are:
> >1.00    AnyDBM_File
> >1.10    Archive::Zip
> >1.01    Carp
> >1.119   Convert::BinHex
> >1.00    DirHandle
> >1.04    Fcntl
> >2.71    File::Basename
> >2.05    File::Copy
> >2.01    FileHandle
> >1.05    File::Path
> >1.23    HTML::Entities
> >3.26    HTML::Parser
> >2.24    HTML::TokeParser
> >1.20    IO
> >1.09    IO::File
> >1.122   IO::Pipe
> >2.12    MIME::Base64
> >5.403   MIME::Decoder
> >5.403   MIME::Decoder::UU
> >5.403   MIME::Head
> >5.406   MIME::Parser
> >5.411   MIME::Tools
> >0.09    Net::CIDR
> >1.05    POSIX
> >1.75    Socket
> >0.03    Sys::Syslog
> >1.02    Time::localtime
> >Optional module versions are:
> >2.63    Mail::SpamAssassin
> >missing Net::LDAP
> >missing SAVI
> >missing Mail::ClamAV
> >0.31    Net::DNS
> >
> >
> >TIA!
> >Ken
> >
> >Ken Goods
> >Network Administrator
> >AIA Insurance, Inc.
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


Cheers!
--
Richard Potter
Re/Max Team ideal Realty Inc.
Kingston, ON  CANADA              http://www.kingstonhouses.ca

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dfilchak at sympatico.ca  Sat Sep 25 15:26:05 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:27:00 2006
Subject: Upgrade problems - errors
Message-ID: <mailman.2518.1137101220.24926.mailscanner@lists.mailscanner.info>

Hi,

In trying to solve a PDF corruption problem, Julian suggested that I update
to MailScanner 4.34.4, MIME::Base64 3.03 and MIME-tools 5.413. I did this
and didn't notice any errors and everything seemed to install OK. Restarted
MailScanner and the logs show the following:

 Cannot parse /var/spool/MailScanner/incoming/11846/i8PEBIw7017451.header
and , MIME::QuotedPrint version 3.03 required--this is only version 2.03 at
/usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line 57.
Sep 25 10:11:56 rosewood MailScanner[11846]: BEGIN failed--compilation
aborted at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line
57.
Sep 25 10:11:56 rosewood MailScanner[11846]: Compilation failed in require
at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder.pm line 171.

And a bit further down:

Could not open file
>/var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header: No such file
or directory
Sep 25 10:19:50 rosewood MailScanner[17530]: Cannot create + lock headers
file /var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header,

Basically... No mail is flowing thru my server at the moment so any help is
appreciated ;-(

Current versions:

This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)

This is MailScanner version 4.34.4
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
3.03    MIME::Base64
5.413   MIME::Decoder
5.413   MIME::Decoder::UU
5.413   MIME::Head
5.413   MIME::Parser
5.413   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
1.806   DB_File
1.00    Digest
1.01    Digest::HMAC
2.20    Digest::MD5
2.01    Digest::SHA1
0.44    Inline
0.11    Mail::ClamAV
3.000000        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.31    Net::DNS
missing Net::LDAP
1.94    Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.26    Test::Harness
0.47    Test::Simple
1.89    Text::Balanced
1.21    URI

Dave

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 15:31:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner upgrade question.
Message-ID: <mailman.2519.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:53 25/09/2004, you wrote:
>On Sat, 25 Sep 2004, Julian Field wrote:
>
> > I did some more work on this script yesterday, adding a few more modules to
> > it to improve the behaviour of the RPM version.
>
>Julian...  perl-Test-Manifest-0.95-1.src.rpm is missing from the perl-rpm
>directory.

Should be there now.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pz at CHRIST-NET.SK  Sat Sep 25 15:36:06 2004
From: pz at CHRIST-NET.SK (Peter Zimen)
Date: Thu Jan 12 21:27:00 2006
Subject: MailWatch authentification
Message-ID: <mailman.2520.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, this was problem, I work with MySQL via phpmydmin and i set NO md5
but PASSWORD.

All works fine. Thanks.

On 25.9.2004, at 15:51, Steve Swaney wrote:

>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Peter Zimen
>> Sent: Saturday, September 25, 2004 4:39 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: MailWatch authentification
>>
>> Hello,
>> can anybody help me with this problem?
>>
>> I have installed last version of MailWatch for MailScanner.
>>
>> MailScanner works fine - record are stored in the MySQL database
>> mailscanner.
>>
>> conf.php in mailscanner web directory is configured (username and
>> password), but i still cant log in into web MailWatch.
>>
>> Please help.
>>
>
> You probably need to create the "Web user" in the users table in the
> mailscanner database:
>
> mysql mailscanner -umailwatch -p<Your mailwatch user's password>
>
> mysql> INSERT INTO users VALUES
> ('mailwatch',md5('password'),'MailWatch Web
> User','A');
>
> mysql> flush privileges;
>
> mysql> quit
>
> Then login to the web interface with:
>
> username:        mailwatch
> password:        password
>
> Steve
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney@fsl.com
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>


__

S pozdravom

Peter Zimen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 15:59:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: Upgrade problems - errors
Message-ID: <mailman.2521.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
How did you do the MIME::Base64 upgrade? You often have to "--force" or
"force install" this one. There is a problem whereby MIME::Base64 also
includes MIME::QuotedPrint but doesn't always install it. You need 3.03 of
both of these.

At 15:26 25/09/2004, you wrote:
>Hi,
>
>In trying to solve a PDF corruption problem, Julian suggested that I update
>to MailScanner 4.34.4, MIME::Base64 3.03 and MIME-tools 5.413. I did this
>and didn't notice any errors and everything seemed to install OK. Restarted
>MailScanner and the logs show the following:
>
>  Cannot parse /var/spool/MailScanner/incoming/11846/i8PEBIw7017451.header
>and , MIME::QuotedPrint version 3.03 required--this is only version 2.03 at
>/usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line 57.
>Sep 25 10:11:56 rosewood MailScanner[11846]: BEGIN failed--compilation
>aborted at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line
>57.
>Sep 25 10:11:56 rosewood MailScanner[11846]: Compilation failed in require
>at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder.pm line 171.
>
>And a bit further down:
>
>Could not open file
> >/var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header: No such file
>or directory
>Sep 25 10:19:50 rosewood MailScanner[17530]: Cannot create + lock headers
>file /var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header,
>
>Basically... No mail is flowing thru my server at the moment so any help is
>appreciated ;-(
>
>Current versions:
>
>This is Red Hat Linux release 9 (Shrike)
>This is Perl version 5.008000 (5.8.0)
>
>This is MailScanner version 4.34.4
>Module versions are:
>1.00    AnyDBM_File
>1.13    Archive::Zip
>1.01    Carp
>1.119   Convert::BinHex
>1.00    DirHandle
>1.04    Fcntl
>2.71    File::Basename
>2.05    File::Copy
>2.01    FileHandle
>1.05    File::Path
>0.13    File::Temp
>1.23    HTML::Entities
>3.26    HTML::Parser
>2.24    HTML::TokeParser
>1.20    IO
>1.09    IO::File
>1.122   IO::Pipe
>3.03    MIME::Base64
>5.413   MIME::Decoder
>5.413   MIME::Decoder::UU
>5.413   MIME::Head
>5.413   MIME::Parser
>5.413   MIME::Tools
>0.09    Net::CIDR
>1.05    POSIX
>1.75    Socket
>0.03    Sys::Syslog
>1.02    Time::localtime
>
>Optional module versions are:
>1.806   DB_File
>1.00    Digest
>1.01    Digest::HMAC
>2.20    Digest::MD5
>2.01    Digest::SHA1
>0.44    Inline
>0.11    Mail::ClamAV
>3.000000        Mail::SpamAssassin
>missing Mail::SPF::Query
>missing Net::CIDR::Lite
>0.31    Net::DNS
>missing Net::LDAP
>1.94    Parse::RecDescent
>missing SAVI
>missing Sys::Hostname::Long
>2.26    Test::Harness
>0.47    Test::Simple
>1.89    Text::Balanced
>1.21    URI
>
>Dave
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dfilchak at sympatico.ca  Sat Sep 25 16:01:17 2004
From: dfilchak at sympatico.ca (Dave Filchak)
Date: Thu Jan 12 21:27:00 2006
Subject: Upgrade problems - errors
Message-ID: <mailman.2522.1137101220.24926.mailscanner@lists.mailscanner.info>

OK ... Did a rpm -Uvh --force
/usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.03-1.i386.rpm and restarted
MailScanner and it seems to be working again and the PDF corruption seems to
be gone.

Is this something that is missing from the install??

Thanks for your feedback.

Dave

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dave Filchak
Sent: Saturday, September 25, 2004 10:26 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Upgrade problems - errors

Hi,

In trying to solve a PDF corruption problem, Julian suggested that I update
to MailScanner 4.34.4, MIME::Base64 3.03 and MIME-tools 5.413. I did this
and didn't notice any errors and everything seemed to install OK. Restarted
MailScanner and the logs show the following:

 Cannot parse /var/spool/MailScanner/incoming/11846/i8PEBIw7017451.header
and , MIME::QuotedPrint version 3.03 required--this is only version 2.03 at
/usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line 57.
Sep 25 10:11:56 rosewood MailScanner[11846]: BEGIN failed--compilation
aborted at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/QuotedPrint.pm line
57.
Sep 25 10:11:56 rosewood MailScanner[11846]: Compilation failed in require
at /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder.pm line 171.

And a bit further down:

Could not open file
>/var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header: No such
>file
or directory
Sep 25 10:19:50 rosewood MailScanner[17530]: Cannot create + lock headers
file /var/spool/MailScanner/incoming/17530/i8PEJjGA017608.header,

Basically... No mail is flowing thru my server at the moment so any help is
appreciated ;-(

Current versions:

This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000
(5.8.0)

This is MailScanner version 4.34.4
Module versions are:
1.00    AnyDBM_File
1.13    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.13    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
3.03    MIME::Base64
5.413   MIME::Decoder
5.413   MIME::Decoder::UU
5.413   MIME::Head
5.413   MIME::Parser
5.413   MIME::Tools
0.09    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
1.806   DB_File
1.00    Digest
1.01    Digest::HMAC
2.20    Digest::MD5
2.01    Digest::SHA1
0.44    Inline
0.11    Mail::ClamAV
3.000000        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.31    Net::DNS
missing Net::LDAP
1.94    Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.26    Test::Harness
0.47    Test::Simple
1.89    Text::Balanced
1.21    URI

Dave

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike at CAMAROSS.NET  Sat Sep 25 16:40:35 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:27:00 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2523.1137101220.24926.mailscanner@lists.mailscanner.info>

Peter Bonivart wrote:
> Mike Kercher wrote:
>> I just noticed that I have a TON of the files mentioned above in my
>> /root/.spamassassin directory.
>>
>> Is it safe to delete these after a period of time?  I'm thinking
>> something like this in crontab:
>>
>> 0 2 * * * /usr/bin/find /root/.spamassassin -mtime +7|xargs rm -f
>>> /dev/null
>> 2>&1
>>
>> Yes?  No?  Maybe?
>
> Yes but you have a problem with the expire mechanism of SA. Read here
> for more info:
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/317.html

Thanks for the info.  Are these steps still necessary when my
MailScanner.conf says to Rebuild Bayes Every = 86400 ?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 17:08:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: Contents and Index of The Book
Message-ID: <mailman.2524.1137101220.24926.mailscanner@lists.mailscanner.info>

At 16:53 25/09/2004, you wrote:
>hello
>can you give me a content information about your book / index of the book?

Attached.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/PDF  200KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From admin at thenamegame.com  Sat Sep 25 17:47:41 2004
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:27:00 2006
Subject: Bayes is not rebuilding
Message-ID: <mailman.2525.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have not seen a single instance of the Bayes rebuild in
our logs for over a week. Im not sure how many weeks Bayes has not been
rebuilding for but I just happen to notice it a few days ago. In
MailScanner.conf I have;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># If you are using the Bayesian statistics engine on a busy
server,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># you may well need to force a Bayesian database rebuild and
expiry<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># at regular intervals. This is measures in seconds. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># 1 day = 86400 seconds. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># To disable this feature set this to 0. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Rebuild Bayes Every = 86400 <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># The Bayesian database rebuild and expiry may take a 2 or 3
minutes<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># to complete. During this time you can either wait, or
simply <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># disable SpamAssassin checks until it has completed.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Wait During Bayes Rebuild = yes<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>And in spam.assassin.prefs.conf I have set auto expire to 0.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Anyone know why all of a sudden this has stopped working?<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From alex at ERUS.CO.UK  Sat Sep 25 18:35:35 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin 3.0 upgrade on Debian
Message-ID: <mailman.2526.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-html>
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I upgraded SpamAssassin to the latest unstable debian
package this morning (3.0.0-1) and this has broken mailscanner.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I get the following in the syslog:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 25 18:19:12 server01 MailScanner[20127]: MailScanner
E-Mail Virus Scanner version 4.33.3 starting... <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sep 25 18:19:13 server01 MailScanner[20127]: SpamAssassin
installation could not be found<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>And with the debug settings on I get this:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>server01:~#
/usr/sbin/check_mailscanner&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Starting MailScanner...<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>In Debugging mode, not forking...<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>SpamAssassin installation could not be found at
/usr/share/MailScanner/MailScanner/SA.pm line 119<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I&#8217;ve looked in the file mentioned at line 119 but it
seems to be code to print the error.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I&#8217;m guessing that the new spamassassin changes the
location of something but I can&#8217;t seem to find what it is.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Anybody any ideas?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Alex<o:p></o:p></span></font></p>

</div>

</body>

</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mike at CAMAROSS.NET  Sat Sep 25 20:16:00 2004
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin 3.0 upgrade on Debian
Message-ID: <mailman.2527.1137101220.24926.mailscanner@lists.mailscanner.info>

From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Alex Pimperton
Sent: Saturday, September 25, 2004 12:36 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SpamAssassin 3.0 upgrade on Debian

Hi
I upgraded SpamAssassin to the latest unstable debian package this morning
(3.0.0-1) and this has broken mailscanner.
I get the following in the syslog:
Sep 25 18:19:12 server01 MailScanner[20127]: MailScanner E-Mail Virus
Scanner version 4.33.3 starting...

Sep 25 18:19:13 server01 MailScanner[20127]: SpamAssassin installation could
not be found
And with the debug settings on I get this:
server01:~# /usr/sbin/check_mailscanner

Starting MailScanner...
In Debugging mode, not forking...
SpamAssassin installation could not be found at
/usr/share/MailScanner/MailScanner/SA.pm line 119
I've looked in the file mentioned at line 119 but it seems to be code to
print the error.
I'm guessing that the new spamassassin changes the location of something but
I can't seem to find what it is.

Anybody any ideas?

Thanks

Alex

______________________________


How did you install SpamAssassin?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Sat Sep 25 20:54:09 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin 3.0 upgrade on Debian
Message-ID: <mailman.2528.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Kercher wrote:

>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Alex Pimperton
>Sent: Saturday, September 25, 2004 12:36 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: SpamAssassin 3.0 upgrade on Debian
>
>Hi
>I upgraded SpamAssassin to the latest unstable debian package this morning
>(3.0.0-1) and this has broken mailscanner.
>I get the following in the syslog:
>Sep 25 18:19:12 server01 MailScanner[20127]: MailScanner E-Mail Virus
>Scanner version 4.33.3 starting...
>
>Sep 25 18:19:13 server01 MailScanner[20127]: SpamAssassin installation could
>not be found
>And with the debug settings on I get this:
>server01:~# /usr/sbin/check_mailscanner
>
>Starting MailScanner...
>In Debugging mode, not forking...
>SpamAssassin installation could not be found at
>/usr/share/MailScanner/MailScanner/SA.pm line 119
>I've looked in the file mentioned at line 119 but it seems to be code to
>print the error.
>I'm guessing that the new spamassassin changes the location of something but
>I can't seem to find what it is.
>
>Anybody any ideas?
>
>Thanks
>
>Alex
>
>______________________________
>
>
>How did you install SpamAssassin?
>
>Mike
>
>
>
I used apt. It happened during an apt-get upgrade.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Sep 25 22:04:10 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:00 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2529.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Mike Kercher wrote:
>>http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html
>>http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/317.html
>
> Thanks for the info.  Are these steps still necessary when my
> MailScanner.conf says to Rebuild Bayes Every = 86400 ?

As I have noted at the end of one of the FAQ entries MS can now do this
for you by setting Rebuild Bayes Every but many, including myself, still
run the expire from cron. The most important thing is to set
bayes_auto_expire to 0 (uncomment it in spam.assassin.prefs.conf),
otherwise the two methods will compete and cause trouble for you. MS
method for autoexpiry is simply broken and must be disabled. Maybe they
have fixed it for 3.0.0 but I wouldn't take any chances.

Since I set up my systems according to the FAQ I haven't had a single
expire or lock file in nine months.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Sep 25 22:09:38 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:00 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2530.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Peter Bonivart wrote:
> otherwise the two methods will compete and cause trouble for you. MS
> method for autoexpiry is simply broken and must be disabled. Maybe they
> have fixed it for 3.0.0 but I wouldn't take any chances.

I of course mean that SpamAssassins method for autoexpiry is broken, not
MailScanners. Sorry for that.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sat Sep 25 22:15:05 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2531.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:09 25/09/2004, you wrote:
>Peter Bonivart wrote:
>>otherwise the two methods will compete and cause trouble for you. MS
>>method for autoexpiry is simply broken and must be disabled. Maybe they
>>have fixed it for 3.0.0 but I wouldn't take any chances.
>
>I of course mean that SpamAssassins method for autoexpiry is broken, not
>MailScanners. Sorry for that.

You got me worried for a moment there... :o)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Sat Sep 25 22:26:52 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:00 2006
Subject: bayes.lock and bayes_toks.expire files piling up
Message-ID: <mailman.2532.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
>> I of course mean that SpamAssassins method for autoexpiry is broken, not
>> MailScanners. Sorry for that.
>
> You got me worried for a moment there... :o)

Sorry. :-) Do you know if they have fixed it for 3.0.0? I haven't tried
it yet, would be nice if it worked in SA so we don't need the workarounds.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From isp-list at TULSACONNECT.COM  Sat Sep 25 23:08:04 2004
From: isp-list at TULSACONNECT.COM (Mike Bacher)
Date: Thu Jan 12 21:27:00 2006
Subject: Using SpamAssassin for per-user whitelists?
Message-ID: <mailman.2533.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I know there have been issues in the past with MS + exim and per-user
whitelists with multiple recipients.  Now that SA 3.0 supports storing
user preferences via SQL, it looks like it should be possible to use
that for per-user whitelists.  Am I on track here?  That is, will using
SA's per-user whitelists eliminate the multiple recipient issue in MS?

--

-----------------------------------------
Mike Bacher / isp-list@tulsaconnect.com
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Sun Sep 26 01:13:20 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:27:00 2006
Subject: newbie help
Message-ID: <mailman.2534.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James Marcinek wrote:
> hello Everyone,
>
> I'm running Red Hat Enterprise Linux 3.0 with postfix and cyrus-imapd. I decided
> to implement MailScanner/clamav and spamassassin. Everything seems to be running
> and I've reviewed the FAQ's and configuration information. However I don't see
> any tags in my emails indicating that the mail has been checked by my server.
> I'm still getting spam though all the daemons are running. Can anyone help me
> out?

See the install section in the MAQ.  Well, go through the MAQ while
you're there :).

>
> james
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From shearmagic at gmail.com  Sun Sep 26 08:26:19 2004
From: shearmagic at gmail.com (Edmond Yeoh)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2535.1137101220.24926.mailscanner@lists.mailscanner.info>

Hi everyone,

I would like to ask if anyone have managed to load user-based spam
rules from a mysql database.

I have did the following in the configuration file, but it does not work.

  user_scores_dsn                       DBI:mysql:spam:localhost
  user_scores_sql_username        spam
  user_scores_sql_password        pass
  user_scores_sql_table               userpref

>From my research so far, I found out that MailScanner's use of
spamassassin does not use the spamc / spamd but calls the perl
function library directly.

Can anyone provide some hints on what can be done to load the user
spam rules from a database? Any kind of help / comments would be
greatly appreciated. Thanks!

Edmond

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Sun Sep 26 09:35:53 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:00 2006
Subject: small bug in install-Clam-SA
Message-ID: <mailman.2536.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
There is a small bug in install-Clam-SA

Attempting to build and install Business-ISBN-1.71
Unpacking perl-tar/Business-ISBN-1.71.tar.gz
Missing file perl-tar/Business-ISBN-1.71.tar.gz . Are you in the right
directory?

Missing directory /tmp/Business-ISBN-1.71 .
Maybe it did not build correctly?


The version included in the package is 1.74 and I think the path is not
correct :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From shearmagic at gmail.com  Sun Sep 26 10:54:22 2004
From: shearmagic at gmail.com (Edmond Yeoh)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin SQL User Preferences
Message-ID: <mailman.2537.1137101220.24926.mailscanner@lists.mailscanner.info>

Hi everyone,

I am re-sending this email as my initial email was rejected by the
list server. My apologies if you are getting 2 copies of this email.

I would like to ask if anyone have managed to load user-based spam
rules from a mysql database.

I have did the following in the configuration file, but it does not work.

 user_scores_dsn                       DBI:mysql:spam:localhost
 user_scores_sql_username        spam
 user_scores_sql_password        pass
 user_scores_sql_table               userpref

>From my research so far, I found out that MailScanner's use of
spamassassin does not use the spamc / spamd but calls the perl
function library directly. Is there a way I can do this without
running spamc or spamd ? What is the best way to workaround this
issue?

Any kind of help / comments would be greatly appreciated. Thanks!

Regards,
Edmond Yeoh

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Sun Sep 26 11:09:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: small bug in install-Clam-SA
Message-ID: <mailman.2538.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Fixed now. The version number should of course have been 1.74 and not 1.71.

At 09:35 26/09/2004, you wrote:
>There is a small bug in install-Clam-SA
>
>Attempting to build and install Business-ISBN-1.71
>Unpacking perl-tar/Business-ISBN-1.71.tar.gz
>Missing file perl-tar/Business-ISBN-1.71.tar.gz . Are you in the right
>directory?
>
>Missing directory /tmp/Business-ISBN-1.71 .
>Maybe it did not build correctly?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Sun Sep 26 11:12:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2539.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:26 26/09/2004, you wrote:
>Hi everyone,
>
>I would like to ask if anyone have managed to load user-based spam
>rules from a mysql database.
>
>I have did the following in the configuration file, but it does not work.
>
>   user_scores_dsn                       DBI:mysql:spam:localhost
>   user_scores_sql_username        spam
>   user_scores_sql_password        pass
>   user_scores_sql_table               userpref
>
> >From my research so far, I found out that MailScanner's use of
>spamassassin does not use the spamc / spamd but calls the perl
>function library directly.
>
>Can anyone provide some hints on what can be done to load the user
>spam rules from a database? Any kind of help / comments would be
>greatly appreciated. Thanks!

When MailScanner is running on a message, there is no way for it to know
the final recipient address, as that is only determined by the MTA
immediately before it calls the local mail delivery agent (MDA). So
MailScanner wouldn't know what to look up.

There is code in CustomConfig.pm that will implement per-user white and
blacklists for you in MailScanner.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Jon.Beets at PACER.COM  Sun Sep 26 21:19:05 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2540.1137101220.24926.mailscanner@lists.mailscanner.info>

Hello...

I recently installed MailScanner 4.33 and SpamAssassin 3.0 on a Raq550

If I have "use spamassassin = no" in MailScanner.conf the maillog shows
spamd and MailScanner scanning messages but MailScanner is not calling
spamassassin. However if I set "use spamassassin yes" I see this constantly
in the maillog:

Sep 26 12:52:04 www MailScanner[3934]: MailScanner E-Mail Virus Scanner
version 4.33.3 starting...
Sep 26 12:52:04 www MailScanner[3934]: SpamAssassin installation could not
be found.

I do not understand what is causing this.. Both installs were upgrades from
older versions.

I also see that there is a /var/run/MailScanner.pid, shouldn't there also be
a /var/run/spamassassin.pid?

Jon Beets
Relative Linux Noob...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Sun Sep 26 21:30:25 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2541.1137101220.24926.mailscanner@lists.mailscanner.info>

> Hello...
>
> I recently installed MailScanner 4.33 and SpamAssassin 3.0 on a Raq550
>
> If I have "use spamassassin = no" in MailScanner.conf the
> maillog shows spamd and MailScanner scanning messages but
> MailScanner is not calling spamassassin. However if I set
> "use spamassassin yes" I see this constantly in the maillog:
>
> Sep 26 12:52:04 www MailScanner[3934]: MailScanner E-Mail
> Virus Scanner version 4.33.3 starting...
> Sep 26 12:52:04 www MailScanner[3934]: SpamAssassin
> installation could not be found.
>
> I do not understand what is causing this.. Both installs were
> upgrades from older versions.
>
> I also see that there is a /var/run/MailScanner.pid,
> shouldn't there also be a /var/run/spamassassin.pid?
>
> Jon Beets
> Relative Linux Noob...

MailScanner calls spamassassin's routines etc., directly so DO NOT start
spamd. If spamd is running you are doing something wrong.

I would recommend you read the manual:
http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf

Or get the book:
http://www.cafepress.com/mailscanner2,mailscanner.13170076

Michele


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jon.Beets at PACER.COM  Mon Sep 27 00:22:59 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2542.1137101220.24926.mailscanner@lists.mailscanner.info>

I stopped spamd from starting...

When I run MailScanner in debug mode this is the error I get:

SpamAssassin installation could not be found at
/usr/lib/MailScanner/MailScanner/SA.pm line 119

I looked at the location where the files should be and they are there.

Jon Beets

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Michele Neylon :: Blacknight Solutions
Sent: Sunday, September 26, 2004 3:30 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: SpamAssassin installation could not be found?

> Hello...
>
> I recently installed MailScanner 4.33 and SpamAssassin 3.0 on a Raq550
>
> If I have "use spamassassin = no" in MailScanner.conf the
> maillog shows spamd and MailScanner scanning messages but
> MailScanner is not calling spamassassin. However if I set
> "use spamassassin yes" I see this constantly in the maillog:
>
> Sep 26 12:52:04 www MailScanner[3934]: MailScanner E-Mail
> Virus Scanner version 4.33.3 starting...
> Sep 26 12:52:04 www MailScanner[3934]: SpamAssassin
> installation could not be found.
>
> I do not understand what is causing this.. Both installs were
> upgrades from older versions.
>
> I also see that there is a /var/run/MailScanner.pid,
> shouldn't there also be a /var/run/spamassassin.pid?
>
> Jon Beets
> Relative Linux Noob...

MailScanner calls spamassassin's routines etc., directly so DO NOT start
spamd. If spamd is running you are doing something wrong.

I would recommend you read the manual:
http://www.fsl.com/support/MailScanner-Manual-Version-1.0.1.pdf

Or get the book:
http://www.cafepress.com/mailscanner2,mailscanner.13170076

Michele


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 27 00:34:40 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2543.1137101220.24926.mailscanner@lists.mailscanner.info>

>
> I stopped spamd from starting...
>
> When I run MailScanner in debug mode this is the error I get:
>
> SpamAssassin installation could not be found at
> /usr/lib/MailScanner/MailScanner/SA.pm line 119
>
> I looked at the location where the files should be and they are there.

What is the output of:
MailScanner -v

How did you install Spam Assassin?

If you run:
spamassassin --lint
What do you get?

Michele

Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From xterm1 at TATORZ.COM  Mon Sep 27 01:14:11 2004
From: xterm1 at TATORZ.COM (xterm1)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2544.1137101220.24926.mailscanner@lists.mailscanner.info>

|-----Original Message-----
|From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
|Behalf Of Michele Neylon :: Blacknight Solutions
|Sent: Sunday, September 26, 2004 7:35 PM
|To: MAILSCANNER@JISCMAIL.AC.UK
|Subject: Re: SpamAssassin installation could not be found?
|
|
|>
|> I stopped spamd from starting...
|>
|> When I run MailScanner in debug mode this is the error I get:
|>
|> SpamAssassin installation could not be found at
|> /usr/lib/MailScanner/MailScanner/SA.pm line 119
|>
|> I looked at the location where the files should be and they are there.
|
How about the Perl Issue Found in the MAQ

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/241.html

Brian
http://www.Tatorz.com

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jmarc1 at jemconsult.biz  Mon Sep 27 01:45:35 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:27:00 2006
Subject: newbie help RE-POST
Message-ID: <mailman.2545.1137101220.24926.mailscanner@lists.mailscanner.info>

Sorry I never got any email responses before as there was a problem with my
subscription. If anyone replied to my original's could you forward them to the
list again so I might be able to get a look?

Thanks,

James

&quot;James Marcinek&quot; &lt;jmarc1@jemconsult.biz&gt; wrote:
> hello Everyone,
>
> I'm running Red Hat Enterprise Linux 3.0 with postfix and cyrus-imapd. I
decided
> to implement MailScanner/clamav and spamassassin. Everything seems to be
running
> and I've reviewed the FAQ's and configuration information. However I don't see
> any tags in my emails indicating that the mail has been checked by my server.
> I'm still getting spam though all the daemons are running. Can anyone help me
> out?
>
> james
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jon.Beets at PACER.COM  Mon Sep 27 02:16:40 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2546.1137101220.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: Sunday, September 26, 2004 6:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SpamAssassin installation could not be found?
>
> >
> > I stopped spamd from starting...
> >
> > When I run MailScanner in debug mode this is the error I get:
> >
> > SpamAssassin installation could not be found at
> > /usr/lib/MailScanner/MailScanner/SA.pm line 119
> >
> > I looked at the location where the files should be and they are there.
>
> What is the output of:
> MailScanner -v

Running on
Linux www.pacer.com 2.4.19C13_III #1 Tue Apr 13 20:41:16 PDT 2004 i586
unknown
This is Perl version 5.006000 (5.6.0)
This is MailScanner version 4.33.3
Module versions are:
1.13    Archive::Zip
1.119   Convert::BinHex
1.03    Fcntl
2.6     File::Basename
2.03    File::Copy
2.00    FileHandle
1.0403  File::Path
0.12    File::Temp
1.23    HTML::Entities
3.26    HTML::Parser
2.24    HTML::TokeParser
1.20    IO
1.08    IO::File
1.121   IO::Pipe
2.12    MIME::Base64
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.03    POSIX
1.72    Socket
0.01    Sys::Syslog
1.01    Time::localtime
Optional module versions are:
missing Mail::SpamAssassin
0.19    Net::LDAP
missing SAVI
missing Mail::ClamAV
0.12    Net::DNS

> How did you install Spam Assassin?

I tried CPAN, the tar an even the RPM. Same result on all of them

> If you run:
> spamassassin --lint
> What do you get?

I get no syntax errors when I run that

> Michele
>
> Mr Michele Neylon
> Blacknight Internet Solutions Ltd
> Hosting, co-location & domains
> http://www.blacknight.ie/
> Tel. +353 59 9137101
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jon.Beets at PACER.COM  Mon Sep 27 02:18:30 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2547.1137101220.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of xterm1
> Sent: Sunday, September 26, 2004 7:14 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SpamAssassin installation could not be found?
>
> |-----Original Message-----
> |From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> |Behalf Of Michele Neylon :: Blacknight Solutions
> |Sent: Sunday, September 26, 2004 7:35 PM
> |To: MAILSCANNER@JISCMAIL.AC.UK
> |Subject: Re: SpamAssassin installation could not be found?
> |
> |
> |>
> |> I stopped spamd from starting...
> |>
> |> When I run MailScanner in debug mode this is the error I get:
> |>
> |> SpamAssassin installation could not be found at
> |> /usr/lib/MailScanner/MailScanner/SA.pm line 119
> |>
> |> I looked at the location where the files should be and they are there.
> |
> How about the Perl Issue Found in the MAQ
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/241.html
>
> Brian
> http://www.Tatorz.com


I had originally checked that link and either that is not the problem or I
am copying the files to the wrong location.

Jon

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Mon Sep 27 04:59:58 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2548.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Sunday, September 26, 2004, at 06:16  PM, Jon Beets wrote:
> Running on
> Linux www.pacer.com 2.4.19C13_III #1 Tue Apr 13 20:41:16 PDT 2004 i586
> unknown
> This is Perl version 5.006000 (5.6.0)
> This is MailScanner version 4.33.3
>
SpamAssassin 3.0 requires perl 5.8.
The SpamAssassin 2.6 series was the last to support perl 5.6

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 27 06:15:35 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2549.1137101220.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list wrote:
> On Sunday, September 26, 2004, at 06:16  PM, Jon Beets wrote:
>> Running on
>> Linux www.pacer.com 2.4.19C13_III #1 Tue Apr 13 20:41:16 PDT 2004
>> i586 unknown This is Perl version 5.006000 (5.6.0) This is
>> MailScanner version 4.33.3
>>
> SpamAssassin 3.0 requires perl 5.8.
> The SpamAssassin 2.6 series was the last to support perl 5.6

Not entirely correct:
http://spamassassin.apache.org/full/3.0.x/dist/INSTALL
"Perl 5.6.1, and its associated modules, are required for SpamAssassin
3.0.0 and later."
http://issues.apache.org/eyebrowse/ReadMsg?listName=users@spamassassin.apach
e.org&msgNo=16203

Ie. Perl 5.6.1 is the minimum, not 5.8

On a RAQ you would be best advised to use SA 2.64 with spamcop URI
You *could* upgrade Perl, but you would run the risk of losing certain
Cobalt functionality (if the 550's internals are anything like the RAQ4's)

Michele


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Mon Sep 27 06:32:48 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:00 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2550.1137101220.24926.mailscanner@lists.mailscanner.info>

After a bit of Googling I found a howto for upgrading Perl on a RAQ550:
http://www.depopo.net/content/howto/cobalt-raq550-perl583.htm

Use at your own risk :) (all standard disclaimers apply)



Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Mon Sep 27 07:52:06 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:27:00 2006
Subject: my server getting email bombs, HELP!!!
Message-ID: <mailman.2551.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi all,

My server is getting bomb by tons of emails. So bad that it make the load
of my server to go up to 15. Sometimes even more than 20. I found out that
we are getting lots of mails where the from is empty and the subject vary
as below :

Warning: could not send message for past 8 hours
Returned mail: see transcript for details
Undeliverable: Get that L.oan youve always wanted Hoyt
Delivery Status Notification (Failure)

all are undelivered mails send back to us but in the first place, we did
not sent them out. Someone is masking as our domain and sending out spams.
Cause the mails that get delivered back is sent to email accounts that does
not exist. Mailscanner is able to filter them but not fast enough as the
mails comes in splitseconds.

Anyway I can filter this at MTA level? Or can i set sendmail to reject
mails that have "blank" from field?

Urgent as my server is dying......Thanks in advance.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at gmail.com  Mon Sep 27 10:45:37 2004
From: kfliong at gmail.com (kfliong)
Date: Thu Jan 12 21:27:00 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2552.1137101220.24926.mailscanner@lists.mailscanner.info>

Hi all,


My server is getting bomb by tons of emails. So bad that it make the
load of my server to go up to 15. Sometimes even more than 20. I found
out that we are getting lots of mails where the from is empty and the
subject vary as below :


Warning: could not send message for past 8 hours
Returned mail: see transcript for details
Undeliverable: Get that L.oan youve always wanted Hoyt
Delivery Status Notification (Failure)


all are undelivered mails send back to us but in the first place, we
did not sent them out. Someone is masking as our domain and sending
out spams. Cause the mails that get delivered back is sent to email
accounts that does not exist. Mailscanner is able to filter them but
not fast enough as the mails comes in splitseconds. I am having like
1000 mails in queues after 10 minutes of starting mailscanner.


Anyway I can filter this at MTA level? Or can i set sendmail to reject
mails that have "blank" from field?

I have tried setting catchall to /dev/null and still all the mails go
into queue first. Also tried deleting catchall and yet doesn't stop
those mails from coming in.

Please help....as my server is dying......Thanks in advance.

ps. I have to send to this list using my gmail account as my normal
mails is pretty useless now as the server is sort of email-dead.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Mon Sep 27 11:06:24 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:00 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2553.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> all are undelivered mails send back to us but in the first place, we
> did not sent them out. Someone is masking as our domain and sending
> out spams. Cause the mails that get delivered back is sent to email
> accounts that does not exist. Mailscanner is able to filter them but
> not fast enough as the mails comes in splitseconds. I am having like
> 1000 mails in queues after 10 minutes of starting mailscanner.
>
>
> Anyway I can filter this at MTA level? Or can i set sendmail to reject
> mails that have "blank" from field?

You can use RBL's to filter on MTA level, have a look at www.dsbl.org for
example.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at gmail.com  Mon Sep 27 11:09:17 2004
From: kfliong at gmail.com (kfliong)
Date: Thu Jan 12 21:27:00 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2554.1137101220.24926.mailscanner@lists.mailscanner.info>

I am already doing that but it didn't help. Cause the bounced back
servers are all random....and a lot of them are not in dsbl.

I am already using spamhaus and dsbl at MTA level.


On Mon, 27 Sep 2004 12:06:24 +0200 (CEST), Raymond Dijkxhoorn
<raymond@prolocation.net> wrote:
> Hi!
>
> > all are undelivered mails send back to us but in the first place, we
> > did not sent them out. Someone is masking as our domain and sending
> > out spams. Cause the mails that get delivered back is sent to email
> > accounts that does not exist. Mailscanner is able to filter them but
> > not fast enough as the mails comes in splitseconds. I am having like
> > 1000 mails in queues after 10 minutes of starting mailscanner.
> >
> >
> > Anyway I can filter this at MTA level? Or can i set sendmail to reject
> > mails that have "blank" from field?
>
> You can use RBL's to filter on MTA level, have a look at www.dsbl.org for
> example.
>
> Bye,
> Raymond.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 11:39:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:00 2006
Subject: New beta release 4.34.6
Message-ID: <mailman.2555.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released a new beta test version, 4.34.6.

Unless there are horrible things wrong with this release, it will form the
basis of the next stable release which will appear in a few days time at
the start of October.

Download as usual from www.mailscanner.info.

The Change log is currently this:

* New Features and Improvements *
- Added "Bounce Spam As Attachment" and "Bounce MCP As Attachment" options.
   These will cause the original message (up to the Max SpamAssassin Size so
   it cannot be used for denial-of-service attacks) to be included in the
   bounced message as an RFC/822 attachment, which some mail clients can read
   very nicely. This lets the original sender see what message got bounced.
- Updated the Qmail support. See opencomputing.sf.net for more info on Qmail.
- Changed default supplied values for a few settings. This will have no effect
   on upgraded installations, but will improve resource use for new
   installations, such as not quarantining silent viruses which is pretty
   much a waste of disk space and i/o load.
- Added POSIX back-compatibility switches to scripts wanting to use "tail".
- Added "Remove These Headers" setting to allow arbitrary headers, such as
   delivery receipt requests, to be removed from mail.
- Implemented MCP support for SpamAssassin 3.0.0.
- Published packages for RPM and non-RPM systems to install ClamAV and
   SpamAssassin 3.
- Adapted code to run with MIME-tools 5.412.
- Removed most of the MIME-tools version checks as the new code doesn't
   specify versions for its components.
- Added a load more optional modules to the version number list so we get
   all the modules required by SpamAssassin 3 and Mail::ClamAV.
- Added MIME-tools 5.413 and MIME-Base64 3.03. You must have these installed.
- Updated Catalan reports.
- Added support for NOD32 2.04.
- Added $longspamreport to sender.spam.sa report.
- Update Trend-autoupdate script so it supports Trend's new opr.ini file.
- Added 4 new MCP options to provide the same subject line modifications as
   you can do with spam messages: "MCP Modify Subject", "MCP Subject Text",
   "High Scoring MCP Modify Subject", "High Scoring MCP Subject Text".
   The defaults are the same as for spam.

* Fixes *
- Fixed another Postfix perl buffering error on a few OS's.
- Added remaining MCP definitions to languages.conf files.
- Fixed installation problems with MIME-Base64.
- Fixed bug in Exim.pm where case of MAIL sender wasn't properly preserved.
- Fixed problem causing bitdefender-autoupdate to hang.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 11:39:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: New beta release 4.34.6
Message-ID: <mailman.2556.1137101220.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have just released a new beta test version, 4.34.6.

Unless there are horrible things wrong with this release, it will form the
basis of the next stable release which will appear in a few days time at
the start of October.

Download as usual from www.mailscanner.info.

The Change log is currently this:

* New Features and Improvements *
- Added "Bounce Spam As Attachment" and "Bounce MCP As Attachment" options.
   These will cause the original message (up to the Max SpamAssassin Size so
   it cannot be used for denial-of-service attacks) to be included in the
   bounced message as an RFC/822 attachment, which some mail clients can read
   very nicely. This lets the original sender see what message got bounced.
- Updated the Qmail support. See opencomputing.sf.net for more info on Qmail.
- Changed default supplied values for a few settings. This will have no effect
   on upgraded installations, but will improve resource use for new
   installations, such as not quarantining silent viruses which is pretty
   much a waste of disk space and i/o load.
- Added POSIX back-compatibility switches to scripts wanting to use "tail".
- Added "Remove These Headers" setting to allow arbitrary headers, such as
   delivery receipt requests, to be removed from mail.
- Implemented MCP support for SpamAssassin 3.0.0.
- Published packages for RPM and non-RPM systems to install ClamAV and
   SpamAssassin 3.
- Adapted code to run with MIME-tools 5.412.
- Removed most of the MIME-tools version checks as the new code doesn't
   specify versions for its components.
- Added a load more optional modules to the version number list so we get
   all the modules required by SpamAssassin 3 and Mail::ClamAV.
- Added MIME-tools 5.413 and MIME-Base64 3.03. You must have these installed.
- Updated Catalan reports.
- Added support for NOD32 2.04.
- Added $longspamreport to sender.spam.sa report.
- Update Trend-autoupdate script so it supports Trend's new opr.ini file.
- Added 4 new MCP options to provide the same subject line modifications as
   you can do with spam messages: "MCP Modify Subject", "MCP Subject Text",
   "High Scoring MCP Modify Subject", "High Scoring MCP Subject Text".
   The defaults are the same as for spam.

* Fixes *
- Fixed another Postfix perl buffering error on a few OS's.
- Added remaining MCP definitions to languages.conf files.
- Fixed installation problems with MIME-Base64.
- Fixed bug in Exim.pm where case of MAIL sender wasn't properly preserved.
- Fixed problem causing bitdefender-autoupdate to hang.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kfliong at gmail.com  Mon Sep 27 11:56:44 2004
From: kfliong at gmail.com (kfliong)
Date: Thu Jan 12 21:27:01 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2557.1137101221.24926.mailscanner@lists.mailscanner.info>

On Mon, 27 Sep 2004 11:42:04 +0100, Kevin Spicer <kevins@bmrb.co.uk> wrote:
> On Mon, 2004-09-27 at 10:45, kfliong wrote:
> > Hi all,
> >
> >
> > My server is getting bomb by tons of emails. So bad that it make the
> > load of my server to go up to 15. Sometimes even more than 20. I found
> > out that we are getting lots of mails where the from is empty and the
> > subject vary as below :
>
> Are they directed to the same user at your domain (often joe jobs are),
> does that user really exist?  If not you can just discard all mail to
> that user.  If they are being sent to a number of users that don't
> really exist then you need to use a technique to only accept valid mail.

they are directed to random generated username. Definitely not from
within my server but if it is, i have no way of check as the mail i
received cannot be traced the sender. IP is from random servers.

Yes, i want the technique to only accept valid mails without going
through Mailscanner as what is happening now and what i have already
tried.

>
> Are you certain that none of the spam is originating from within your
> domain?  I've been joe-jobbed a couple of times and never had that sort
> of volume of mail.  Maybe I've just been lucky (relatively speaking).

nope...not from my own domain.

> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Mon Sep 27 12:09:06 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:01 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2558.1137101221.24926.mailscanner@lists.mailscanner.info>

Sorry, meant to send this to the list...

On Mon, 2004-09-27 at 12:08, Kevin Spicer wrote:
> On Mon, 2004-09-27 at 11:56, kfliong wrote:
>
> > Yes, i want the technique to only accept valid mails without going
> > through Mailscanner as what is happening now and what i have already
> > tried.
> >
>
> The you need to take a look in the FAQ...
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html
>




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Mon Sep 27 12:13:44 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:27:01 2006
Subject: format error: bad signature
Message-ID: <mailman.2559.1137101221.24926.mailscanner@lists.mailscanner.info>

Hi,

I have a message that generates defunt MailScanner processes. Running
MailScanner in debug mode I get lots of:

|format error: bad signature: 0x6c650920 at offset 42048 in file /var/spool/MailScanner/incoming/30783/i8GIKPJ32292/week3.zip at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 417

And MailScanner seems to be looping in this.

I'm running MailScanner 4.31.6 on a SuSE system (kernel 2.4.21-190-smp).

I haven't found anything in the archives and the MAQ is at the moment
not accessible (from my place).

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Mon Sep 27 12:30:50 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:01 2006
Subject: Cannot get SURBL working
Message-ID: <mailman.2560.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I am trying to get SURBL working on one box running MS 4.34.4 and SA 3.00

All the perl modules are installed and the test run of SpamAss shows that
URI is working but... spam mails are not rated / marked for hits on URI
tests however.

Any ideas what the cause for this could be?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Q.G.Campbell at NEWCASTLE.AC.UK  Mon Sep 27 12:59:33 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:01 2006
Subject: More feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2561.1137101221.24926.mailscanner@lists.mailscanner.info>

Julian

The machine on which I am running MailScanner-4.34.4-1BETA is having
problems afterall.

Very large queues are building up in mqueue.in.

The Sendmail log indicates that messages are being processed (*) but
they are not being removed from mqueue.in!

(*) SpamAssassin is timing out and being killed. I am using "bigevil.cf"
on this machine rather than SURBL but did not experience this problem to
the same extent prior to 4.34.4-1.

Quentin 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Mon Sep 27 13:08:09 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:01 2006
Subject: More feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2562.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> (*) SpamAssassin is timing out and being killed. I am using "bigevil.cf"
> on this machine rather than SURBL but did not experience this problem to
> the same extent prior to 4.34.4-1.

Please DO NOT USE bigevil anymore, its a timebomb, and curently you are
running into that i think. Unload it, and start using SURBL.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Mon Sep 27 13:26:48 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:01 2006
Subject: New beta release 4.34.6
Message-ID: <mailman.2563.1137101221.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Monday, September 27, 2004 5:39 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: New beta release 4.34.6
>
>
> I have just released a new beta test version, 4.34.6.
>
> Unless there are horrible things wrong with this release, it will form the
> basis of the next stable release which will appear in a few days time at
> the start of October.
>

<snip>

Something else I noticed other than the MIME-Base64 version 3.05 thing:
MailTools is currently at version 1.64 and you still distribute version
1.50. Does this mean your patches are not incorporated into the latest
MailTools version and it's still considered unsafe?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel-ml at IRC-ADDICTS.DE  Mon Sep 27 13:34:26 2004
From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:27:01 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2564.1137101221.24926.mailscanner@lists.mailscanner.info>

Hi there,

as i read, i am not the only one with a killed maschine via bdc --update.

Now, after uncommenting the bdc line in virus.conf and rebooting the
maschine it seems to work fine.

Now my questions:

Did your load also raise to the level 28 and up?
Did the uncommenting work on your maschine?
Do you think ,the problem is solved by now?

Because, after stating the bdc --update command on the shell, i got an
response, but it seems, that, if i do use the bdc-wrapper, it got stuck
again. So i had to uncomment the line again.

Any ideas?

Should i start the bdc --update as cronjob every day by now?

How do you handle this problem?

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 13:37:28 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: format error: bad signature
Message-ID: <mailman.2565.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Can you send me a copy of the message please. Preferably a http link so it
doesn't get scanned by my systems.

At 12:13 27/09/2004, you wrote:
>Hi,
>
>I have a message that generates defunt MailScanner processes. Running
>MailScanner in debug mode I get lots of:
>
>|format error: bad signature: 0x6c650920 at offset 42048 in file
>/var/spool/MailScanner/incoming/30783/i8GIKPJ32292/week3.zip at
>/usr/lib/MailScanner/MailScanner/MessageBatch.pm line 417
>
>And MailScanner seems to be looping in this.
>
>I'm running MailScanner 4.31.6 on a SuSE system (kernel 2.4.21-190-smp).
>
>I haven't found anything in the archives and the MAQ is at the moment
>not accessible (from my place).
>
>--
>Peter Peters, senior netwerkbeheerder
>Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>Universiteit Twente,  Postbus 217,  7500 AE  Enschede
>telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 13:38:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: More feedback on MailScanner-4.34.4-1BETA
Message-ID: <mailman.2566.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:08 27/09/2004, you wrote:
>Hi!
>
>>(*) SpamAssassin is timing out and being killed. I am using "bigevil.cf"
>>on this machine rather than SURBL but did not experience this problem to
>>the same extent prior to 4.34.4-1.
>
>Please DO NOT USE bigevil anymore, its a timebomb, and curently you are
>running into that i think. Unload it, and start using SURBL.

I would also advise you to upgrade to SpamAssassin 3. It includes all the
SURBL stuff by default, as well as some of the other cf lists. It's faster
too.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELKNET.NET  Mon Sep 27 13:59:07 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:27:01 2006
Subject: MS killing CPU
Message-ID: <mailman.2567.1137101221.24926.mailscanner@lists.mailscanner.info>

On Fri, 24 Sep 2004 08:37:16 +1200, Hendrik den Hartog <hden@KCBBS.GEN.NZ>
wrote:

We have had exactly the same symptoms on our MS server. When it finally
'sprung' back to life, the Vispan graphs showed the server at a load level
of way up high in the double digits for anywhere from 1 to 3 hours,
reflecting the time the server was unavailable.

To me, that high of a load indicated that some resource was so unavailable,
that no processes could run. I figured the most likely suspect was the
drives, as I could not see all my ram being suddenly tied up, yet with
nothing being processed.

My system was using an IDE drive for the OS, and a SCSI drive for queue and
for logs. I had the Adaptec SCSI card set for 160MB data rate. I backed it
off to 80 (the next step down), and this problem went away. It appears that
I was getting data errors on the SCSI drive that on occasion caused the
drive to become unavailable, driving system load way up and the server to
become unresponsive.

On a side note, a couple of times I tried to intervene when the server did
this, rather than waiting for it to spring back to life. When I did so, upon
reboot, the boot process would get stuck on 'Recovering Journal' on the SCSI
drive partitions (reiserfs), again lending support to the problem being
related to the SCSI drive. The boot process would just hand on recovering
journal and go no further. So finally I tried something out of the blue...
this is a smp server, and when I built the kernel, I also built a single
processor kernel. When I tried the single processor kernel, the boot went
fine and got right past the hang spot when rcovering the journal. Then I
rebooted as smp, and all was fine. We have repeated this process at least
three times (boot on single processor, then reboot to smp to get past
journal hang) before we tried backing down the SCSI data rate and fixed it
for good.

-Alan
>Recently our MS machine has been grinding to a halt. You can't
>'get' to it, won't respond to pings etc. These periods have lasted
>several hours. In the past,it has eventually been 'springing' back
>to life of its own accord, allowing me to get a quick look. TOP
>showed occassionally a MS child hogging 100% CPU. Also we've had
>some SA timeouts recently.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Mon Sep 27 14:00:41 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:01 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2568.1137101221.24926.mailscanner@lists.mailscanner.info>

Taking out line 190 and 253 out of bitdefender-autoupdate fixed it for me, but I only implemeted that 24 hours ago, so we'll see.  Using MS 4.33.3.

Matt

>>> marcel-ml@IRC-ADDICTS.DE 09/27/04 07:34AM >>>
Hi there,

as i read, i am not the only one with a killed maschine via bdc --update.

Now, after uncommenting the bdc line in virus.conf and rebooting the
maschine it seems to work fine.

Now my questions:

Did your load also raise to the level 28 and up?
Did the uncommenting work on your maschine?
Do you think ,the problem is solved by now?

Because, after stating the bdc --update command on the shell, i got an
response, but it seems, that, if i do use the bdc-wrapper, it got stuck
again. So i had to uncomment the line again.

Any ideas?

Should i start the bdc --update as cronjob every day by now?

How do you handle this problem?

Greetings

Marcel




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at gmail.com  Mon Sep 27 14:06:39 2004
From: kfliong at gmail.com (kfliong)
Date: Thu Jan 12 21:27:01 2006
Subject: Urgent help needed...please!!
Message-ID: <mailman.2569.1137101221.24926.mailscanner@lists.mailscanner.info>

ahh...you forgot to end to for command with done. Hehe...found and
added done at bottom and the script starts but here is what i get :

H??From: MAILER-DAEMON@xi.pair.com
./test: qfi8RLaVJ11884: command not found
H??From: MAILER-DAEMON@104.elkenserver.net
./test: qfi8RLavJ12068: command not found
H??From: MAILER-DAEMON@xi.pair.com
./test: qfi8RLaWJ11888: command not found
H??From: MAILER-DAEMON@xi.pair.com
./test: qfi8RLaWJ11889: command not found
H??From: MAILER-DAEMON@xi.pair.com
./test: qfi8RLaWJ11890: command not found
H??From: MAILER-DAEMON@europa.valvcon.com (Mail Delivery System)
./test: qfi8RLb0J12085: command not found
H??From: MAILER-DAEMON@iocc.com (Mail Delivery System)

I wonder what that command not found means....


On Mon, 27 Sep 2004 14:42:35 +0200, Dalimil Gala <konve@logout.cz> wrote:
> I don't know the "proper" solution but you can try to delete the mails
> directly from mail queue like (you need to grep for more patterns than
> just From: MAILER-DAEMON of course).
>
>   netwoR
>
> #!/bin/bash
>
> cd /var/spool/mqueue.in
>
> for email_header in q* ; do
> #echo "Processing $email_header"
>     if cat $email_header | grep -e 'H\?\?From\: MAILER-DAEMON' ; then
>         email_body=`echo $email_header | sed -e 's/^q/d/'`
> #        echo "$email_header"
>         rm $email_header
>         rm $email_body
>         $email_header = ""
>     fi
>
>  done
>
>
>
> kfliong wrote:
>
> >On Mon, 27 Sep 2004 11:42:04 +0100, Kevin Spicer <kevins@bmrb.co.uk> wrote:
> >
> >
> >>On Mon, 2004-09-27 at 10:45, kfliong wrote:
> >>
> >>
> >>>Hi all,
> >>>
> >>>
> >>>My server is getting bomb by tons of emails. So bad that it make the
> >>>load of my server to go up to 15. Sometimes even more than 20. I found
> >>>out that we are getting lots of mails where the from is empty and the
> >>>subject vary as below :
> >>>
> >>>
> >>Are they directed to the same user at your domain (often joe jobs are),
> >>does that user really exist?  If not you can just discard all mail to
> >>that user.  If they are being sent to a number of users that don't
> >>really exist then you need to use a technique to only accept valid mail.
> >>
> >>
> >
> >they are directed to random generated username. Definitely not from
> >within my server but if it is, i have no way of check as the mail i
> >received cannot be traced the sender. IP is from random servers.
> >
> >Yes, i want the technique to only accept valid mails without going
> >through Mailscanner as what is happening now and what i have already
> >tried.
> >
> >
> >
> >>Are you certain that none of the spam is originating from within your
> >>domain?  I've been joe-jobbed a couple of times and never had that sort
> >>of volume of mail.  Maybe I've just been lucky (relatively speaking).
> >>
> >>
> >
> >nope...not from my own domain.
> >
> >
> >
> >
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Mon Sep 27 14:22:05 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:27:01 2006
Subject: Damm mortage and software spam
Message-ID: <mailman.2570.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I am a looser!

I had the wrong path for mail assassin in my rules_du_jour script...

Sorry for being an idiot!

Rob....



----- Original Message -----
From: "Rob" <rob@THEHOSTMASTERS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 10:39 AM
Subject: Re: Damm mortage and software spam


> Oooo... and what should i be looking for...
>
>
> debug: Score set 0 chosen.
> debug: running in taint mode? yes
> debug: Running in taint mode, removing unsafe env vars, and resetting PATH
> debug: PATH included '/usr/local/bin', keeping.
> debug: PATH included '/bin', keeping.
> debug: PATH included '/usr/bin', keeping.
> debug: PATH included '/usr/X11R6/bin', keeping.
> debug: PATH included '/home/rob/bin', which doesn't exist, dropping.
> debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
> debug: ignore: using a test message to lint rules
> debug: using "/usr/share/spamassassin" for default rules dir
> debug: using "/etc/mail/spamassassin" for site rules dir
> debug: using "/root/.spamassassin" for user state dir
> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs
> file
> debug: bayes: 31157 tie-ing to DB file R/O
> /var/spool/spamassassin/bayes_toks
> debug: bayes: 31157 tie-ing to DB file R/O
> /var/spool/spamassassin/bayes_seen
> debug: bayes: found bayes db version 2
> debug: Score set 3 chosen.
> debug: Initialising learner
> debug: is Net::DNS::Resolver available? yes
> debug: trying (3) yahoo.de...
> debug: looking up MX for 'yahoo.de'
> debug: MX for 'yahoo.de' exists? 1
> debug: MX lookup of yahoo.de succeeded => Dns available (set dns_available
> to hardcode)
> debug: is DNS available? 1
> debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
> debug: running header regexp tests; score so far=0
> debug: running body-text per-line regexp tests; score so far=2.077
> debug: bayes corpus size: nspam = 158159, nham = 15177
> debug: uri tests: Done uriRE
> debug: tokenize: header tokens for *F = "U*ignore
> D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org
> D*org"
> debug: tokenize: header tokens for *m = " 1095777705 lint_rules "
> debug: cannot use bayes on this message; db not initialised yet
> debug: bayes: not scoring message, returning 0.5
> debug: bayes: 31157 untie-ing
> debug: bayes: 31157 untie-ing db_toks
> debug: bayes: 31157 untie-ing db_seen
> debug: Razor2 is not available
> debug: running raw-body-text per-line regexp tests; score so far=2.077
> debug: running uri tests; score so far=2.077
> debug: uri tests: Done uriRE
> debug: running full-text regexp tests; score so far=2.077
> debug: Razor2 is not available
> debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
> debug: Pyzor is not available: pyzor not found
> debug: DCCifd is not available: no r/w dccifd socket found.
> debug: DCC is not available: no executable dccproc found.
> debug: all '*To' addrs:
> debug: RBL: success for 1 of 1 queries
> debug: running meta tests; score so far=2.077
> debug: is spam? score=2.577 required=5
> tests=DATE_MISSING,FM_NO_TO,NO_REAL_NAME
>
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Richard Brown" <mynamewasgone@gmail.com>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, September 21, 2004 9:36 AM
> Subject: Re: Damm mortage and software spam
>
>
>> On Tue, 21 Sep 2004 09:21:49 -0400, Rob <rob@thehostmasters.com> wrote:
>>> is there anything I can do to check and make sure it is working
>>> correctly?
>>
>> Read the output of this:
>>
>> spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf
>>
>> changing the argument to -p to wherever you keep your
>> spam.assassin.prefs.conf
>>
>> Regards,
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From isp-list at TULSACONNECT.COM  Mon Sep 27 14:24:35 2004
From: isp-list at TULSACONNECT.COM (Mike Bacher)
Date: Thu Jan 12 21:27:01 2006
Subject: Cannot get SURBL working
Message-ID: <mailman.2571.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Remco Barendse wrote:
> I am trying to get SURBL working on one box running MS 4.34.4 and SA 3.00
>
> All the perl modules are installed and the test run of SpamAss shows that
> URI is working but... spam mails are not rated / marked for hits on URI
> tests however.
>
> Any ideas what the cause for this could be?

1. Make sure you have the Net::DNS Perl module installed (SA requires
this to do any sort of SURBL lookup)

2. Make sure in your spam.assassin.prefs.conf that you have:

skip_rbl_checks 0

and some sufficiently high scores:

# use URIBL support
score URIBL_SBL 4.0
score URIBL_SC_SURBL    4.0
score URIBL_WS_SURBL    4.0
score URIBL_PH_SURBL    4.0
score URIBL_OB_SURBL    4.0
score URIBL_AB_SURBL    4.0

--

-----------------------------------------
Mike Bacher / isp-list@tulsaconnect.com
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Mon Sep 27 14:28:05 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:01 2006
Subject: Cannot get SURBL working
Message-ID: <mailman.2572.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>> I am trying to get SURBL working on one box running MS 4.34.4 and SA 3.00
>>
>> All the perl modules are installed and the test run of SpamAss shows that
>> URI is working but... spam mails are not rated / marked for hits on URI
>> tests however.
>>
>> Any ideas what the cause for this could be?
>
> 1. Make sure you have the Net::DNS Perl module installed (SA requires
> this to do any sort of SURBL lookup)
>
> 2. Make sure in your spam.assassin.prefs.conf that you have:
>
> skip_rbl_checks 0
>
> and some sufficiently high scores:
>
> # use URIBL support
> score URIBL_SBL 4.0

Since he's talking about SA3 no scores need to be added, they are scored
by default.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jmarc1 at jemconsult.biz  Mon Sep 27 14:31:27 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:27:01 2006
Subject: configured but doesn't appear to be working
Message-ID: <mailman.2573.1137101221.24926.mailscanner@lists.mailscanner.info>

Let's try this again...

I just decided to implement virus and spam filtering on my Red Hat Enterprise
3.0 system. I had been running Sendmail but switched to postfix and cyrus-imapd.
the spamassassin package had been installed but was never configured to run with
any mail service.

I installed MailScanner and configured it to run with postfix. It is starting
and stopping the daemons. I also configured spamassassin to work with
MailScanner; however I did not add any additional configuration to the master.cf
file of postfix. Should I still do this?

I'm also running clamav and it too is running.

I can't see any difference in any of my mail headers indicating that my system
has checked it? All the daemons are running but nothings happenning? I still get
spam, etc...

Can anyone point me where to start investigating. I believe all of the correct
paths have been set.

Thanks,

james

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rob at THEHOSTMASTERS.COM  Mon Sep 27 14:33:31 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:27:01 2006
Subject: Any reason to update mailscanner and or SA?
Message-ID: <mailman.2574.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello all....</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Since MS seems to move along so quickly with 
respect to updates and also SA...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I am using...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>MailScanner-4.28</FONT></DIV>
<DIV><FONT face=Arial size=2>Mail-SpamAssassin-2.63</FONT></DIV><FONT face=Arial 
size=2>
<DIV>&nbsp;</DIV>
<DIV>With the Rules_du_jour script. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Is there any reason I should upgrade to the newer versions of both MS and 
SA?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Everything runs fine and I get most spam and all viruses..</DIV>
<DIV>&nbsp;</DIV>
<DIV>I normally&nbsp;update&nbsp; on my server as on a need be or security 
issues, as I have many to maintain.....</DIV>
<DIV>&nbsp;</DIV>
<DIV>I was figured I would wait till MS 4.34.4 to be stable.... And what about 
SA is 3.0 worth the upgrade?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Any suggestions?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks</DIV>
<DIV><BR>Rob....</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ugob at CAMO-ROUTE.COM  Mon Sep 27 14:47:01 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:27:01 2006
Subject: configured but doesn't appear to be working
Message-ID: <mailman.2575.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James Marcinek wrote:
> Let's try this again...
>
> I just decided to implement virus and spam filtering on my Red Hat Enterprise
> 3.0 system. I had been running Sendmail but switched to postfix and cyrus-imapd.
> the spamassassin package had been installed but was never configured to run with
> any mail service.
>
> I installed MailScanner and configured it to run with postfix. It is starting
> and stopping the daemons. I also configured spamassassin to work with
> MailScanner; however I did not add any additional configuration to the master.cf
> file of postfix. Should I still do this?
>
> I'm also running clamav and it too is running.

It doesn't neet to run (clamd).

>
> I can't see any difference in any of my mail headers indicating that my system
> has checked it? All the daemons are running but nothings happenning? I still get
> spam, etc...
>
> Can anyone point me where to start investigating. I believe all of the correct
> paths have been set.

What is the doc you've followed?

>
> Thanks,
>
> james
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELKNET.NET  Mon Sep 27 14:47:47 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:27:01 2006
Subject: Parser.pm error since upgrade to SA 3
Message-ID: <mailman.2576.1137101221.24926.mailscanner@lists.mailscanner.info>

Since upgrading to SA3, when I run 'spamassassin -D --lint' I now see this
error:

Argument "no" isn't numeric in addition (+) at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf/Parser.pm line 572.

I can't find any info in the news groups, the SA wiki, or these forums.
ANyone have an idea? It does not seem to impact SA's functioning.

Thanks,
-Alan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dh at UPTIME.AT  Mon Sep 27 14:48:01 2004
From: dh at UPTIME.AT (David HXXhn)
Date: Thu Jan 12 21:27:01 2006
Subject: configured but doesn't appear to be working
Message-ID: <mailman.2577.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

James Marcinek wrote:
| Let's try this again...
|
| I just decided to implement virus and spam filtering on my Red Hat
Enterprise
| 3.0 system. I had been running Sendmail but switched to postfix and
cyrus-imapd.
| the spamassassin package had been installed but was never configured
to run with
| any mail service.
|
| I installed MailScanner and configured it to run with postfix.
<snip>

Bad idea. Sendmail and Exim are the prefered choices of the high speed
craving MailScanner junkies :)

Not to mention that there is no valid reason to dump sendmail for
postfix (grins, can you tell what MTA I love ? :) )

- -d

- --
nee anata wo mitsukete soshite nidoto wasurezu
~      donna ni munega itakutemo soba ni iru no
~                         zutto...zutto...zutto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBWBoRPMoaMn4kKR4RA0gRAJ0UN/udbBWpp9SfPKvOlWcdPZusngCgibi9
3tMJKcrjkGt0hzJUXfUXQpU=
=UbHp
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mk at QUADSTONE.COM  Mon Sep 27 14:59:27 2004
From: mk at QUADSTONE.COM (Michael Keightley)
Date: Thu Jan 12 21:27:01 2006
Subject: rbl checks
Message-ID: <mailman.2578.1137101221.24926.mailscanner@lists.mailscanner.info>

If I set "skip_rbl_check 0" in my spam.assassin.prefs.conf,
should the "Spam List" variable be empty in MailScanner.conf ?


--
Michael Keightley <Michael.Keightley@quadstone.com>    Tel: +44 131 240 3137
Systems Manager, Quadstone Limited,                    Fax: +44 131 220 4492
16 Chester Street, Edinburgh EH3 7RA, Scotland         http://www.quadstone.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcin.rozek at IOS.EDU.PL  Mon Sep 27 15:10:58 2004
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:27:01 2006
Subject: configured but doesn't appear to be working
Message-ID: <mailman.2579.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
James Marcinek wrote:
> I installed MailScanner and configured it to run with postfix. It is starting
> and stopping the daemons. I also configured spamassassin to work with
> MailScanner; however I did not add any additional configuration to the master.cf
> file of postfix. Should I still do this?
did you check this?
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml

edit MailScanner.conf and set
Debug = yes
and then restart MS.

Regards,
Marcin

ps. could MailScanner-mailing-list set header reply-to to
MAILSCANNER@JISCMAIL.AC.UK? ;)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Mon Sep 27 15:16:59 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:01 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2580.1137101221.24926.mailscanner@lists.mailscanner.info>

On Mon, 2004-09-27 at 13:34, Marcel Blenkers wrote:
> Because, after stating the bdc --update command on the shell, i got an
> response, but it seems, that, if i do use the bdc-wrapper, it got stuck
> again. So i had to uncomment the line again.

Don't comment out the bdc --update line in the script.  There was not
any issue with bdc --update, the problem was with the two calls to bdc
-vlist in the wrapper script.  Commenting those two lines out will solve
your problem (although the logging of updates may not indicate whether
an update actaully happened now).

I've not yet heard anything from bitdefender support and it would appear
that bdc --vlist is still broken.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From nathan at TCPNETWORKS.NET  Mon Sep 27 15:21:58 2004
From: nathan at TCPNETWORKS.NET (Nathan Johanson)
Date: Thu Jan 12 21:27:01 2006
Subject: Any reason to update mailscanner and or SA?
Message-ID: <mailman.2581.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<BLOCKQUOTE 
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
  <DIV><FONT face=Arial size=2>I am using...</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>MailScanner-4.28</FONT></DIV>
  <DIV><FONT face=Arial size=2>Mail-SpamAssassin-2.63</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>With the Rules_du_jour script. </FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Is there any reason I should upgrade to the newer 
  versions of both MS and SA?</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>Everything runs fine and I get most spam and all 
  viruses..</FONT></DIV>
  <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial size=2>I normally&nbsp;update&nbsp; on my server as on a 
  need be or security issues, as I have many to maintain.....</FONT></DIV>
  <DIV><FONT face=Arial><FONT size=2><FONT color=#0000ff><SPAN 
  class=981042014-27092004></SPAN></FONT></FONT></FONT>&nbsp;</DIV>
  <DIV><FONT face=Arial><FONT size=2><FONT color=#0000ff><SPAN 
  class=981042014-27092004>At&nbsp;the very least, I would upgrade to SA 2.64 as 
  there was a security fix in that version. 
</SPAN></FONT></FONT></FONT></DIV></BLOCKQUOTE></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From chris.jones at ATMOSENERGY.COM  Mon Sep 27 15:32:51 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:01 2006
Subject: SpamAssassin SQL User Preferences
Message-ID: <mailman.2582.1137101221.24926.mailscanner@lists.mailscanner.info>

What version are you running? I am running mailscanner-4.33.3-1. Could
this release be the problem? 

FYI--

I am seeing the same thing. It looks like MailScanner does not utilize
SpamAssassin's sql userprefs lookup.


Here is the log from spamassassin using sql to get user Prefs ( ie spamd
-D -q ). This will correctly identify the sender as a spammer.

# echo -e "From:spamsender@aol.com\nTo:user\Subject: Test\n\n" | spamc
-u '$GLOBAL'
Received: from localhost by u22.atmosenergy.com
        with SpamAssassin (version 3.0.0);
        Mon, 27 Sep 2004 09:20:29 -0500
From: spamsender@aol.com
To: user\Subject: Test
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
        u22.atmosenergy.com
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=101.2 required=5.0
tests=ALL_TRUSTED,MISSING_DATE,
        MISSING_SUBJECT,NO_REAL_NAME,TO_MALFORMED,USER_IN_BLACKLIST
        autolearn=no version=3.0.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_415821AD.24225098"

This is a multi-part message in MIME format.

This is the log from the MailScanner. It does not appear to be using the
SQL to get userprefs.

# maillog
Sep 27 09:18:03 u22 MailScanner[4790]: Spam Checks: Starting
Sep 27 09:18:03 u22 MailScanner[4790]: Spam Checks completed at 851
bytes per second
Sep 27 09:18:03 u22 MailScanner[4790]: Virus and Content Scanning:
Starting
Sep 27 09:18:04 u22 MailScanner[4790]: Content Checks: Need to convert
HTML to plain text in 1 messages
Sep 27 09:18:04 u22 MailScanner[4790]: Virus Scanning completed at 851
bytes per second
Sep 27 09:18:04 u22 MailScanner[4790]: Uninfected: Delivered 1 messages
Sep 27 09:18:04 u22 MailScanner[4790]: Virus Processing completed at 851
bytes per second
Sep 27 09:18:04 u22 MailScanner[4790]: Disinfection completed at 851
bytes per second
Sep 27 09:18:04 u22 MailScanner[4790]: Batch completed at 851 bytes per
second (851 / 1)
Sep 27 09:18:04 u22 sendmail[4805]: i8REHxmB004791:
to=chris.jones@atmosenergy.com, delay=00:00:05, xdelay=00:00:00,
mailer=relay, pri=120347, relay=mail.atmosenergy.com. [0.0.0.0],
dsn=2.0.0, stat=Sent (i8RED2k0027140 Message accepted for delivery)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Edmond Yeoh
Sent: Sunday, September 26, 2004 4:54 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: SpamAssassin SQL User Preferences


Hi everyone,

I am re-sending this email as my initial email was rejected by the list
server. My apologies if you are getting 2 copies of this email.

I would like to ask if anyone have managed to load user-based spam rules
from a mysql database.

I have did the following in the configuration file, but it does not
work.

 user_scores_dsn                       DBI:mysql:spam:localhost
 user_scores_sql_username        spam
 user_scores_sql_password        pass
 user_scores_sql_table               userpref

>From my research so far, I found out that MailScanner's use of
spamassassin does not use the spamc / spamd but calls the perl function
library directly. Is there a way I can do this without running spamc or
spamd ? What is the best way to workaround this issue?

Any kind of help / comments would be greatly appreciated. Thanks!

Regards,
Edmond Yeoh

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jmarc1 at jemconsult.biz  Mon Sep 27 15:37:13 2004
From: jmarc1 at jemconsult.biz (James Marcinek)
Date: Thu Jan 12 21:27:01 2006
Subject: configured but doesn't appear to be working
Message-ID: <mailman.2583.1137101221.24926.mailscanner@lists.mailscanner.info>

These are the docs I followed;however I had missed the step in regards to
running a chrooted environment. I have postfix configured using LMTP which does
not allow a chrooted environment as it is not needed. Can the MailScanner be
configured using this or do I have to reconfigure my postfix?

MailScanner mailing list &lt;MAILSCANNER@JISCMAIL.AC.UK&gt; wrote:
> James Marcinek wrote:
> > I installed MailScanner and configured it to run with postfix. It is
starting
> > and stopping the daemons. I also configured spamassassin to work with
> > MailScanner; however I did not add any additional configuration to the
master.cf
> > file of postfix. Should I still do this?
> did you check this?
> http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
>
> edit MailScanner.conf and set
> Debug = yes
> and then restart MS.
>
> Regards,
> Marcin
>
> ps. could MailScanner-mailing-list set header reply-to to
> MAILSCANNER@JISCMAIL.AC.UK? ;)
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From p.g.m.peters at utwente.nl  Mon Sep 27 15:44:24 2004
From: p.g.m.peters at utwente.nl (Peter Peters)
Date: Thu Jan 12 21:27:01 2006
Subject: rbl checks
Message-ID: <mailman.2584.1137101221.24926.mailscanner@lists.mailscanner.info>

On Mon, 27 Sep 2004 14:59:27 +0100, you wrote:

>If I set "skip_rbl_check 0" in my spam.assassin.prefs.conf,
>should the "Spam List" variable be empty in MailScanner.conf ?

Those are independent. You can have SA perform its checks and you can
use MS to test rbl's not used by SA and have them generate extra tags.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brendan.codykenny at REALEXPAYMENTS.COM  Mon Sep 27 16:13:02 2004
From: brendan.codykenny at REALEXPAYMENTS.COM (Brendan Cody-Kenny)
Date: Thu Jan 12 21:27:01 2006
Subject: Spam Score = 0
Message-ID: <mailman.2585.1137101221.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all,
I have a problem that has been bugging me for a while regarding the use
of mailscanner with spamassassin. I am new to using
mailscanner/spamassassin so excuse me if I have overlooked something
trivial. When I run spamassassin from the command line with MS's
spam.assassin.prefs.conf file, it returns a different score fo each
email I use it on. When a message comes through the system however it's
spamscore header is always set to 0 no matter whether it is spam or not.
How can I tell what arguments MS is using from sa? Or is it a problem
with my configuration files which are attached.
thanks.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2: "Attached Text" ]

# Main configuration file for the MailScanner E-Mail Virus Scanner
#
# It's good practice to check through configuration files to make sure
# they fit with your system and your needs, whatever you expect them to
# contain.
#
# Note: If your directories are symlinked (soft-linked) in any way,
#       please put their *real* location in here, not a path that
#       includes any links. You may get some very strange error
#       messages from some of the virus scanners if you don't.
#
# Note for Version 4.00 and above:
#       A lot of the settings can take a ruleset as well as just simple
#       values. These rulesets are files containing rules which are applied
#       to the current message to calculate the value of the configuration
#       option. The rules are checked in the order they appear in the ruleset.
#
# Note for Version 4.03 and above:
#       As well as rulesets, you can now include your own functions in
#       here. Look at the directory containing Config.pm and you will find
#       CustomConfig.pm. In here, you can add your own "value" function and
#       an Initvalue function to set up any global state you need such as
#       database connections. Then for a setting below, you can put:
#               Configuration Option = &ValueFunction
#       where "ValueFunction" is the name of the function you have
#       written in CustomConfig.pm.
#

#
# Definition of variables which are substituted into definitions below
#

# Set the directory containing all the reports in the required language
%report-dir% = /etc/MailScanner/reports/en

# Configuration directory containing this file
%etc-dir% = /etc/MailScanner

# Rulesets directory containing your ".rules" files
%rules-dir% = /etc/MailScanner/rules

# Enter a short identifying name for your organisation below, this is
# used to make the X-MailScanner headers unique for your organisation.
# Multiple servers within one site should use an identical value here
# to avoid adding multiple redundant headers where mail has passed
# through several servers within your organisation.
# RULE: It must not contain any spaces!
# Note: Some Symantec scanners complain (incorrectly) about "."
# ***** characters appearing in the names of headers.
#
# Note: This change has to be reflected in the 'bayes_ignore_header'
# options in /etc/MailScanner/spam.assassin.prefs.conf,
%org-name% =

#
# System settings
# ---------------
#

# How many MailScanner processes do you want to run at a time?
# There is no point increasing this figure if your MailScanner server
# is happily keeping up with your mail traffic.
# If you are running on a server with more than 1 CPU, or you have a
# high mail load (and/or slow DNS lookups) then you should see better
# performance if you increase this figure.
# If you are running on a small system with limited RAM, you should
# note that each child takes just over 20MB.
#
# As a rough guide, try 5 children per CPU. But read the notes above.
Max Children = 5

# User to run as (not normally used for sendmail)
# If you want to change the ownership or permissions of the quarantine or
# temporary files created by MailScanner, please see the "Incoming Work"
# settings later in this file.
#Run As User = mail
#Run As User = postfix
Run As User = Debian-exim

# Group to run as (not normally used for sendmail)
#Run As Group = mail
#Run As Group = postfix
Run As Group = Debian-exim

# How often (in seconds) should each process check the incoming mail
# queue for new messages? If you have a quiet mail server, you might
# want to increase this value so it causes less load on your server, at
# the cost of slightly increasing the time taken for an average message
# to be processed.

Queue Scan Interval = 50

# Set location of incoming mail queue
#
# This can be any one of
# 1. A directory name
#    Example: /var/spool/exim4_incoming/input
# 2. A wildcard giving directory names
#    Example: /var/spool/mqueue.in/*
# 3. The name of a file containing a list of directory names,
#    which can in turn contain wildcards.
#    Example: /etc/MailScanner/mqueue.in.list.conf
#
Incoming Queue Dir = /var/spool/exim.in/input

# Set location of outgoing mail queue.
# This can also be the filename of a ruleset.
Outgoing Queue Dir = /var/spool/exim.out/input

# Set where to unpack incoming messages before scanning them
# This can completely safely use tmpfs or a ramdisk, which will
# give you a significant performance improvement.
# NOTE: The path given here must not include any links at all,
# NOTE: but must be the absolute path to the directory.
Incoming Work Dir = /var/spool/MailScanner/incoming

# Set where to store infected and message attachments (if they are kept)
# This can also be the filename of a ruleset.
quarantine Dir = /var/spool/MailScanner/quarantine

# Set where to store the process id number so you can stop MailScanner
PID file = /var/run/MailScanner/MailScanner.pid

# To avoid resource leaks, re-start periodically
Restart Every = 14400

# Set whether to use postfix, sendmail, exim or zmailer.
# If you are using postfix, then see the "SpamAssassin User State Dir"
# setting near the end of this file
MTA = exim

# Set how to invoke MTA when sending messages MailScanner has created
# (e.g. to sender/recipient saying "found a virus in your message")
# This can also be the filename of a ruleset.
Sendmail = /usr/sbin/exim4 -qf -C /etc/exim/configure.out

# Sendmail2 is provided for Exim users.
# It is the command used to attempt delivery of outgoing cleaned/disinfected
# messages.
# This is not usually required for sendmail.
# This can also be the filename of a ruleset.
#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim4_outgoing.conf
#For sendmail users: Sendmail2 = /usr/lib/sendmail
Sendmail2 = /usr/sbin/exim4 -qf -C /etc/exim/configure.out #exim4_outgoing.conf
#Sendmail2 = /usr/lib/sendmail

#
# Incoming Work Dir Settings
# --------------------------
#
# You should not normally need to touch these settings at all,
# unless you are using ClamAV and need to be able to use the
# external archive unpackers instead of ClamAV's built-in ones.

# If you want to create the temporary working files so they are owned
# by a user other than the "Run As User" setting at the top of this file,
# you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Incoming Work Group".
incoming Work User = Debian-exim
Incoming Work Group = Debian-exim

# If you want processes running under the same *group* as MailScanner to
# be able to read the working files (and list what is in the
# directories, of course), set to 0640. If you want *all* other users to
# be able to read them, set to 0644. For a detailed description, if
# you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: external helper programs of virus scanners (notably ClamAV),
# like unpackers.
# Use with care, you may well open security holes.
Incoming Work Permissions = 0600

#
# Quarantine and Archive Settings
# -------------------------------
#
# If, for example, you are using a web interface so that users can manage
# their quarantined files, you might want to change the ownership and
# permissions of the quarantined so that they can be read and/or deleted
# by the web server.
# Don't touch this unless you know what you are doing!

# If you want to create the quarantine/archive so the files are owned
# by a user other than the "Run As User" setting at the top of this file,
# you can change that here.
# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Quarantine Group".
Quarantine User = Debian-exim
Quarantine Group = Debian-exim

# If you want processes running under the same *group* as MailScanner to
# be able to read the quarantined files (and list what is in the
# directories, of course), set to 0640. If you want *all* other users to
# be able to read them, set to 0644. For a detailed description, if
# you're not already familiar with it, refer to `man 2 chmod`.
# Typical use: let the webserver have access to the files so users can
# download them if they really want to.
# Use with care, you may well open security holes.
Quarantine Permissions = 0600

#
# Processing Incoming Mail
# ------------------------
#

# In every batch of virus-scanning, limit the maximum
# a) number of unscanned messages to deliver
# b) number of potentially infected messages to unpack and scan
# c) total size of unscanned messages to deliver
# d) total size of potentially infected messages to unpack and scan

Max Unscanned Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30

# If more messages are found in the queue than this, then switch to an
# "accelerated" mode of processing messages. This will cause it to stop
# scanning messages in strict date order, but in the order it finds them
# in the queue. If your queue is bigger than this size a lot of the time,
# then some messages could be greatly delayed. So treat this option as
# "in emergency only".
Max Normal Queue Size = 800

# The maximum number of attachments allowed in a message before it is
# considered to be an error. Some email systems, if bouncing a message
# between 2 addresses repeatedly, add information about each bounce as
# an attachment, creating a message with thousands of attachments in just
# a few minutes. This can slow down or even stop MailScanner as it uses
# all available memory to unpack these thousands of attachments.
# This can also be the filename of a ruleset.
Maximum Attachments Per Message = 200

# Expand TNEF attachments using an external program (or a Perl module)?
# This should be "yes" unless the scanner you are using (Sophos, McAfee) has
# the facility built-in. However, if you set it to "no", then the filenames
# within the TNEF attachment will not be checked against the filename rules.
Expand TNEF = yes

# Some versions of Microsoft Outlook generate unparsable Rich Text
# format attachments. Do we want to deliver these bad attachments anyway?
# Setting this to yes introduces the slight risk of a virus getting through,
# but if you have a lot of troubled Outlook users you might need to do this.
# We are working on a replacement for the TNEF decoder.
# This can also be the filename of a ruleset.
Deliver Unparsable TNEF = no

# Where the MS-TNEF expander is installed.
# This is EITHER the full command (including maxsize option) that runs
# the external TNEF expander binary,
# OR the keyword "internal" which will make MailScanner use the Perl
# module that does the same job.
# They are both provided as I am unsure which one is faster and which
# one is capable of expanding more file formats (there are plenty!).
#
# The --maxsize option limits the maximum size that any expanded attachment
# may be. It helps protect against Denial Of Service attacks in TNEF files.
#TNEF Expander    = internal
# This can also be the filename of a ruleset.
TNEF Expander = /usr/bin/tnef --maxsize=100000000

# The maximum length of time the TNEF Expander is allowed to run for 1 message.
# (in seconds)
TNEF Timeout = 120

# Where the "file" command is installed.
# This is used for checking the content type of files, regardless of their
# filename.
# To disable Filetype checking, set this value to blank.
File Command = #/usr/bin/file

# The maximum length of time the "file" command is allowed to run for 1
# batch of messages (in seconds)
File Timeout = 20

# The maximum size, in bytes, of any message including the headers.
# If this is set to zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different
# settings for different users. You might want to set this quite small for
# dialup users so their email applications don't time out downloading huge
# messages.
Maximum Message Size = 0

# The maximum size, in bytes, of any attachment in a message.
# If this is set to zero, effectively no attachments are allowed.
# If this is set less than zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different
# settings for different users. You might want to set this quite small for
# large mailing lists so they don't get deluged by large attachments.
Maximum Attachment Size = -1

# The maximum depth to which zip archives will be unpacked, to allow for
# checking filenames and filetypes within zip archives.
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected
# Archives = no. That block password-protected archives but does not do
# any filename/filetype checks on the files within the archive.
Maximum Archive Depth = 2

# Find zip archives by filename or by file contents?
# Finding them by content is a far more reliable way of finding them, but
# it does mean that you cannot tell your users to avoid zip file checking
# by renaming the file from ".zip" to "_zip" and tricks like that.
# Only set this to no (i.e. check by filename only) if you don't want to
# reliably check the contents of zip files. Note this does not affect
# virus checking, but it will affect all the other checks done on the contents
# of the zip file.
# This can also be the filename of a ruleset.
Find Archives By Content = yes

#
# Virus Scanning and Vulnerability Testing
# ----------------------------------------
#

# Do you want to scan email for viruses?
# A few people don't have a virus scanner licence and so want to disable
# all the virus scanning.
# NOTE: This switch actually switches on/off all processing of the email
#       messages. If you just want to switch off actual virus scanning,
#       then set "Virus Scanners = none" instead.
#
# If you want to be able to switch scanning on/off for different users or
# different domains, set this to the filename of a ruleset.
# This can also be the filename of a ruleset.
Virus Scanning = yes

# Which Virus Scanning package to use:
# sophos    from www.sophos.com, or
# sophossavi (also from www.sophos.com, using the SAVI perl module), or
# mcafee    from www.mcafee.com, or
# command   from www.command.co.uk, or
# bitdefender from www.bitdefender.com, or
# drweb     from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or
# kaspersky-4.5 from www.kaspersky.com, or
# kaspersky from www.kaspersky.com, or
# kavdaemonclient from www.kaspersky.com, or
# etrust    from http://www3.ca.com/Solutions/Product.asp?ID=156, or
# inoculate from www.cai.com/products/inoculateit.htm, or
# inoculan  from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or
# nod32     for No32 before version 1.99 from www.nod32.com, or
# nod32-1.99 for Nod32 1.99 and later, from www.nod32.com, or
# f-secure  from www.f-secure.com, or
# f-prot    from www.f-prot.com, or
# panda     from www.pandasoftware.com, or
# rav       from www.ravantivirus.com, or
# antivir   from www.antivir.de, or
# clamav    from www.clamav.net, or
# clamavmodule (also from www.clamav.net using the ClamAV perl module), or
# trend     from www.trendmicro.com, or
# norman    from www.norman.de, or
# css       from www.symantec.com, or
# avg       from www.grisoft.com, or
# vexira    from www.centralcommand.com, or
# none      (no virus scanning at all)
#
# Note for McAfee users: do not use any symlinks with McAfee at all. It is
#                        very strange but may not detect all viruses when
#                        started from a symlink or scanning a directory path
#                        including symlinks.
#
# Note: If you want to use multiple virus scanners, then this should be a
# space-separated list of virus scanners. For example:
# Virus Scanners = sophos f-prot mcafee
#
# Note: Make sure that you check that the base installation directory in the
#       3rd column of virus.scanners.conf matches the location you have
#       installed each of your virus scanners. The supplied
#       virus.scanners.conf file assumes the default installation locations
#       recommended by each of the virus scanner installation guides.
#
# This *cannot* be the filename of a ruleset.
Virus Scanners = trend

# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
Virus Scanner Timeout = 300

# Should I attempt to disinfect infected attachments and then deliver
# the clean ones. "Disinfection" involves removing viruses from files
# (such as removing macro viruses from documents). "Cleaning" is the
# replacement of infected attachments with "VirusWarning.txt" text
# attachments.
# Less than 1% of viruses in the wild can be successfully disinfected,
# as macro viruses are now a rare occurrence. So the default has been
# changed to "no" as it gives a significant performance improvement.
#
# This can also be the filename of a ruleset.
Deliver Disinfected Files = yes

# Strings listed here will be searched for in the output of the virus scanners.
# It is used to list which viruses should be handled differently from other
# viruses. If a virus name is given here, then
# 1) The sender will not be warned that he sent it
# 2) No attempt at true disinfection will take place
#    (but it will still be "cleaned" by removing the nasty attachments
#     from the message)
# 3) The recipient will not receive the message,
#    unless the "Still Deliver Silent Viruses" option is set
# Other words that can be put in this list are the 5 special keywords
#    HTML-IFrame   : inserting this will stop senders being warned about
#                    HTML Iframe tags, when they are not allowed.
#    HTML-Codebase : inserting this will stop senders being warned about
#                    HTML Object Codebase/Data tags, when they are not allowed.
#    HTML-Script   : inserting this will stop senders being warned about
#                    HTML Script tags, when they are not allowed.
#    HTML-Form     : inserting this will stop senders being warned about
#                    HTML Form tags, when they are not allowed.
#    Zip-Password  : inserting this will stop senders being warned about
#                    password-protected zip files, when they are not allowed.
#                    This keyword is not needed if you include All-Viruses.
#    All-Viruses   : inserting this will stop senders being warned about
#                    any virus, while still allowing you to warn senders
#                    about HTML-based attacks. This includes Zip-Password
#                    so you don't need to include both.
#
# The default of "All-Viruses" means that no senders of viruses will be
# notified (as the sender address is always forged these days anyway),
# but anyone who sends a message that is blocked for other reasons will
# still be notified.
#
# This can also be the filename of a ruleset.
Silent Viruses = HTML-IFrame All-Viruses

# Still deliver (after cleaning) messages that contained viruses listed
# in the above option ("Silent Viruses") to the recipient?
# Setting this to "yes" is good when you are testing everything, and
# because it shows management that MailScanner is protecting them,
# but it is bad because they have to filter/delete all the incoming virus
# warnings.
#
# Note: Once you have deployed this into "production" use, you should set
# Note: this option to "no" so you don't bombard thousands of people with
# Note: useless messages they don't want!
#
# This can also be the filename of a ruleset.
Still Deliver Silent Viruses = no

# Strings listed here will be searched for in the output of the virus scanners.
# It works to achieve the opposite effect of the "Silent Viruses" listed above.
# If a string here is found in the output of the virus scanners, then the
# message will be treated as if it were not infected with a "Silent Virus".
# If a message is detected as both a silent virus and a non-forging virus,
# then the ___non-forging status will override the silent status.___
# In simple terms, you should list virus names (or parts of them) that you
# know do *not* forge the From address.
# A good example of this is a document macro virus or a Joke program.
# Another word that can be put in this list is the special keyword
#    Zip-Password  : inserting this will cause senders to be warned about
#                    password-protected zip files, when they are not allowed.
#                    This will over-ride the All-Viruses setting in the list
#                    of "Silent Viruses" above.
#
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/

# Should encrypted messages be blocked?
# This is useful if you are wary about your users sending encrypted
# messages to your competition.
# This can be a ruleset so you can block encrypted message to certain domains.
Block Encrypted Messages = no

# Should unencrypted messages be blocked?
# This could be used to ensure all your users send messages outside your
# company encrypted to avoid snooping of mail to your business partners.
# This can be a ruleset so you can just check mail to certain users/domains.
Block Unencrypted Messages = no

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no

#
# Options specific to Sophos Anti-Virus
# -------------------------------------
#

# Anything on the next line that appears in brackets at the end of a line
# of output from Sophos will cause the error/infection to be ignored.
# Use of this option is dangerous, and should only be used if you are having
# trouble with lots of corrupt PDF files, for example.
# If you need to specify more than 1 string to find in the error message,
# then put each string in quotes and separate them with a comma.
# For example:
#Allowed Sophos Error Messages = "corrupt", "format not supported"
Allowed Sophos Error Messages =

# The directory (or a link to it) containing all the Sophos *.ide files.
# This is only used by the "sophossavi" virus scanner, and is irrelevant
# for all other scanners.
Sophos IDE Dir = /usr/local/Sophos/ide

# The directory (or a link to it) containing all the Sophos *.so libraries.
# This is only used by the "sophossavi" virus scanner, and is irrelevant
# for all other scanners.
Sophos Lib Dir = /usr/local/Sophos/lib

# SophosSAVI only: monitor each of these files for changes in size to
# detect when a Sophos update has happened. The date of the Sophos Lib Dir
# is also monitored.
# This is only used by the "sophossavi" virus scanner, not the "sophos"
# scanner setting.
Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip

#
# Options specific to ClamAV Anti-Virus
# -------------------------------------
#

# ClamAVModule only: monitor each of these files for changes in size to
# detect when a ClamAV update has happened.
# This is only used by the "clamavmodule" virus scanner, not the "clamav"
# scanner setting.
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd

#
# Removing/Logging dangerous or potentially offensive content
# -----------------------------------------------------------
#

# Do you want to scan the messages for potentially dangerous content?
# Setting this to "no" will disable all the content-based checks except
# Virus Scanning, Allow Partial Messages and Allow External Message Bodies.
# This can also be the filename of a ruleset.
Dangerous Content Scanning = yes

# Do you want to allow partial messages, which only contain a fraction of
# the attachments, not the whole thing? There is absolutely no way to
# scan these "partial messages" properly for viruses, as MailScanner never
# sees all of the attachment at the same time. Enabling this option can
# allow viruses through. You have been warned.
# This can also be the filename of a ruleset so you can, for example, allow
# them in outgoing mail but not in incoming mail.
Allow Partial Messages = no

# Do you want to allow messages whose body is stored somewhere else on the
# internet, which is downloaded separately by the user's email package?
# There is no way to guarantee that the file fetched by the user's email
# package is free from viruses, as MailScanner never sees it.
# This feature is dangerous as it can allow viruses to be fetched from
# other Internet sites by a user's email package. The user would just
# think it was a normal email attachment and would have been scanned by
# MailScanner.
# It is only currently supported by Netscape 6 anyway, and the only people
# who it are the IETF. So I would strongly advise leaving this switched off.
# This can also be the filename of a ruleset.
Allow External Message Bodies = no

# Do you want to allow <IFrame> tags in email messages? This is not a good
# idea as it allows various Microsoft Outlook security vulnerabilities to
# remain unprotected, but if you have a load of mailing lists sending them,
# then you will want to allow them to keep your users happy.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them from
# known mailing lists but ban them from everywhere else.
Allow IFrame Tags = no

# Banning <IFrame> tags completely is likely to break some common HTML
# mailing lists, such as Dilbert and other important things like that.
# So before you implement any restriction on them, you can log the sender
# of any message containing an <IFrame>, so that you can set the option
# above to be a ruleset allowing IFrame tags from named "From" addresses
# and banning all others.
# This can also be the filename of a ruleset.
Log IFrame Tags = no

# Do you want to allow <Form> tags in email messages? This is a bad idea
# as these are used as scams to pursuade people to part with credit card
# information and other personal data.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Form Tags = yes

# Do you want to allow <Script> tags in email messages? This is a bad idea
# as these are used to exploit vulnerabilities in email applications and
# web browsers.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# This can also be the filename of a ruleset.
Allow Script Tags = no

# Do you want to allow <Img> tags with very small images in email messages?
# This is a bad idea as these are used as 'web bugs' to find out if a message
# has been read. It is not dangerous, it is just used to make you give away
# information.
# Value: yes     => Allow these tags to be in the message
#        disarm  => Allow these tags, but stop these tags from working
#                   Note: Disarming can be defeated, it is not 100% safe!
# Note: You cannot block messages containing web bugs as their detection
#       is very vulnerable to false alarms.
# This can also be the filename of a ruleset.
Allow WebBugs = disarm

# Do you want to allow <Object Codebase=...> or <Object Data=...> tags
# in email messages?
# This is a bad idea as it leaves you unprotected against various
# Microsoft-specific security vulnerabilities. But if your users demand
# it, you can do it.
# Value: yes     => Allow these tags to be in the message
#        no      => Ban messages containing these tags
#        disarm  => Allow these tags, but stop these tags from working
# This can also be the filename of a ruleset, so you can allow them just
# for specific users or domains.
Allow Object Codebase Tags = no

# This option interacts with the "Allow ... Tags" options above like this:
#
# Allow...Tags    Convert Danger...    Action Taken on HTML Message
# ============    =================    ============================
#    no              no                Blocked
#    no              yes               Blocked
#    disarm          no                Specified HTML tags disarmed
#    disarm          yes               Specified HTML tags disarmed
#    yes             no                Nothing, allowed to pass
#    yes             yes               All HTML tags stripped
#
# If an "Allow ... Tags = yes" is triggered by a message, and this
# "Convert Dangerous HTML To Text" is set to "yes", then the HTML
# message will be converted to plain text.  This makes the HTML
# harmless, while still allowing your users to see the text content
# of the messages.  Note that all graphical content will be removed.
#
# This can also be the filename of a ruleset, so you can make this apply
# only to specific users or domains.
Convert Dangerous HTML To Text = no

# Do you want to convert all HTML messages into plain text?
# This is very useful for users who are children or are easily offended
# by nasty things like pornographic spam.
# This can also be the filename of a ruleset, so you can switch this
# feature on and off for particular users or domains.
Convert HTML To Text = no

#
# Attachment Filename Checking
# ----------------------------
#

# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
Filename Rules = %etc-dir%/filename.rules.conf

# Set where to find the attachment filetype ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their content as determined
# by the "file" command, regardless of whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
#
# To disable this feature, set this to just "Filetype Rules =" or set
# the location of the file command to a blank string.
Filetype Rules = %etc-dir%/filetype.rules.conf

#
# Reports and Responses
# ---------------------
#

# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = yes

# There is no point quarantining most viruses these days as the infected
# messages contain no useful content, so if you set this to "no" then no
# infections listed in your "Silent Viruses" setting will be quarantined,
# even if you have chosen to quarantine infections in general. This is
# currently set to "yes" so the behaviour is the same as it was in
# previous versions.
# This can also be the filename of a ruleset.
Quarantine Silent Viruses = yes

# Do you want to quarantine the original *entire* message as well as
# just the infected attachments?
# This can also be the filename of a ruleset.
Quarantine Whole Message = yes

# When you quarantine an entire message, do you want to store it as
# raw mail queue files (so you can easily send them onto users) or
# as human-readable files (header then body in 1 file)?
Quarantine Whole Messages As Queue Files = yes

# Set where to find all the strings used so they can be translated into
# your local language.
# This can also be the filename of a ruleset so you can produce different
# languages for different messages.
Language Strings = %report-dir%/languages.conf

# Set where to find the message text sent to users when one of their
# attachments has been deleted from a message.
# These can also be the filenames of rulesets.
Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt

# Set where to find the message text sent to users when one of their
# attachments has been deleted from a message and stored in the quarantine.
# These can also be the filenames of rulesets.
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt

# Set where to find the message text sent to users explaining about the
# attached disinfected documents.
# This can also be the filename of a ruleset.
Disinfected Report = %report-dir%/disinfected.report.txt

# Set where to find the HTML and text versions that will be added to the
# end of all clean messages, if "Sign Clean Messages" is set.
# These can also be the filenames of rulesets.
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

# Set where to find the HTML and text versions that will be inserted at
# the top of messages that have had viruses removed from them.
# These can also be the filenames of rulesets.
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt

# Set where to find the messages that are delivered to the sender, when they
# sent an email containing either an error, banned content, a banned filename
# or a virus infection.
# These can also be the filenames of rulesets.
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt

# Hide the directory path from all virus scanner reports sent to users.
# The extra directory paths give away information about your setup, and
# tend to just confuse users.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir = yes

# Include the name of the virus scanner in each of the scanner reports.
# This also includes the translation of "MailScanner" in each of the report
# lines resulting from one of MailScanner's own checks such as filename,
# filetype or dangerous HTML content. To change the name "MailScanner", look
# in reports/...../languages.conf.
#
# Very useful if you use several virus scanners, but a bad idea if you
# don't want to let your customers know which scanners you use.
Include Scanner Name In Reports = yes

#
# Changes to Message Headers
# --------------------------
#

# Add this extra header to all mail as it is processed.
# This *must* include the colon ":" at the end.
# This can also be the filename of a ruleset.
Mail Header = X-%org-name%-MailScanner:

# Add this extra header to all messages found to be spam.
# This can also be the filename of a ruleset.
Spam Header = X-%org-name%-MailScanner-SpamCheck:

# Add this extra header if "Spam Score" = yes. The header will
# contain 1 character for every point of the SpamAssassin score.
Spam Score Header = X-%org-name%-MailScanner-SpamScore:

# Add this extra header to all mail as it is processed.
# The contents is set by "Information Header Value" and is intended for
# you to be able to insert a help URL for your users.
# If you don't want an information header at all, just comment out this
# setting or set it to be blank.
# This can also be the filename of a ruleset.
#Information Header = X-%org-name%-MailScanner-Information:

# Do you want to add the Envelope-From: header?
# This is very useful for tracking where spam came from as it
# contains the envelope sender address.
# This can also be the filename of a ruleset.
Add Envelope From Header = yes

# Do you want to add the Envelope-To: header?
# This can be useful for tracking span destinations, but should be
# used with care due to possible privacy concerns with the use of
# Bcc: headers by users.
# This can also be the filename of a ruleset.
Add Envelope To Header = no

# This is the name of the Envelope From header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope From Header = X-MailScanner-From:

# This is the name of the Envelope To header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope To Header = X-MailScanner-To:

# The character to use in the "Spam Score Header".
# Don't use: x as a score of 3 is "xxx" which the users will think is porn,
#            # as it will cause confusion with comments in procmail as well
#              as MailScanner itself,
#            * as it will cause confusion with pattern matches in procmail,
#            . as it will cause confusion with pattern matches in procmail,
#            ? as it will cause the users to think something went wrong.
# "s" is nice and safe and stands for "spam".
Spam Score Character = s

# If this option is set to yes, you will get a spam-score header saying just
# the value of the spam score, instead of the row of characters representing
# the score.
# This can also be the filename of a ruleset.
SpamScore Number Instead Of Stars = yes

# This sets the minimum number of "Spam Score Characters" which will appear
# if a message triggered the "Spam List" setting but received a very low
# SpamAssassin score. This means that people who only filter on the "Spam
# Stars" will still be able to catch messages which receive a very low
# SpamAssassin score. Set this value to 0 to disable it.
# This can also be the filename of a ruleset.
Minimum Stars If On Spam List = 5

# Set the "Mail Header" to these values for clean/infected/disinfected messages.
# This can also be the filename of a ruleset.
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected

# Set the "Information Header" to this value.
# This can also be the filename of a ruleset.
Information Header Value = Please contact the ISP for more information

# Do you want the full spam report, or just a simple "spam / not spam" report?
Detailed Spam Report = yes

# Do you want to include the numerical scores in the detailed SpamAssassin
# report, or just list the names of the scores
Include Scores In SpamAssassin Report = yes

# Do you want to always include the Spam Report in the SpamCheck
# header, even if the message wasn't spam?
# This can also be the filename of a ruleset.
Always Include SpamAssassin Report = yes

# What to do when you get several MailScanner headers in one message,
# from multiple MailScanner servers. Values are
#      "append"  : Append the new data to the existing header
#      "add"     : Add a new header
#      "replace" : Replace the old data with the new data
# Default is "append"
# This can also be the filename of a ruleset.
Multiple Headers = add

# Name of this host, or a name like "the MailScanner" if you want to hide
# the real hostname. It is used in the Help Desk note contained in the
# virus warnings sent to users.
# This can also be the filename of a ruleset.
Hostname = the %org-name% MailScanner

# If this is "no", then (as far as possible) messages which have already
# been processed by another MailScanner server will not have the clean
# signature added to the message. This prevents messages getting many
# copies of the signature as they flow through your site.
# This can also be the filename of a ruleset.
Sign Messages Already Processed = yes #bck 13 sept 2004

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
Sign Clean Messages = no

# Add the "Inline HTML Warning" or "Inline Text Warning" to the top of
# messages that have had attachments removed from them?
# This can also be the filename of a ruleset.
Mark Infected Messages = yes

# When a message is to not be virus-scanned (which may happen depending
# upon the setting of "Virus Scanning", especially if it is a ruleset),
# do you want to add the header advising the users to get their email
# virus-scanned by you?
# Very good for advertising your MailScanning service and encouraging
# users to give you some more money and sign up to virus scanning.
# This can also be the filename of a ruleset.
Mark Unscanned Messages = yes

# This is the text used by the "Mark Unscanned Messages" option above.
# This can also be the filename of a ruleset.
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details

# Do you want to deliver messages once they have been cleaned of any
# viruses?
# By making this a ruleset, you can re-create the "Deliver From Local"
# facility of previous versions.
Deliver Cleaned Messages = yes

#
# Notifications back to the senders of blocked messages
# -----------------------------------------------------
#

# Do you want to notify the people who sent you messages containing
# viruses or badly-named filenames?
# This can also be the filename of a ruleset.
Notify Senders = no

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing viruses?
# The default value has been changed to "no" as most viruses now fake
# sender addresses and therefore should be on the "Silent Viruses" list.
# This can also be the filename of a ruleset.
Notify Senders Of Viruses = no

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing attachments that are blocked due to
# their filename or file contents?
# This can also be the filename of a ruleset.
Notify Senders Of Blocked Filenames Or Filetypes = no

# *If* "Notify Senders" is set to yes, do you want to notify people
# who sent you messages containing other blocked content, such as
# partial messages or messages with external bodies?
# This can also be the filename of a ruleset.
Notify Senders Of Other Blocked Content = no

# If you supply a space-separated list of message "precedence" settings,
# then senders of those messages will not be warned about anything you
# rejected. This is particularly suitable for mailing lists, so that any
# MailScanner responses do not get sent to the entire list.
Never Notify Senders Of Precedence = list bulk

#
# Changes to the Subject: line
# ----------------------------
#

# When the message has been scanned but no other subject line changes
# have happened, do you want modify the subject line?
# This can be 1 of 3 values:
#      no    = Do not modify the subject line, or
#      start = Add text to the start of the subject line, or
#      end   = Add text to the end of the subject line.
# This makes very good advertising of your MailScanning service.
# This can also be the filename of a ruleset.
Scanned Modify Subject = no # end

# This is the text to add to the start/end of the subject line if the
# "Scanned Modify Subject" option is set.
# This can also be the filename of a ruleset.
Scanned Subject Text = {Scanned}

# If the message contained a virus, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Virus Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Virus Modify Subject" option is set.
# This can also be the filename of a ruleset.
Virus Subject Text = {Virus?}

# If an attachment triggered a filename check, but there was nothing
# else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Filename Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Filename Modify Subject" option is set.
# You might want to change this so your users can see at a glance
# whether it just was just the filename that MailScanner rejected.
# This can also be the filename of a ruleset.
Filename Subject Text = {Filename?}

# If an attachment triggered a content check, but there was nothing
# else wrong with the message, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Content Modify Subject = yes

# This is the text to add to the start of the subject if the
# "Content Modify Subject" option is set.
# You might want to change this so your users can see at a glance
# whether it just was just the content that MailScanner rejected.
# This can also be the filename of a ruleset.
Content Subject Text = {Blocked Content}

# If the message is spam, do you want to modify the subject line?
# This makes filtering in Outlook very easy.
# This can also be the filename of a ruleset.
Spam Modify Subject = no

# This is the text to add to the start of the subject if the
# "Spam Modify Subject" option is set.
# The exact string "_SCORE_" will be replaced by the numeric
# SpamAssassin score.
# This can also be the filename of a ruleset.
Spam Subject Text = {Spam?}

# This is just like the "Spam Modify Subject" option above, except that
# it applies then the score from SpamAssassin is higher than the
# "High SpamAssassin Score" value.
# This can also be the filename of a ruleset.
High Scoring Spam Modify Subject = no

# This is just like the "Spam Subject Text" option above, except that
# it applies then the score from SpamAssassin is higher than the
# "High SpamAssassin Score" value.
# The exact string "_SCORE_" will be replaced by the numeric
# SpamAssassin score.
# This can also be the filename of a ruleset.
High Scoring Spam Subject Text = {Spam?}

#
# Changes to the Message Body
# ---------------------------
#

# When a virus or attachment is replaced by a plain-text warning,
# should the warning be in an attachment? If "no" then it will be
# placed in-line. This can also be the filename of a ruleset.
Warning Is Attachment = yes

# When a virus or attachment is replaced by a plain-text warning,
# and that warning is an attachment, this is the filename of the
# new attachment.
# This can also be the filename of a ruleset.
Attachment Warning Filename = %org-name%-Attachment-Warning.txt

# What character set do you want to use for the attachment that
# replaces viruses (VirusWarning.txt)?
# The default is "us-ascii" but if you speak anything other than
# English, you will probably want "ISO-8859-1" instead.
# This can also be the filename of a ruleset.
Attachment Encoding Charset = us-ascii

#
# Mail Archiving and Monitoring
# -----------------------------
#

# Space-separated list of any combination of
# 1. email addresses to which mail should be forwarded,
# 2. directory names where you want mail to be stored,
# 3. file names (they must already exist!) to which mail will be appended
#    in "mbox" format suitable for most Unix mail systems.
#
# If you give this option a ruleset, you can control exactly whose mail
# is archived or forwarded. If you do this, beware of the legal implications
# as this could be deemed to be illegal interception unless the police have
# asked you to do this.
#Archive Mail = /var/spool/MailScanner/archive
Archive Mail =

#
# Notices to System Administrators
# --------------------------------
#

# Notify the local system administrators ("Notices To") when any infections
# are found?
# This can also be the filename of a ruleset.
Send Notices = yes

# Include the full headers of each message in the notices sent to the local
# system administrators?
# This can also be the filename of a ruleset.
Notices Include Full Headers = no

# Hide the directory path from all the system administrator notices.
# The extra directory paths give away information about your setup, and
# tend to just confuse users but are still useful for local sys admins.
# This can also be the filename of a ruleset.
Hide Incoming Work Dir in Notices = no

# What signature to add to the bottom of the notices.
# To insert a line-break in there, use the sequence "\n".
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info

# The visible part of the email address used in the "From:" line of the
# notices. The <user@domain> part of the email address is set to the
# "Local Postmaster" setting.
Notices From = MailScanner

# Where to send the notices.
# This can also be the filename of a ruleset.
Notices To = postmaster

# Address of the local Postmaster, which is used as the "From" address in
# virus warnings sent to users.
# This can also be the filename of a ruleset.
Local Postmaster = postmaster

#
# Spam Detection and Virus Scanner Definitions
# --------------------------------------------
#

# This is the name of the file that translates the names of the "Spam List"
# values to the real DNS names of the spam blacklists.
Spam List Definitions = %etc-dir%/spam.lists.conf

# This is the name of the file that translates the names of the virus
# scanners into the commands that have to be run to do the actual scanning.
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf

#
# Spam Detection and Spam Lists (DNS blocklists)
# ----------------------------------------------
#

# Do you want to check messages to see if they are spam?
# Note: If you switch this off then *no* spam checks will be done at all.
#       This includes both MailScanner's own checks and SpamAssassin.
#       If you want to just disable the "Spam List" feature then set
#       "Spam List =" (i.e. an empty list) in the setting below.
# This can also be the filename of a ruleset.
Spam Checks = yes

# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = # ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk)

# This is the list of spam domain blacklists which you are using
# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
# file for more information about what you can put here.
# This can also be the filename of a ruleset.
Spam Domain List =

# If a message appears in at least this number of "Spam Lists" (as defined
# above), then the message will be treated as "High Scoring Spam" and so
# the "High Scoring Spam Actions" will happen. You probably want to set
# this to 2 if you are actually using this feature. 5 is high enough that
# it will never happen unless you use lots of "Spam Lists".
# This can also be the filename of a ruleset.
Spam Lists To Reach High Score = 3

# If an individual "Spam List" or "Spam Domain List" check takes longer
# that this (in seconds), the check is abandoned and the timeout noted.
Spam List Timeout = 120

# The maximum number of timeouts caused by any individual "Spam List" or
# "Spam Domain List" before it is marked as "unavailable". Once marked,
# the list will be ignored until the next automatic re-start (see
# "Restart Every" for the longest time it will wait).
# This can also be the filename of a ruleset.
Max Spam List Timeouts = 7

# The total number of Spam List attempts during which "Max Spam List Timeouts"
# will cause the spam list fo be marked as "unavailable". See the previous
# comment for more information.
# The default values of 5 and 10 mean that 5 timeouts in any sequence of 10
# attempts will cause the list to be marked as "unavailable" until the next
# periodic restart (see "Restart Every").
Spam List Timeouts History = 10

# Spam Whitelist:
# Make this point to a ruleset, and anything in that ruleset whose value
# is "yes" will *never* be marked as spam.
# This can also be the filename of a ruleset.
#Is Definitely Not Spam = no
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

# Spam Blacklist:
# Make this point to a ruleset, and anything in that ruleset whose value
# is "yes" will *always* be marked as spam.
# This can also be the filename of a ruleset.
Is Definitely Spam = no

# Setting this to yes means that spam found in the blacklist is treated
# as "High Scoring Spam" in the "Spam Actions" section below. Setting it
# to no means that it will be treated as "normal" spam.
# This can also be the filename of a ruleset.
Definite Spam Is High Scoring = no

# Spammers have learnt that they can get their message through by sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20

#
# SpamAssassin
# ------------
#

# Do you want to find spam using the "SpamAssassin" package?
# This can also be the filename of a ruleset.
Use SpamAssassin = yes

# SpamAssassin is not very fast when scanning huge messages, so messages
# bigger than this value will be truncated to this length for SpamAssassin
# testing. The original message will not be affected by this. This value
# is a good compromise as very few spam messages are bigger than this.
Max SpamAssassin Size = 3000000

# This replaces the SpamAssassin configuration value 'required_hits'.
# If a message achieves a SpamAssassin score higher than this value,
# it is spam. See also the High SpamAssassin Score configuration option.
# This can also be the filename of a ruleset, so the SpamAssassin
# required_hits value can be set to different values for different messages.
Required SpamAssassin Score = 4.55

# If a message achieves a SpamAssassin score higher than this value,
# then the "High Scoring Spam Actions" are used. You may want to use
# this to deliver moderate scores, while deleting very high scoring messsages.
# This can also be the filename of a ruleset.
High SpamAssassin Score = 10

# Set this option to "yes" to enable the automatic whitelisting functions
# available within SpamAssassin. This will cause addresses from which you
# get real mail, to be marked so that it will never incorrectly spam-tag
# messages from those addresses.
SpamAssassin Auto Whitelist = no

# Set the location of the SpamAssassin user_prefs file. If you want to
# stop SpamAssassin doing all the RBL checks again, then you can add
# "skip_rbl_checks = 1" to this prefs file.
SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf

# If SpamAssassin takes longer than this (in seconds), the check is
# abandoned and the timeout noted.
SpamAssassin Timeout = 360
#ill be
# marked as "unavailable" until MailScanner next re-starts itself.
# This means that remote network failures causing SpamAssassin trouble will
# not mean your mail stops flowing.
Max SpamAssassin Timeouts = 20

# The total number of SpamAssassin attempts during which "Max SpamAssassin
# Timeouts" will cause SpamAssassin to be marked as "unavailable".
# See the previous comment for more information.
# The default values of 10 and 20 mean that 10 timeouts in any sequence of
# 20 attempts will trigger the behaviour described above, until the next
# periodic restart (see "Restart Every").
SpamAssassin Timeouts History = 30

# If the message sender is on any of the Spam Lists, do you still want
# to do the SpamAssassin checks? Setting this to "no" will reduce the load
# on your server, but will stop the High Scoring Spam Actions from ever
# happening.
# This can also be the filename of a ruleset.
Check SpamAssassin If On Spam List = yes

# Do you want to include the "Spam Score" header. This shows 1 character
# (Spam Score Character) for every point of the SpamAssassin score. This
# makes it very easy for users to be able to filter their mail using
# whatever SpamAssassin threshold they want. For example, they just look
# for "sssss" for every message whose score is > 5, for example.
# This can also be the filename of a ruleset.
Spam Score = yes

# If you are using the Bayesian statistics engine on a busy server,
# you may well need to force a Bayesian database rebuild and expiry
# at regular intervals. This is measures in seconds.
# 1 day = 86400 seconds.
# To disable this feature set this to 0.
Rebuild Bayes Every = 0

# The Bayesian database rebuild and expiry may take a 2 or 3 minutes
# to complete. During this time you can either wait, or simply
# disable SpamAssassin checks until it has completed.
Wait During Bayes Rebuild = no

#
# What to do with spam
# --------------------
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    bounce                  - send a rejection message back to the sender
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#
# This can also be the filename of a ruleset.
#Spam Actions = store forward anonymous@ecs.soton.ac.uk
Spam Actions = deliver

# This is just like the "Spam Actions" option above, except that it applies
# then the score from SpamAssassin is higher than the "High SpamAssassin Score"
# value.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an attachment
#                              of the message. This means the user has to take
#                              an extra step to open the spam, and stops "web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered. They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#
# This can also be the filename of a ruleset.
High Scoring Spam Actions = deliver

# This is just like the "Spam Actions" option above, except that it applies
# to messages that are *NOT* spam.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to user@domain.com
#    striphtml               - convert all in-line HTML content to plain text
#
# This can also be the filename of a ruleset.
Non Spam Actions = deliver

# There are 3 reports:
#   Sender Spam Report         -  sent when a message triggers both a Spam
#                                 List and SpamAssassin,
#   Sender Spam List Report    -  sent when a message triggers a Spam List,
#   Sender SpamAssassin Report -  sent when a message triggers SpamAssassin.
#
# These can also be the filenames of rulesets.
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt

# If you use the 'attachment' Spam Action or High Scoring Spam Action
# then this is the location of inline spam report that is inserted at
# the top of the message.
Inline Spam Warning = %report-dir%/inline.spam.warning.txt

# If you use the 'notify' Spam Action or High Scoring Spam Action then
# this is the location of the notification message that is sent to the
# original recipients of the message.
Recipient Spam Report = %report-dir%/recipient.spam.report.txt

# You can use this ruleset to enable the "bounce" Spam Action.
# You must *only* enable this for mail from sites with which you have
# agreed to bounce possible spam. Use it on low-scoring spam only (<10)
# and only to your regular customers for use in the rare case that a
# message is mis-tagged as spam when it shouldn't have been.
# Beware that many sites will automatically delete the bounce messages
# created by using this option unless you have agreed this with them in
# advance.
# If you enable this, be prepared to handle the irate responses from
# people to whom you are essentially sending more spam!
Enable Spam Bounce = %rules-dir%/bounce.rules

#
# Logging
# -------
#

# This is the syslog "facility" name that MailScanner uses. If you don't
# know what a syslog facility name is, then either don't change this value
# or else go and read "man syslog.conf". The default value of "mail" will
# cause the MailScanner logs to go into the same place as all your other
# mail logs.
Syslog Facility = mail

# Do you want to log the processing speed for each section of the code
# for a batch? This can be very useful for diagnosing speed problems,
# particularly in spam checking.
Log Speed = no

# Do you want all spam to be logged? Useful if you want to gather
# spam statistics from your logs, but can increase the system load quite
# a bit if you get a lot of spam.
Log Spam = no

# Do you want all non-spam to be logged? Useful if you want to see
# all the SpamAssassin reports of mail that was marked as non-spam.
# Note: It will generate a lot of log traffic.
Log Non Spam = no

# Log all the filenames that are allowed by the Filename Rules, or just
# the filenames that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filenames = no

# Log all the filenames that are allowed by the Filetype Rules, or just
# the filetypes that are denied?
# This can also be the filename of a ruleset.
Log Permitted Filetypes = no

#
# Advanced SpamAssassin Settings
# ------------------------------
#
# If you are using Postfix you may well need to use some of the settings
# below, as the home directory for the "postfix" user cannot be written
# to by the "postfix" user.
# You may also need to use these if you have installed SpamAssassin
# somewhere other than the default location.
#

# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin User State Dir = /var/lib/MailScanner

# This setting is useful if SpamAssassin is installed in an unusual place,
# e.g. /opt/MailScanner. The install prefix is used to find some fallback
# directories if neither of the following two settings work.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Install Prefix = /opt/MailScanner
SpamAssassin Install Prefix = /etc/MailScanner

# The site rules are searched for here.
# Normal location on most systems is /etc/mail/spamassassin.
SpamAssassin Site Rules Dir = /etc/mail/spamassassin

# The site-local rules are searched for here, and in prefix/etc/spamassassin,
# prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
# /etc/mail/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
SpamAssassin Local Rules Dir = /etc/MailScanner/rules

# The default rules are searched for here, and in prefix/share/spamassassin,
# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Default Rules Dir = /usr/share/spamassassin
SpamAssassin Default Rules Dir = /etc/MailScanner/rules


#
# Advanced Settings
# -----------------
#
# Don't bother changing anything below this unless you really know
# what you are doing, or else if MailScanner has complained about
# your "Minimum Code Status" setting.
#

# When trying to work out the value of configuration parameters which are
# using a ruleset, this controls the behaviour when a rule is checking the
# "To:" addresses.
# If this option is set to "yes", then the following happens when checking
# the ruleset:
#   a) 1 recipient. Same behaviour as normal.
#   b) Several recipients, but all in the same domain (domain.com for example).
#      The rules are checked for one that matches the string "*@domain.com".
#   c) Several recipients, not all in the same domain.
#      The rules are checked for one that matches the string "*@*".
#
# If this option is set to "no", then some rules will use the result they
# get from the first matching rule for any of the recipients of a message,
# so the exact value cannot be predicted for messages with more than 1
# recipient.
#
# This value *cannot* be the filename of a ruleset.
Use Default Rules With Multiple Recipients = no

# When putting the value of the spam score of a message into the headers,
# how do you want to format it. If you don't know how to use sprintf() or
# printf() in C, please *do not modify* this value. A few examples for you:
# %d     ==> 12
# %5.2f  ==> 12.34
# %05.1f ==> 012.3
# This can also be the filename of a ruleset.
Spam Score Number Format = %5.2f

# Set Debug to "yes" to stop it running as a daemon and just process
# one batch of messages and then exit.
Debug = no

# Do you want to debug SpamAssassin from within MailScanner?
Debug SpamAssassin = yes

# Set Run In Foreground to "yes" if you want MailScanner to operate
# normally in foreground (and not as a background daemon).
# Use this if you are controlling the execution of MailScanner
# with a tool like DJB's 'supervise' (see http://cr.yp.to/daemontools.html).
Run In Foreground = no

# If you are using an LDAP server to read the configuration, these
# are the details required for the LDAP connection. The connection
# is anonymous.
#LDAP Server = localhost
#LDAP Base   = o=fsl
#LDAP Site   = default

# This option is intended for people who want to log more information
# about messages than what is put in syslog. It is intended to be used
# with a Custom Function which has the side-effect of logging information,
# perhaps to an SQL database, or any other processing you want to do
# after each message is processed.
# Its value is completely ignored, it is purely there to have side
# effects.
# If you want to use it, read CustomConfig.pm.
Always Looked Up Last = no

# When attempting delivery of outgoing messages, should we do it in the
# background or wait for it to complete? The danger of doing it in the
# background is that the machine load goes ever upwards while all the
# slow sendmail processes run to completion. However, running it in the
# foreground may cause the mail server to run too slowly.
Deliver In Background = yes

# Attempt immediate delivery of messages, or just place them in the outgoing
# queue for the MTA to deliver when it wants to?
#      batch -- attempt delivery of messages, in batches of up to 20 at once.
#      queue -- just place them in the queue and let the MTA find them.
# This can also be the filename of a ruleset. For example, you could use a
# ruleset here so that messages coming to you are immediately delivered,
# while messages going to any other site are just placed in the queue in
# case the remote delivery is very slow.
Delivery Method = queue

# Are you using Exim with split spool directories? If you don't understand
# this, the answer is probably "no". Refer to the Exim documentation for
# more information about split spool directories.
Split Exim Spool = no

# Where to put the virus scanning engine lock files.
# These lock files are used between MailScanner and the virus signature
# "autoupdate" scripts, to ensure that they aren't both working at the
# same time (which could cause MailScanner to let a virus through).
Lockfile Dir = /tmp

# Where to put the code for your "Custom Functions". No code in this
# directory should be over-written by the installation or upgrade process.
# All files starting with "." or ending with ".rpmnew" will be ignored,
# all other files will be compiled and may be used with Custom Functions.
Custom Functions Dir = /usr/share/MailScanner/MailScanner/CustomFunctions

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For Exim, it defaults to "posix".
# No other type is implemented.
#Lock Type = flock

# Minimum acceptable code stability status -- if we come across code
# that's not at least as stable as this, we barf.
# This is currently only used to check that you don't end up using untested
# virus scanner support code without realising it.
# Levels used are:
# none          - there may not even be any code.
# unsupported   - code may be completely untested, a contributed dirty hack,
#                 anything, really.
# alpha         - code is pretty well untested. Don't assume it will work.
# beta          - code is tested a bit. It should work.
# supported     - code *should* be reliable.
#
# Don't even *think* about setting this to anything other than "beta" or
# "supported" on a system that receives real mail until you have tested it
# yourself and are happy that it is all working as you expect it to.
# Don't set it to anything other than "supported" on a system that could
# ever receive important mail.
#
# READ and UNDERSTAND the above text BEFORE changing this.
#
Minimum Code Status = supported


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 3: "Attached Text" ]

# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
#   required_hits n
#               (how many hits are required to tag a mail as spam.)
#
#   score SYMBOLIC_TEST_NAME n
#               (if this is omitted, 1 is used as a default score.
#               Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
###########################################################################

# JKF 25/10/2002
# These next 6 lines add 2 local rules to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.

#header   FRIEND_GREETINGS      Subject =~ /you have an E-Card from/i
#describe FRIEND_GREETINGS      Nasty E-card from FriendGreetings.com
#score    FRIEND_GREETINGS      100.0
#header   FRIEND_GREETINGS2     Subject =~ /you have a greeting card from/i
#describe FRIEND_GREETINGS2     Nasty E-card from FriendGreetings.com
#score    FRIEND_GREETINGS2     100.0

###########################################################################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.

# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits           3.75

#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/bayes_msgcount, etc.
#
auto_whitelist_path        /var/lib/MailScanner/auto-whitelist
auto_whitelist_file_mode   0600
bayes_path                 /var/lib/MailScanner/bayes/bayes
bayes_file_mode            0600

# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# Specifically, "*" and "?" are allowed, but all other metacharacters
# are not.  Regular expressions are not used for security reasons.
#
# Multiple addresses per line, separated by spaces, is OK.  Multiple
# "whitelist_from" lines is also OK.
#
# whitelist_from                monty@roscom.com

# Add your blacklist entries in the same format...
#
# blacklist_from        friend@public.com

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
# ok_locales            en

# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 1 #bck 22-9-04

###########################################################################
# Add your own customised scores for some tests below.  The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .

# MailScanner: Comment out the next line to enable DCC checking if you
#              have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc

#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10

#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET    4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL               10
#score RCVD_IN_RSS               1
#score RCVD_IN_DUL               1

# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0

# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# Change according to %org-name% in /etc/MailScanner/MailScanner.conf
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information

# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0

auto_learn 0
#bck 13-9-2004
Spam Score Number Format = %5.2f

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dan.farmer at PHONEDIR.COM  Mon Sep 27 16:17:38 2004
From: dan.farmer at PHONEDIR.COM (Dan Farmer)
Date: Thu Jan 12 21:27:01 2006
Subject: small bug in install-Clam-SA
Message-ID: <mailman.2586.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian,

The file in the tar is named:
perl-rpm/perl-Business-ISBN-1.74-1.noarch.rpm
not
perl-rpm/perl-Business-ISBN-1.74-1.src.rpm

I'm not sure what change is necessary to get the script to install
this... or maybe I did something wrong?
----
Attempting to build and install perl-Business-ISBN-1.74-1
Missing file perl-rpm/perl-Business-ISBN-1.74-1.src.rpm. Are you in the
right directory?

Missing file
/usr/src/redhat/RPMS/noarch/perl-Business-ISBN-1.74-1.noarch.rpm.
Maybe it did not build correctly?
*
* This Could Be A Problem. Press Ctrl-S Now!!
*

Dan

On Sep 26, 2004, at 4:09 AM, Julian Field wrote:

> Fixed now. The version number should of course have been 1.74 and not
> 1.71.
>
> At 09:35 26/09/2004, you wrote:
>> There is a small bug in install-Clam-SA
>>
>> Attempting to build and install Business-ISBN-1.71
>> Unpacking perl-tar/Business-ISBN-1.71.tar.gz
>> Missing file perl-tar/Business-ISBN-1.71.tar.gz . Are you in the right
>> directory?
>>
>> Missing directory /tmp/Business-ISBN-1.71 .
>> Maybe it did not build correctly?
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From pparsons at COLUMBIAFUELS.COM  Mon Sep 27 16:48:33 2004
From: pparsons at COLUMBIAFUELS.COM (Philip Parsons)
Date: Thu Jan 12 21:27:01 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2587.1137101221.24926.mailscanner@lists.mailscanner.info>

 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer
> Sent: Monday, September 27, 2004 7:17 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Bitdefender probs - some questions
> 
> On Mon, 2004-09-27 at 13:34, Marcel Blenkers wrote:
> > Because, after stating the bdc --update command on the 
> shell, i got an 
> > response, but it seems, that, if i do use the bdc-wrapper, it got 
> > stuck again. So i had to uncomment the line again.
> 
> Don't comment out the bdc --update line in the script.  There 
> was not any issue with bdc --update, the problem was with the 
> two calls to bdc -vlist in the wrapper script.  Commenting 
> those two lines out will solve your problem (although the 
> logging of updates may not indicate whether an update 
> actaully happened now).
> 
> I've not yet heard anything from bitdefender support and it 
> would appear that bdc --vlist is still broken.
> 
I have run a test and yes it is still broken.


> 
> 
> 
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the 
> recipient and may contain confidential and/or privileged 
> material.  If you have received this in error, please contact 
> the sender and delete this message immediately.  Disclosure, 
> copying or other action taken in respect of this email or in 
> reliance on it is prohibited.  BMRB International Limited 
> accepts no liability in relation to any personal emails, or 
> content of any email which does not directly relate to our business.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 16:54:14 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Parser.pm error since upgrade to SA 3
Message-ID: <mailman.2588.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:47 27/09/2004, you wrote:
>Since upgrading to SA3, when I run 'spamassassin -D --lint' I now see this
>error:
>
>Argument "no" isn't numeric in addition (+) at
>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf/Parser.pm line 572.
>
>I can't find any info in the news groups, the SA wiki, or these forums.
>ANyone have an idea? It does not seem to impact SA's functioning.

grep for 'no' in your SpamAssassin configuration files. You will have a
"no" when you should have a "0".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 17:00:31 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: small bug in install-Clam-SA
Message-ID: <mailman.2589.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Sorry. Fixed now.
Hopefully this script now works!

At 16:17 27/09/2004, you wrote:
>Julian,
>
>The file in the tar is named:
>perl-rpm/perl-Business-ISBN-1.74-1.noarch.rpm
>not
>perl-rpm/perl-Business-ISBN-1.74-1.src.rpm

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Mon Sep 27 17:16:54 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:27:01 2006
Subject: MailScanner book came today
Message-ID: <mailman.2590.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
| All down to a bug in Word, would you believe it. If you create the
index in
| normal/page view, it wraps the text differently from when in Print
Preview.
| So the page numbers come out all wrong.
| Really sorry about this.
| Corrected index is attached.
I do believe Cafe Press prints on demand, so hopefully new copies will
be correct after Julian uploads a corrected source.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBWDz2RADw9lziUqQRAtw4AJ458EOtZpyOQZdHjvfROpL9caBT9ACfYLkH
W80O+JYdmc06+c6LCMf9eAs=
=N5q+
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From chris.jones at ATMOSENERGY.COM  Mon Sep 27 17:17:24 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:01 2006
Subject: SpamAssassin SQL User Preferences
Message-ID: <mailman.2591.1137101221.24926.mailscanner@lists.mailscanner.info>

I have configured the auto white list based on spamassassin sql querry
to work as expected. So it seems that the sql functionality is working
just not userprefs. I have also upgraded to MailScanner-4.34.6-1

Sep 27 11:14:56 dfw1wu22 MailScanner[9276]: Message i8RGEqr8009293 from
172.16.6.199 (spamsender@aol.com) to u22.atmosenergy.com is spam,
SpamAssassin (score=216.179, required 5, ALL_TRUSTED -2.82, AWL 218.82,
NO_REAL_NAME 0.18)

-----Original Message-----
From: Jones, Chris 
Sent: Monday, September 27, 2004 9:33 AM
To: 'MAILSCANNER@JISCMAIL.AC.UK'
Subject: RE: SpamAssassin SQL User Preferences


What version are you running? I am running mailscanner-4.33.3-1. Could
this release be the problem? 

FYI--

I am seeing the same thing. It looks like MailScanner does not utilize
SpamAssassin's sql userprefs lookup.


Here is the log from spamassassin using sql to get user Prefs ( ie spamd
-D -q ). This will correctly identify the sender as a spammer.

# echo -e "From:spamsender@aol.com\nTo:user\Subject: Test\n\n" | spamc
-u '$GLOBAL'
Received: from localhost by u22.atmosenergy.com
        with SpamAssassin (version 3.0.0);
        Mon, 27 Sep 2004 09:20:29 -0500
From: spamsender@aol.com
To: user\Subject: Test
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
        u22.atmosenergy.com
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=101.2 required=5.0
tests=ALL_TRUSTED,MISSING_DATE,
        MISSING_SUBJECT,NO_REAL_NAME,TO_MALFORMED,USER_IN_BLACKLIST
        autolearn=no version=3.0.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_415821AD.24225098"

This is a multi-part message in MIME format.

This is the log from the MailScanner. It does not appear to be using the
SQL to get userprefs.

# maillog
Sep 27 09:18:03 u22 MailScanner[4790]: Spam Checks: Starting Sep 27
09:18:03 u22 MailScanner[4790]: Spam Checks completed at 851 bytes per
second Sep 27 09:18:03 u22 MailScanner[4790]: Virus and Content
Scanning: Starting Sep 27 09:18:04 u22 MailScanner[4790]: Content
Checks: Need to convert HTML to plain text in 1 messages Sep 27 09:18:04
u22 MailScanner[4790]: Virus Scanning completed at 851 bytes per second
Sep 27 09:18:04 u22 MailScanner[4790]: Uninfected: Delivered 1 messages
Sep 27 09:18:04 u22 MailScanner[4790]: Virus Processing completed at 851
bytes per second Sep 27 09:18:04 u22 MailScanner[4790]: Disinfection
completed at 851 bytes per second Sep 27 09:18:04 u22 MailScanner[4790]:
Batch completed at 851 bytes per second (851 / 1) Sep 27 09:18:04 u22
sendmail[4805]: i8REHxmB004791: to=chris.jones@atmosenergy.com,
delay=00:00:05, xdelay=00:00:00, mailer=relay, pri=120347,
relay=mail.atmosenergy.com. [0.0.0.0], dsn=2.0.0, stat=Sent
(i8RED2k0027140 Message accepted for delivery)

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Edmond Yeoh
Sent: Sunday, September 26, 2004 4:54 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: SpamAssassin SQL User Preferences


Hi everyone,

I am re-sending this email as my initial email was rejected by the list
server. My apologies if you are getting 2 copies of this email.

I would like to ask if anyone have managed to load user-based spam rules
from a mysql database.

I have did the following in the configuration file, but it does not
work.

 user_scores_dsn                       DBI:mysql:spam:localhost
 user_scores_sql_username        spam
 user_scores_sql_password        pass
 user_scores_sql_table               userpref

>From my research so far, I found out that MailScanner's use of
spamassassin does not use the spamc / spamd but calls the perl function
library directly. Is there a way I can do this without running spamc or
spamd ? What is the best way to workaround this issue?

Any kind of help / comments would be greatly appreciated. Thanks!

Regards,
Edmond Yeoh

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 17:23:32 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: SpamAssassin SQL User Preferences
Message-ID: <mailman.2592.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:17 27/09/2004, you wrote:
>I have configured the auto white list based on spamassassin sql querry
>to work as expected. So it seems that the sql functionality is working
>just not userprefs. I have also upgraded to MailScanner-4.34.6-1
>
>Sep 27 11:14:56 dfw1wu22 MailScanner[9276]: Message i8RGEqr8009293 from
>172.16.6.199 (spamsender@aol.com) to u22.atmosenergy.com is spam,
>SpamAssassin (score=216.179, required 5, ALL_TRUSTED -2.82, AWL 218.82,
>NO_REAL_NAME 0.18)

MailScanner always calls SpamAssassin as the same user. It is impossible to
know the recipient's username until a message is being delivered, which is
long after MailScanner has worked on the message.

The common SpamAssassin settings that people want to tweak per-user or
per-domain are settable in MailScanner using rulesets, such as the per-user
score thresholds and white/black lists among others.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 17:33:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: MailScanner book came today
Message-ID: <mailman.2593.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:16 27/09/2004, you wrote:
>Julian Field wrote:
>| All down to a bug in Word, would you believe it. If you create the
>index in
>| normal/page view, it wraps the text differently from when in Print
>Preview.
>| So the page numbers come out all wrong.
>| Really sorry about this.
>| Corrected index is attached.
>I do believe Cafe Press prints on demand, so hopefully new copies will
>be correct after Julian uploads a corrected source.

Correct. I uploaded corrected source as soon as I heard about the problem.
I have also posted the corrected index to this list (once on its own and
once with the Contents pages).
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From yoloits at ycoe.org  Mon Sep 27 18:12:29 2004
From: yoloits at ycoe.org (Jay Ehrhart)
Date: Thu Jan 12 21:27:01 2006
Subject: Separating the attachments
Message-ID: <mailman.2594.1137101221.24926.mailscanner@lists.mailscanner.info>

I have attachments that exceed my size limit to be quarantined.  When it is
quarantined the email header, etc are included with the attachment and saved
as message.

How can I have the attachment quarantined without including the email
header?



Thanks,



Jay

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 18:50:22 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Separating the attachments
Message-ID: <mailman.2595.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:12 27/09/2004, you wrote:
>I have attachments that exceed my size limit to be quarantined.  When it is
>quarantined the email header, etc are included with the attachment and saved
>as message.
>
>How can I have the attachment quarantined without including the email
>header?

Set
Quarantine Whole Message = no
and it will just store the attachments.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELKNET.NET  Mon Sep 27 19:09:29 2004
From: mailscanner at ELKNET.NET (Alan)
Date: Thu Jan 12 21:27:01 2006
Subject: Parser.pm error since upgrade to SA 3
Message-ID: <mailman.2596.1137101221.24926.mailscanner@lists.mailscanner.info>

On Mon, 27 Sep 2004 16:54:14 +0100, Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

Thanks!
It was my 'use_auto_whitelist no' line. Changed the 'no' to a '0' and the
error went away.

>grep for 'no' in your SpamAssassin configuration files. You will have a
>"no" when you should have a "0".

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent.bolin at gmail.com  Mon Sep 27 20:01:27 2004
From: brent.bolin at gmail.com (BB)
Date: Thu Jan 12 21:27:01 2006
Subject: Running Mailscanner in a correct configuration
Message-ID: <mailman.2597.1137101221.24926.mailscanner@lists.mailscanner.info>

Trying to setup mailscanner and mailwatch in a correct configuration.
Would like to see reports for both spam and virus alerts.

Previously I was only able to setup av using it as a sendmail+milter .
Also previously used Vexira.  Trying to do this now with AntiVir
since its in the FreeBSD ports tree.  Its basically the same product.

I can configure mailscanner with this option in the config file -

Virus Scanners = antivir

Can start mailscanner with no errors shown in /var/log/maillog

Modified f-prot line in fuctions.php to antivir so mailwatch wouldn't complain.

I have hundreds of infected files from the vexira install at work.
Scp these to the

mailscanner/mailwatch system I'm trying to setup.  Mailscanner never
picks up infected files.

I can run antivir from the command line and it works fine.

/tmp/tmp/df-63198-5B08CC27
 Date: 23.08.2004  Time: 09:52:45  Size: 24865
 ALERT: [Worm/Netsky.D.Dam worm] /tmp/tmp/df-63198-5B08CC27 -->
my_details.pif <<< Contains signature of the worm Worm/Netsky.D.Dam

Here is the configuration  virus.scanners.conf -

antivir         /usr/local/libexec/MailScanner/antivir-wrapper
/usr/local/AntiVir

I can run the wrapper script from the command line -

/usr/local/libexec/MailScanner/antivir-wrapper /usr/local/AntiVir /tmp/tmp/*

It does pick some up, but no where near when I run it something like this -

/usr/local/AntiVir/antivir /tmp/tmp/*
or
/usr/local/AntiVir/antivir --scan-in-mbox /tmp/tmp/*

Here is the directory that antivir is in -

/usr/local/AntiVir/antivir

These are the default install directories on FreeBSD.

Help, what am I missing ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 20:12:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Running Mailscanner in a correct configuration
Message-ID: <mailman.2598.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
MailScanner doesn't scan the raw df files, it extracts the attachments
first and then scans the attachments.

At 20:01 27/09/2004, you wrote:
>I can configure mailscanner with this option in the config file -
>
>Virus Scanners = antivir
>
>Can start mailscanner with no errors shown in /var/log/maillog
>
>I have hundreds of infected files from the vexira install at work.
>Scp these to the
>
>mailscanner/mailwatch system I'm trying to setup.  Mailscanner never
>picks up infected files.

What format were they in? If you are copying them into an incoming queue,
they need to be raw queue files.

>I can run antivir from the command line and it works fine.
>
>/tmp/tmp/df-63198-5B08CC27

What MTA are you using? That doesn't look like a valid sendmail queue
filename to me.

>  Date: 23.08.2004  Time: 09:52:45  Size: 24865
>  ALERT: [Worm/Netsky.D.Dam worm] /tmp/tmp/df-63198-5B08CC27 -->
>my_details.pif <<< Contains signature of the worm Worm/Netsky.D.Dam
>
>Here is the configuration  virus.scanners.conf -
>
>antivir         /usr/local/libexec/MailScanner/antivir-wrapper
>/usr/local/AntiVir
>
>I can run the wrapper script from the command line -
>
>/usr/local/libexec/MailScanner/antivir-wrapper /usr/local/AntiVir /tmp/tmp/*
>
>It does pick some up, but no where near when I run it something like this -
>
>/usr/local/AntiVir/antivir /tmp/tmp/*
>or
>/usr/local/AntiVir/antivir --scan-in-mbox /tmp/tmp/*
>
>Here is the directory that antivir is in -
>
>/usr/local/AntiVir/antivir

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kwang at UCALGARY.CA  Mon Sep 27 20:30:20 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:27:01 2006
Subject: uvscan does not go away
Message-ID: <mailman.2599.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

I found recently that there are some McAfee uvscan process chewing the mail
server cpu. MailScanner was the one that started the process. The directory,
which MailScanner started the process, disappeared already. But the uvscan
process just does not go.


[root@smtp2 root]# top

 13:21:14  up 80 days, 19:21,  2 users,  load average: 4.73, 4.02, 3.58
70 processes: 61 sleeping, 9 running, 0 zombie, 0 stopped
CPU states:  cpu    user    nice  system    irq  softirq  iowait    idle
           total   87.6%    0.0%   11.8%   0.0%     0.2%    0.4%    0.0%
Mem:  2064736k av, 2049120k used,   15616k free,       0k shrd,   34520k
buff
                   1527848k actv,  297596k in_d,   34784k in_c
Swap: 2048248k av,   27644k used, 2020604k free                 1811092k
cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
 7747 root      25   0  7488 6440  2008 R    24.2  0.3  56:41   0 uvscan
26478 root      18   0 17804  15M  2060 R    22.8  0.7   6:11   0
MailScanner
26375 root      24   0 17792  15M  2060 S    12.2  0.7   6:36   0
MailScanner
26522 root      20   0 17808  15M  2060 S     6.0  0.7   6:37   0
MailScanner
26421 root      18   0 17856  15M  2060 S     2.6  0.7   6:48   0
MailScanner
26456 root      17   0 17856  15M  2060 S     2.6  0.7   6:47   0
MailScanner
18491 root      21   0  4104 3996  2872 S     0.8  0.1   0:00   0 sendmail
18498 root      21   0  3776 3648  2576 R     0.4  0.1   0:00   0 sendmail
18495 root      21   0  2960 2760  2080 R     0.2  0.1   0:00   0 sendmail
18497 root      17   0  3132 2972  2088 R     0.2  0.1   0:00   0 sendmail
    1 root      23   0   504  476   448 S     0.0  0.0   0:49   0 init

[root@smtp2 root]# ps eaxf | grep uvscan
 7747 ?        R     58:44 /usr/local/uvscan/uvscan -d /usr/local/uvscan
--recursive --ignore-links --analyze --mime --secure --noboot .
TERM=dumb LD_LIBRARY_PATH=/usr/local/uvscan
PATH=/sbin:/bin:/usr/sbin:/usr/bin
PWD=/var/spool/MailScanner/incoming/7090 LANG=en_US.iso885915 SHLVL=3

[root@smtp2 root]# ls -l /var/spool/MailScanner/incoming/7090
ls: /var/spool/MailScanner/incoming/7090: No such file or directory


Kai Wang

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Mon Sep 27 20:39:26 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:27:01 2006
Subject: uvscan does not go away
Message-ID: <mailman.2600.1137101221.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Wang wrote:

> Hi,
>
> I found recently that there are some McAfee uvscan process chewing the 
> mail
> server cpu. MailScanner was the one that started the process. The 
> directory,
> which MailScanner started the process, disappeared already. But the 
> uvscan
> process just does not go.
>

Kai,

It usually happens when I reload MS while MS is virus scanning some 
email.  The uvscan just stays there and consumes CPU.

I call the included script in root's crontab:
0-59/5 * * * * /usr/local/bin/killOldUvscan

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2: "Attached Text" ]

#!/usr/bin/perl -w
#
# Script to kill old uvscan processes that are hung.
#
# $Id: killOldUvscan,v 1.4 2004/04/26 20:09:39 bead2306 Exp $
#
# $Log: killOldUvscan,v $
# Revision 1.4  2004/04/26 20:09:39  bead2306
# Added safety for beginning of the day (near midnight).
#
# Revision 1.3  2004/03/17 18:39:18  bead2306
# Added output when a process is terminated.
#
# Revision 1.2  2004/03/17 02:08:44  bead2306
# Added code to be more verbose.
#
# Revision 1.1  2004/03/17 01:08:06  bead2306
# Initial release.
#

my $optDebug = 0;
my $PROCESS = "uvscan";
my $MAX_AGE = 10; # minutes
#my $MAX_AGE = 2; # minutes
my $MIN_AGE = 20 ; # minutes

my $ps = `/bin/ps -efww | grep $PROCESS | grep -v grep`;

foreach my $process ( split( '\n', $ps ) ){
    print "Process: $process\n" if ( $optDebug );
    my $time = ( split( '\s+', $process ) )[4];
    my $currentTime = now();
    if ( $time =~ /^(\d+):(\d+)$/ ){
        my $minutes = $1 * 60 + $2;
        if ( $currentTime - $minutes > $MAX_AGE ){
            # Bingo!
            killProcess( $process );
        } elsif ( ($currentTime < $minutes) && ( ($currentTime + 24 * 60) - $minutes > $MAX_AGE) ){
            # Bingo!
            killProcess( $process );
        } else {
            # Have to wait a little more...
            print "-- Current: $currentTime, Time: $minutes, $MAX_AGE\n" if ( $optDebug );
        }
    } elsif ( $time =~ /^[A-Z][a-z]{2}\d{2}$/ ){
        # Bingo! time is so old it is now a date!
        killProcess( $process ) if ( $currentTime > $MIN_AGE );
    } else {
        print "Should not happen! $time\n" if ( $optDebug );
    }
}

sub killProcess{
    my( $ps ) = @_;

    $ps =~ /^\w+\s+(\d+)\s+/;
    if ( defined( $1 ) ){
        my $process = $1;
        print "kill $ps\n";
        return kill 15, $process;
        #system( "/bin/kill $process" );
    } else {
        print "No process ID: $ps\n";
        return 0;
    }
}

sub now{
    my( $sec, $min, $hour, $mday, $month, $year ) = localtime( );

    return $hour * 60 + $min;
}

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rdvieira at IMPACTOOLS.COM  Mon Sep 27 20:40:33 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:27:01 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2601.1137101221.24926.mailscanner@lists.mailscanner.info>

Hello all,

I configured MailScanner in my server to deny all the executable files.
However, there are 2 specific executable files those are send and received
between our client and us.
My question is: Is it possible in MailScanner to allow only these 2 specific
executable files and to continue denying all the others?

Thanks for any help!

Renata D. Vieira
Support Analyst
Impactools - The wise solution that fits.
www.impactools.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ssilva at SGVWATER.COM  Mon Sep 27 20:46:15 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:27:01 2006
Subject: uvscan does not go away
Message-ID: <mailman.2602.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First question:
Is your mcafee engine up to date?
It should be at 4.3.20

| Hi,
|
| I found recently that there are some McAfee uvscan process chewing the
mail
| server cpu. MailScanner was the one that started the process. The
| directory,
| which MailScanner started the process, disappeared already. But the uvscan
| process just does not go.
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBWG4HRADw9lziUqQRAhmcAJ9YGdjDFNZnE46CF3RZ/dyLI3LVjwCdH1aw
cNY7uNTyrn8RWsjMYbB9kYc=
=j/wG
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Mon Sep 27 21:07:57 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:01 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2603.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Renata D. Vieira wrote:

>Hello all,
>
>I configured MailScanner in my server to deny all the executable files.
>However, there are 2 specific executable files those are send and received
>between our client and us.
>My question is: Is it possible in MailScanner to allow only these 2 specific
>executable files and to continue denying all the others?
>
Hi Renata,

It depends on if they are being blocked by the filename.rules.conf file
or the filetype.rules.conf file.

I'll give the example for filetype.rules.conf and you can apply it to
the other if needed:

1.  Create a copy of filetype.rules.conf and rename it to something like
filetype.rules.allow.conf.  In that file, comment the "deny executable" line

2.  In MailScanner.conf, create a ruleset for "Filetype Rules =", e.g.:

    Filetype Rules = %rules-dir%/Filetype.rules

3.  In %rules-dir%/Filetype.rules, point the From address of the people
who need to send the executables to the filetype.rules.allow.conf file
and point FromOrTo: default to the original filetype.rules.conf

Just be aware that if they are infected with a new, undefined virus, you
won't be able to stop it from them.

See also the thread "Double filename/extension query" from September
21.  Same question answered there.
Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kwang at UCALGARY.CA  Mon Sep 27 21:08:57 2004
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:27:01 2006
Subject: uvscan does not go away
Message-ID: <mailman.2604.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, it is 4.3.20.  I believe it is the MailScanner reloading that
caused the problem.

Thanks both Denis and Scott
Kai

Scott Silva wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> First question:
> Is your mcafee engine up to date?
> It should be at 4.3.20
>
> | Hi,
> |
> | I found recently that there are some McAfee uvscan process chewing the
> mail
> | server cpu. MailScanner was the one that started the process. The
> | directory,
> | which MailScanner started the process, disappeared already. But the
> uvscan
> | process just does not go.
> |
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBWG4HRADw9lziUqQRAhmcAJ9YGdjDFNZnE46CF3RZ/dyLI3LVjwCdH1aw
> cNY7uNTyrn8RWsjMYbB9kYc=
> =j/wG
> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Mon Sep 27 21:11:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2605.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 20:40 27/09/2004, you wrote:
>I configured MailScanner in my server to deny all the executable files.
>However, there are 2 specific executable files those are send and received
>between our client and us.
>My question is: Is it possible in MailScanner to allow only these 2 specific
>executable files and to continue denying all the others?

If you are denying executables by content with the filetype.rules.conf,
then the only way you can allow these two is to write "magic" (see man
magic) detection patterns for them so that the file command reports them as
special file types. Then you can add "allow" rules to filetype.rules.conf
that lets through these 2 executables.

You basically just need to find special strings in the two programs. Does
the application name appear at some particular offset into the file?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Mon Sep 27 21:13:20 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:27:01 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2606.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 03:40 PM 9/27/2004, Renata D. Vieira wrote:
>I configured MailScanner in my server to deny all the executable files.
>However, there are 2 specific executable files those are send and received
>between our client and us.
>My question is: Is it possible in MailScanner to allow only these 2 specific
>executable files and to continue denying all the others?

Yes. Add an allow rule near the top of filename.rules.conf, before the deny
rule for all .exe files.

allow   file1\.exe$     -       -
allow   file2\.exe$     -       -

deny   \.exe$          Windows/DOS
Executable
Executable DOS/Windows programs are dangerous in email

Note: make sure to use tabs not spaces between fields.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Mon Sep 27 21:17:19 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:01 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2607.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Okay, I am tired today.  This is the easier solution, especially whey
they are specifically named!

Dustin

Matt Kettler wrote:

> Yes. Add an allow rule near the top of filename.rules.conf, before the
> deny
> rule for all .exe files.
>
> allow   file1\.exe$     -       -
> allow   file2\.exe$     -       -
>
> deny   \.exe$          Windows/DOS
> Executable
> Executable DOS/Windows programs are dangerous in email

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ebruce at HPMICH.COM  Mon Sep 27 22:17:28 2004
From: ebruce at HPMICH.COM (No Name)
Date: Thu Jan 12 21:27:01 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2608.1137101221.24926.mailscanner@lists.mailscanner.info>

I have a similiar problem. I attempted to setup a ruleset, but no matter what
I do it doesn't work. I've first tried:

From: user@allowed.com and To: local_user@ourdomain.com yes
FromOrTo: default no

Then:

From: user@allowed.com yes
FromOrTo: default no

All emails with attached encrypted zip files get marked as containing a
virus. I reversed the order, still didn't work. I tried:

From: local_user@ourdomain.com yes
FromOrTo: default no

To see if we can even send an encrypted zip file. Still didn't work. I also
tried:

From: *@ourdomain.com yes
FromOrTo: default no

That didn't work. I'm feeling really stupid.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Mon Sep 27 22:36:54 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:01 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2609.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
No Name wrote:
> I have a similiar problem. I attempted to setup a ruleset, but no matter what
> I do it doesn't work. I've first tried:

Some virus scanners mark encrypted files as viruses since they can't be
scanned. What's the output of the scanner? I use your first example and
it works just fine for me so I doubt MS is the problem.

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From kevins at BMRB.CO.UK  Mon Sep 27 22:55:53 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:01 2006
Subject: Feature suggestion for rulesets...
Message-ID: <mailman.2610.1137101221.24926.mailscanner@lists.mailscanner.info>

Not sure how practical this may be but...

How about allowing the left hand side in a ruleset to be a filename (or
even better a regualr expression to be applied to a filename).  There
seem to be fairly frequent requests to make exceptions for certain
files, this is easy with filename.rules, but not with filetype rules,
archive unpacking, encrypted archives and other similar settings.  If
you could apply these settings based on filename it would be fairly easy
to make exceptions for specifically named files.





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greyhair at GREYHAIR.NET  Tue Sep 28 05:26:27 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:27:01 2006
Subject: Mailscanner and SQL based configurations?
Message-ID: <mailman.2611.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi.

   I looked thru the archives and found

  *Item #12888 (9 Jun 2003 19:35) - Re: SQL user options*.

And was wondering if there was any further development on a method 
of SQL'izing MailScanner configuration and rules?  I think it would 
be a nice feature if updates could be made "on the fly".
   Being a very low end user...  I also don^Òt know (but would like 
to know) the disadvantages of using a data base server with an email 
server. Would it kill you "140k emails a day" system administers?

greyhair

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From f.rotondo at TESEO.IT  Tue Sep 28 08:44:11 2004
From: f.rotondo at TESEO.IT (Francesco Rotondo)
Date: Thu Jan 12 21:27:01 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2612.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17.48 27/09/2004, you wrote:

> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer
> > Sent: Monday, September 27, 2004 7:17 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Bitdefender probs - some questions
> >
> > I've not yet heard anything from bitdefender support and it
> > would appear that bdc --vlist is still broken.
> >
>I have run a test and yes it is still broken.

Hi,
I tried this morning and it seems that is working again. The last 4 plugins
have been updated last night.

Regards.


+----------------------------------------------------------+
| Dr. Francesco Rotondo         E-mail: f.rotondo@teseo.it |
+----------------------------------------------------------+
| Teseo Internet Provider, Srl                             |
| C.so A. De Gasperi, 344       Web: http://www.teseo.it   |
| 70125 - Bari                  Tel: +39(080)5036970       |
| Italy                         Fax: +39(080)5008672       |
+----------------------------------------------------------+

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 08:55:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Feature suggestion for rulesets...
Message-ID: <mailman.2613.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 22:55 27/09/2004, you wrote:
>Not sure how practical this may be but...
>
>How about allowing the left hand side in a ruleset to be a filename (or
>even better a regualr expression to be applied to a filename).  There
>seem to be fairly frequent requests to make exceptions for certain
>files, this is easy with filename.rules, but not with filetype rules,
>archive unpacking, encrypted archives and other similar settings.  If
>you could apply these settings based on filename it would be fairly easy
>to make exceptions for specifically named files.

I don't quite get what you want. You can already do rules like
From:   /path/to/filename       yes
where the /path/to/filename contains a list of address patterns, or
anything else that goes in the middle of a rule.
Or do you want to say
"Don't check for encrypted archives if the attachment is called
'somethingmagic.zip'"
?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 08:55:49 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:01 2006
Subject: Mailscanner and SQL based configurations?
Message-ID: <mailman.2614.1137101221.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This can all be done using LDAP. Search the archives for ldif and you'll
probably find one of the threads that discussed this.

At 05:26 28/09/2004, you wrote:
>Hi.
>
>   I looked thru the archives and found
>
>  *Item #12888 (9 Jun 2003 19:35) - Re: SQL user options*.
>
>And was wondering if there was any further development on a method of
>SQL'izing MailScanner configuration and rules?  I think it would be a nice
>feature if updates could be made "on the fly".
>   Being a very low end user...  I also don't know (but would like to
> know) the disadvantages of using a data base server with an email server.
> Would it kill you "140k emails a day" system administers?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 09:14:05 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2615.1137101221.24926.mailscanner@lists.mailscanner.info>

 

-----Original Message-----
From: Francesco Rotondo [mailto:f.rotondo@TESEO.IT] 
>I tried this morning and it seems that is working again. The last 4
plugins have been 
> updated last night.

I'm seeing that too, although I've had no response yet to my email.
Hopefully they'll work something into the next release to prevent dodgy
sig files/ plugins causing problems like this in future.





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kfliong at WOFS.COM  Tue Sep 28 09:17:14 2004
From: kfliong at WOFS.COM (kfliong)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2616.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi all,

As you know, i was having "joe-job" attack yesterday. I have since fixed it
by adding the script provided by Steve to sendmail.cf file.

I now want to refine script by allowing only mails sent to valid users.
Those mails send to invalid users currently goes to catchall account. And I
have configured catchall to go to /dev/null. But this is not good enough as
these mails are still keep in queues and then processed by mailscanner. Is
there a way to drop these mails directly from MTA level?

I have looked in the link in mailscanner.info that teaches how to check for
valid users but that uses windows active directory users. I am using ensim
pro on the same box with sendmail. Any solution to this?

Thanks in advance.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 09:35:36 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2617.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=001161408-28092004>Looks like the first 
jpeg virus has hit.&nbsp; Theres a discussion going on on Slashdot right 
now.&nbsp; Easynews found it in a couple of usenet posts.&nbsp; See here for 
their analysis....</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=001161408-28092004><A 
href="http://www.easynews.com/virus.html">http://www.easynews.com/virus.html</A></SPAN></FONT></DIV></BODY><br />
<br />
<br />BMRB International 
<br /><a href="http://www.bmrb.co.uk">http://www.bmrb.co.uk</a>
<br />+44 (0)20 8566 5000
<br />
<br />This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material.  If you have received this in error, please contact the sender and delete this message immediately.  Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited.  BMRB International Limited accept no liability in relation to any personal emails, or content of any email which does not directly relate to our business.
<br />
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 09:39:04 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: Feature suggestion for rulesets...
Message-ID: <mailman.2618.1137101222.24926.mailscanner@lists.mailscanner.info>

> Or do you want to say
> "Don't check for encrypted archives if the attachment is called
'somethingmagic.zip'"

Yes, that's pretty much what I was getting at.  E.g.

Attachment: somethingmagic.zip  no
FromorTo: default                               yes

In much the same way as you can do a similar thing with virus names.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Andreas.Doerfler at KEMPTEN.DE  Tue Sep 28 09:40:57 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:27:02 2006
Subject: AW: JPEG Virus
Message-ID: <mailman.2619.1137101222.24926.mailscanner@lists.mailscanner.info>

theres are a construction kit for jpg viruses
funny tool

more will come, but its a problem of m$ and
antivirus programmers


ASCII ribbon campaign ( )
 - against HTML email  X
             & vCards / \


-----Ursprüngliche Nachricht-----
Von: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] 
Gesendet: Dienstag, 28. September 2004 10:36
An: MAILSCANNER@JISCMAIL.AC.UK
Betreff: JPEG Virus


Looks like the first jpeg virus has hit.  Theres a discussion going on on
Slashdot right now.  Easynews found it in a couple of usenet posts.  See
here for their analysis....
http://www.easynews.com/virus.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From G.Pentland at SOTON.AC.UK  Tue Sep 28 09:58:40 2004
From: G.Pentland at SOTON.AC.UK (Pentland G.)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2620.1137101222.24926.mailscanner@lists.mailscanner.info>

I may be slightly off the mark here but...

In the ruleset SLocal_check_rcpt you need something like...

R$*                     $: $>3 $1
R$* < @ $=w . > $*      $@ $>user_unknown $1                    # Is in
@ class=w do passwd lookup

Suser_unknown
R$*                     $: $>3 $1
R$* <@ $+ > $*          $: $1                                   # Dicard
host part of address
R$+                     $: $(diskalias $1 $: $1 $)              # call
diskalias for stuff with a . in
R$+ @ $*                $: $>check_rcpt $1 @ $2 .               # If
diskalias returns a full email address, jump through loop again
RRELAY                  $#RELAY
R$+                     $: $(usermap $1 $: notfound $)          # call
passwd lookup for whats left
Rnotfound                       $#error $@ 5.1.3 $: "User does not exist
at this site"

Where usermap is a file with all of your users in...

Kusermap hash -T<TMPF> /etc/mail/usermap

and diskalias can be replaced with NIS etc. alias maps...

This will not accept and hence not queue mails eg...

Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mailscan1.iss.soton.ac.uk ESMTP Sendmail 8.12.10/8.12.10; Tue, 28
Sep 2004 09:54:24 +0100
ehlo local
250-mailscan1.iss.soton.ac.uk Hello localhost.localdomain [127.0.0.1],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250-DSN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
mail from:postmaster@soton.ac.uk
250 2.1.0 postmaster@soton.ac.uk... Sender ok
rcpt to:fake_bloke@soton.ac.uk
553 5.3.0 fake_bloke@soton.ac.uk... User does not exist at this site

Then a script like...

#!/bin/sh
UNIQID=tmp.$$
ypcat passwd | awk -F: '{print $1i"\t"$1}' > /etc/mail/usermap.${UNIQID}
2>/dev/null
if [ -s /etc/mail/usermap.${UNIQID} ] ; then
        cp /etc/mail/usermap.${UNIQID} /etc/mail/generatingusermap
        (cd /etc/mail && makemap -C /etc/mail/sendmail.cf hash
generatingusermap < generatingusermap)
        mv /etc/mail/generatingusermap.db /etc/mail/usermap.db
        mv /etc/mail/generatingusermap /etc/mail/usermap
fi
rm -f /etc/mail/usermap.${UNIQID}

Which is a bit clunky so can probably be improved... but does mv files
into place rather than making then in place so sendmail has a far
smaller time where the file is not there (or complete).

This is a simplified version of what we use here but do remember to test
this thoroughly before you use it! I haven't checked this will work!

Hope that is of some use.

Gary

kfliong wrote:
> Hi all,
> 
> As you know, i was having "joe-job" attack yesterday. I have since
> fixed it by adding the script provided by Steve to sendmail.cf file. 
> 
> I now want to refine script by allowing only mails sent to valid
> users. Those mails send to invalid users currently goes to catchall
> account. And I have configured catchall to go to /dev/null. But this
> is not good enough as these mails are still keep in queues and then
> processed by mailscanner. Is there a way to drop these mails directly
> from MTA level?     
> 
> I have looked in the link in mailscanner.info that teaches how to
> check for valid users but that uses windows active directory users. I
> am using ensim pro on the same box with sendmail. Any solution to
> this?   
> 
> Thanks in advance.
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email. Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).    

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From David.While at UCE.AC.UK  Tue Sep 28 10:23:29 2004
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:27:02 2006
Subject: EXIM logs
Message-ID: <mailman.2621.1137101222.24926.mailscanner@lists.mailscanner.info>

Hi

Could someone who is using Exim provide me with a sample of the log
entries so that I can incorporate Exim support into Vispan?

Please contact me off list.

Thanks

--------------------------------------------
David While BSc CEng MBCS CITP
Technical Development Manager
School of Computing & Information
University of Central England
Tel: 0121 331 6211
--------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 11:23:14 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2622.1137101222.24926.mailscanner@lists.mailscanner.info>

Just to confirm this is now fixed, I've had an email from bitdefender
with the following verbose explanation....


>Dear Kevin Spicer,

>The issue was solved. Please run bdc --update.

>We are looking forward to your reply.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From michele at BLACKNIGHTSOLUTIONS.COM  Tue Sep 28 11:29:21 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:02 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2623.1137101222.24926.mailscanner@lists.mailscanner.info>

> Just to confirm this is now fixed, I've had an email from
> bitdefender with the following verbose explanation....

So can we remove the hack? Or what do we do?


>
>> Dear Kevin Spicer,
>> The issue was solved. Please run bdc --update.
>> We are looking forward to your reply.
>
Lovely! Almost as bad as Panda

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From f.rotondo at TESEO.IT  Tue Sep 28 12:01:16 2004
From: f.rotondo at TESEO.IT (Francesco Rotondo)
Date: Thu Jan 12 21:27:02 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2624.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12.29 28/09/2004, you wrote:
> > Just to confirm this is now fixed, I've had an email from
> > bitdefender with the following verbose explanation....
>
>So can we remove the hack? Or what do we do?

I already removed it, but I think it can be kept as the commented part just
writes the virus list to a file.


+----------------------------------------------------------+
| Dr. Francesco Rotondo         E-mail: f.rotondo@teseo.it |
+----------------------------------------------------------+
| Teseo Internet Provider, Srl                             |
| C.so A. De Gasperi, 344       Web: http://www.teseo.it   |
| 70125 - Bari                  Tel: +39(080)5036970       |
| Italy                         Fax: +39(080)5008672       |
+----------------------------------------------------------+

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Q.G.Campbell at NEWCASTLE.AC.UK  Tue Sep 28 12:08:16 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:02 2006
Subject: MS04-028 trojan - a customer written A-V engine
Message-ID: <mailman.2625.1137101222.24926.mailscanner@lists.mailscanner.info>

Julian

In spite of having up to date Sophos and McAfee virus scan engines and
data files they both failed to detect what is supposed to be an example
of the MS04-028 JPEG exploit.

A number of Perl scripts are now available which _will_ detect the
exploit, or at least the example we have. How can we use these scripts
in MailScanner?

One suggestion made by a colleague here is for you to provide an
interface in MS to a GENERIC anti-virus engine. Your MS interface would
specify the strings/codes to be returned by this engine and the method
of return. 

You would publish details of this interface. As far as MS is concerned
it would be just another A-V engine that it can use.  

Sites could then write their own Perl script that conform to this
interface and have the script used by MS by adding the "GENERIC" engine
to the list in "MailScanner.conf" of the A-V engines to be used by
MailScanner.

In our case the GENERIC A-V engine would implement one of the publicly
available Perl scripts that can detect the JPEG trojan.

Being able to quickly respond ourselves to known virus/worm/trojan
threats would be of significant benefit. Has implementing a "custom
anti-virus" engines been suggested before?

PS. Why can't we simply block JPEGs using an existing MS mechanism? Well
it is more likely that a JPEG carrying this exploit will be embedded in
Word docs and other file types rather than appear as a JPEG attachment
to a message. 

Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 12:23:33 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: MS04-028 trojan - a customer written A-V engine
Message-ID: <mailman.2626.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
1. Please can you send me a copy of the perl script that can detect it, I
would really like a copy to build into my own system.

2. Building a generic interface should be dead easy, it will be very like
the clamavmodule interface. I'm just about to go to lunch, after which I
have a champagne reception with our Vice-Chancellor (MailScanner
recognition :-) and I should be able to get onto this afterwards. I'll try
to avoid spilling champagne on the keyboard...
It shouldn't take me long to write, and the interface spec will be dead
simple. I'll just clone the clamavmodule or sophossavi code, and give you a
pair of generic "-wrapper" and "-autoupdate" scripts.

At 12:08 28/09/2004, you wrote:
>Julian
>
>In spite of having up to date Sophos and McAfee virus scan engines and
>data files they both failed to detect what is supposed to be an example
>of the MS04-028 JPEG exploit.
>
>A number of Perl scripts are now available which _will_ detect the
>exploit, or at least the example we have. How can we use these scripts
>in MailScanner?
>
>One suggestion made by a colleague here is for you to provide an
>interface in MS to a GENERIC anti-virus engine. Your MS interface would
>specify the strings/codes to be returned by this engine and the method
>of return.
>
>You would publish details of this interface. As far as MS is concerned
>it would be just another A-V engine that it can use.
>
>Sites could then write their own Perl script that conform to this
>interface and have the script used by MS by adding the "GENERIC" engine
>to the list in "MailScanner.conf" of the A-V engines to be used by
>MailScanner.
>
>In our case the GENERIC A-V engine would implement one of the publicly
>available Perl scripts that can detect the JPEG trojan.
>
>Being able to quickly respond ourselves to known virus/worm/trojan
>threats would be of significant benefit. Has implementing a "custom
>anti-virus" engines been suggested before?
>
>PS. Why can't we simply block JPEGs using an existing MS mechanism? Well
>it is more likely that a JPEG carrying this exploit will be embedded in
>Word docs and other file types rather than appear as a JPEG attachment
>to a message.
>
>Quentin
>---
>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                            University of Newcastle,
>                            Newcastle upon Tyne,
>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>------------------------------------------------------------------------
>"Any opinion expressed above is mine. The University can get its own."
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From john at TRADOC.FR  Tue Sep 28 12:25:35 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:27:02 2006
Subject: MS04-028 trojan - a customer written A-V engine
Message-ID: <mailman.2627.1137101222.24926.mailscanner@lists.mailscanner.info>

On Tue, 28 Sep 2004 12:08:16 +0100, Quentin Campbell wrote:
> PS. Why can't we simply block JPEGs using an existing MS mechanism? Well
> it is more likely that a JPEG carrying this exploit will be embedded in
> Word docs and other file types rather than appear as a JPEG attachment
> to a message. 

Indeed, anyone thinking of blocking jpeg attachments using existing
MailScanner methods should be advised that the Microsoft DLL involved
handles various graphic file formats, deciding which is which on the
fly, and that it is therefore possible to trigger the exploit using a
jpeg file renamed as .tif, .bmp or whatever...

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 12:41:06 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: Bitdefender probs - some questions
Message-ID: <mailman.2628.1137101222.24926.mailscanner@lists.mailscanner.info>

 

>So can we remove the hack? Or what do we do?

Yes, I removed it a couple of hours ago and no problems.

>
>> Dear Kevin Spicer,
>> The issue was solved. Please run bdc --update.
>> We are looking forward to your reply.
>
Lovely! Almost as bad as Panda

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Andreas.Doerfler at KEMPTEN.DE  Tue Sep 28 13:11:58 2004
From: Andreas.Doerfler at KEMPTEN.DE (DXrfler Andreas)
Date: Thu Jan 12 21:27:02 2006
Subject: AW: MS04-028 trojan - a customer written A-V engine
Message-ID: <mailman.2629.1137101222.24926.mailscanner@lists.mailscanner.info>

taken from clamav-list, its for amavis vs, hope it helps:

On Sep 27, 2004, at 23:06, Matthew Daubenspeck wrote:

> Will there be an updated signature for the new jpeg "virus" for the 
> 0.75
> series of ClamAV?

You don't say what virus your talking about...  try this... it goes in 
amavisd,conf in the av_scanner section... copy/paste/save and restart 
amavisd

This appears to be filtering out potentially dangerous JPG Images.
___________________________________________________

# ### http://www.daleenterprise.com/tools/
  ['Dale\'s jpeg-tester', sub {Amavis::AV::ask_av(sub{
        my($f)=@_; local(*FF,$_,$1,$2); my(@r)=(0,'not jpeg');
        open(FF,$f) or die "jpeg: open err $f: $!";
        binmode(FF) or die "jpeg: binmode err $f: $!";
        read(FF,$_,1000) or die "jpeg: read err $f: $!";
        if (/^\xff\xd8\xff\xe0/ && /\xff\xfe(..)/s) {
                my($len) = (unpack("n",$1))-2;
                @r = /\xff\xfe..([^\xff]{$len})\xff/s ? (0,"jpeg $f ok,
len=$len")
                : (1,"bad jpeg $f len=$len FOUND") }  # output message on
bad file
        close(FF) or die "jpeg: close err: $!"; @r}, @_) },
        ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ],

___________________________________________________


> -- 
>   Matthew Daubenspeck
>   http://www.oddprocess.org

> -----Ursprüngliche Nachricht-----
> Von: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] 
> Gesendet: Dienstag, 28. September 2004 13:24
> An: MAILSCANNER@JISCMAIL.AC.UK
> Betreff: Re: MS04-028 trojan - a customer written A-V engine
> 
> 
> 1. Please can you send me a copy of the perl script that can 
> detect it, I
> would really like a copy to build into my own system. 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ebruce at HPMICH.COM  Tue Sep 28 13:29:58 2004
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:27:02 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2630.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
With the following ruleset:

From: ebruce@hpmich.com yes
To: edwardbruce@sbcglobal.net yes
FromOrTo: default no

I get the following results when I send an encrypted zip file:

Sep 27 16:50:50 mail2 postfix/smtpd[11139]: B995330A88E: client=unknown[65.170.178.192]
Sep 27 16:50:50 mail2 postfix/cleanup[10856]: B995330A88E: message-id=<41587C93.5040402@hpmich.com>
Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E: from=<ebruce@hpmich.com>, size=371237, nrcpt=1 (queue active)
Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E: to=<edwardbruce@sbcglobal.net>, relay=none, delay=2, status=deferred (deferred transport)
Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED:: Encrypted.Zip:: ./B995330A88E/spring_wizardry.zip
Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED:: Encrypted.Zip:: ./B995330A88E/Copy of spring_wizardry.zip
Sep 27 16:50:57 mail2 MailScanner[10675]: Infected message B995330A88E came from 65.170.178.192
Sep 27 16:50:57 mail2 MailScanner[10675]: Saved entire message to /var/spool/MailScanner/quarantine/20040927/B995330A88E
Sep 27 16:50:57 mail2 MailScanner[10675]: Saved infected "spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
Sep 27 16:50:58 mail2 MailScanner[10675]: Saved infected "Copy of spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
Sep 27 16:50:58 mail2 MailScanner[10675]: Requeue: B995330A88E to A957037E49C



Peter Bonivart wrote:

> No Name wrote:
>
>> I have a similiar problem. I attempted to setup a ruleset, but no
>> matter what
>> I do it doesn't work. I've first tried:
>
>
> Some virus scanners mark encrypted files as viruses since they can't be
> scanned. What's the output of the scanner? I use your first example and
> it works just fine for me so I doubt MS is the problem.
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Ed Bruce
Health Plan of Michigan
Senior Programmer
Phone:  248.226.1512
FAX:    248.204.6569



--
This message, including any attachments, is intended solely for the use
of the named recipients(s) and may contain confidential and/or
privileged information. Any unauthorized review, use, disclosure or
distribution of this communication is expressly prohibited. If you are
not the intended recipient, please contact the sender by reply e-mail
and destroy any and all copies of the original message.

Thank you for your cooperation.

--
This message has been scanned for viruses and dangerous content by
Secure Resource, and is believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Tue Sep 28 14:17:54 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2631.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
kfliong wrote:

> Hi all,
>
> As you know, i was having "joe-job" attack yesterday. I have since
> fixed it
> by adding the script provided by Steve to sendmail.cf file.
>
> I now want to refine script by allowing only mails sent to valid users.
> Those mails send to invalid users currently goes to catchall account.
> And I
> have configured catchall to go to /dev/null. But this is not good
> enough as
> these mails are still keep in queues and then processed by
> mailscanner. Is
> there a way to drop these mails directly from MTA level?

I've used Sendmail for several years and have never had to deal with
this.  Sendmail doesn't accept mail by default for people not listed in
its aliases, or virtusertable files.

The comp.mail.sendmail newsgroup would be a good place for your question.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Tue Sep 28 14:54:13 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2632.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

   Just got that.  Is there a way we can implement this in MailScanner
to  avoid overloading the same server?


Dear ClamAV users,

This release candidate eliminates possible false positive alerts in
UPX/FSG compressed files and clarifies behaviour of default actions
in clamd and freshclam.

We encourage users to take advantage of our new mirror structure. In
order to download the database from the closest mirror you should configure
freshclam to use db.XY.clamav.net where XY is your country code (see
http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
the following lines to freshclam.conf:

     DNSDatabaseInfo current.cvd.clamav.net
     DatabaseMirror db.XY.clamav.net
     DatabaseMirror database.clamav.net

DNSDatabaseInfo enables database and software version verification
through DNS TXT records, and the second database mirror acts as a
fallback in
case a connection to the first mirror fails for some reason.


--
The ClamAV team (http://www.clamav.net/team.html)

--
Luca Gibelli (luca@clamav.net) - http://www.ClamAV.net - A GPL virus scanner
PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87  D802 6277 8FF4 5EFC 5582
PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 14:56:47 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2633.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
In which case ClamAV is detecting it as a virus, so the
"Allow Password-Protected Archives" setting won't have any effect, as it is
over-ridden by ClamAV.

At 13:29 28/09/2004, you wrote:
>With the following ruleset:
>
>From: ebruce@hpmich.com yes
>To: edwardbruce@sbcglobal.net yes
>FromOrTo: default no
>
>I get the following results when I send an encrypted zip file:
>
>Sep 27 16:50:50 mail2 postfix/smtpd[11139]: B995330A88E:
>client=unknown[65.170.178.192]
>Sep 27 16:50:50 mail2 postfix/cleanup[10856]: B995330A88E:
>message-id=<41587C93.5040402@hpmich.com>
>Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E:
>from=<ebruce@hpmich.com>, size=371237, nrcpt=1 (queue active)
>Sep 27 16:50:52 mail2 postfix/nqmgr[10556]: B995330A88E:
>to=<edwardbruce@sbcglobal.net>, relay=none, delay=2, status=deferred
>(deferred transport)
>Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED::
>Encrypted.Zip:: ./B995330A88E/spring_wizardry.zip
>Sep 27 16:50:56 mail2 MailScanner[10675]: ClamAVModule::INFECTED::
>Encrypted.Zip:: ./B995330A88E/Copy of spring_wizardry.zip
>Sep 27 16:50:57 mail2 MailScanner[10675]: Infected message B995330A88E
>came from 65.170.178.192
>Sep 27 16:50:57 mail2 MailScanner[10675]: Saved entire message to
>/var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:57 mail2 MailScanner[10675]: Saved infected
>"spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:58 mail2 MailScanner[10675]: Saved infected "Copy of
>spring_wizardry.zip" to /var/spool/MailScanner/quarantine/20040927/B995330A88E
>Sep 27 16:50:58 mail2 MailScanner[10675]: Requeue: B995330A88E to A957037E49C
>
>
>
>Peter Bonivart wrote:
>
>>No Name wrote:
>>
>>>I have a similiar problem. I attempted to setup a ruleset, but no
>>>matter what
>>>I do it doesn't work. I've first tried:
>>
>>
>>Some virus scanners mark encrypted files as viruses since they can't be
>>scanned. What's the output of the scanner? I use your first example and
>>it works just fine for me so I doubt MS is the problem.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From listonly at WEBPRESENCEGROUP.NET  Tue Sep 28 15:05:25 2004
From: listonly at WEBPRESENCEGROUP.NET (David Thurman)
Date: Thu Jan 12 21:27:02 2006
Subject: F-Prot Install And Debian Issues? (Sarge)
Message-ID: <mailman.2634.1137101222.24926.mailscanner@lists.mailscanner.info>

We just did the apt-get unstable of MailScanner and SA and grabbed the
F-Prot deb file from F-Prot, We are also using ClamAV, MS and SA as well as
Clam seem to be working just fine, though still tuning SA, I am not seeing
F-Prot running, or scanning with Clam, which we used to see on our other
mail server (which died a horrible death yesterday) and wondered if the
F-Prot install is in a different spot then what the Debian MailScanner
install thinks?

Here is the locate results on Debian

/usr/local/bin/f-prot
/usr/local/f-prot
<SNIP>
/usr/local/f-prot/f-prot
/usr/local/f-prot/f-prot.sh
<SNIP>
/usr/local/f-prot/tools
/usr/local/f-prot/tools/check-updates.pl

And here is the /etc/MailScanner/autoupdate/f-prot-autoupdate file

<SNIP>
$PackageDir = shift || "/usr/lib/f-prot";

####################################
#
# You can set your HTTP proxy server / web-cache here if you want to,
# otherwise you will have to set it in the environment or wget's
# startup file.
# If you don't want to specify it here, comment out the next line.
#
#$HttpProxy  = 'www-cache.soton.ac.uk:3128';
#$FtpProxy   = '';
#
####################################

$FProtRoot  = $PackageDir;

# N.B. TempDir DIRECTORY WILL BE CLEARED so
# you *really* don't want to share it with
# anything else.
$TempDir    = "/var/tmp/f-prot";
$DefDir     = "/var/lib/f-prot";
<SNIP>

Is the autoupdate and virus.scanners.conf showing the wrong paths?

f-prot          /etc/MailScanner/wrapper/f-prot-wrapper /usr/lib/f-prot
--
David Thurman
The Web Presence Group
http://www.the-presence.com
Web Development/E-Commerce/CMS/Hosting/Dedicated Servers
800-399-6441/309-679-0774

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Tue Sep 28 15:10:57 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2635.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I went to the web site, downloaded the virus they had posted, and
fed it to both Sophos and Clam (08.80rc3).  Both detected it, as:

=== Checking virus-jpeg.zip with Sophos sweep
>>> Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg

=== Checking virus-jpeg.zip with ClamAV clamscan
Scanning virus-jpeg.zip
virus-jpeg.zip: Exploit.JPEG.Comment FOUND

So at least the anti-virus people are not snoozing...

Jeff Earickson
Colby College

On Tue, 28 Sep 2004, Spicer, Kevin wrote:

> Date: Tue, 28 Sep 2004 09:35:36 +0100
> From: "Spicer, Kevin" <Kevin.Spicer@BMRB.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: JPEG Virus
>
> Looks like the first jpeg virus has hit.  Theres a discussion going on
> on Slashdot right now.  Easynews found it in a couple of usenet posts.
> See here for their analysis....
> http://www.easynews.com/virus.html
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 15:16:31 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: ANNOUNCE: 4.34.7 -- Re: customer written A-V engine
Message-ID: <mailman.2636.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:08 28/09/2004, you wrote:
>A number of Perl scripts are now available which _will_ detect the
>exploit, or at least the example we have. How can we use these scripts
>in MailScanner?
>
>One suggestion made by a colleague here is for you to provide an
>interface in MS to a GENERIC anti-virus engine. Your MS interface would
>specify the strings/codes to be returned by this engine and the method
>of return.
>
>You would publish details of this interface. As far as MS is concerned
>it would be just another A-V engine that it can use.
>
>Sites could then write their own Perl script that conform to this
>interface and have the script used by MS by adding the "GENERIC" engine
>to the list in "MailScanner.conf" of the A-V engines to be used by
>MailScanner.

Please download and use beta release 4.34.7 which I have just released.
This contains the "generic" engine you need.

Please let me know how you get on with it. The output spec of what I
require from your code is in generic-wrapper. That seemed a good place to
put it as you would have to edit that file at some point to use it.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 15:17:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2637.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
One thing. When I tried it, it put "gb" as my country code when it actually
needed to use "uk", so the updates didn't work.

At 14:54 28/09/2004, you wrote:
>Dear ClamAV users,
>
>This release candidate eliminates possible false positive alerts in
>UPX/FSG compressed files and clarifies behaviour of default actions
>in clamd and freshclam.
>
>We encourage users to take advantage of our new mirror structure. In
>order to download the database from the closest mirror you should configure
>freshclam to use db.XY.clamav.net where XY is your country code (see
>http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
>the following lines to freshclam.conf:
>
>     DNSDatabaseInfo current.cvd.clamav.net
>     DatabaseMirror db.XY.clamav.net
>     DatabaseMirror database.clamav.net
>
>DNSDatabaseInfo enables database and software version verification
>through DNS TXT records, and the second database mirror acts as a
>fallback in
>case a connection to the first mirror fails for some reason.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rdvieira at IMPACTOOLS.COM  Tue Sep 28 15:22:21 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:27:02 2006
Subject: RES: Allowing specific executable files
Message-ID: <mailman.2638.1137101222.24926.mailscanner@lists.mailscanner.info>

This is exactly what I need, but it didn't work. In /var/log/maillog, I get
the following error:

Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 63 of
/usr/local/etc/MailScanner/filename.rules.conf
Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with tab
characters!
Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 64 of
/usr/local/etc/MailScanner/filename.rules.conf
Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with tab
characters!

In the filename.conf.rules, the allow rule is:

allow   ImportWizard\.exe$      -       -
allow   ComsipUpload\.exe$      -       -

It's before the 'deny   \.exe$' rule and I'm using tabs between fields.

Could someone help me, please?

Thanks a lot.

Renata.




-----Mensagem original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome de
Matt Kettler
Enviada em: segunda-feira, 27 de setembro de 2004 17:13
Para: MAILSCANNER@JISCMAIL.AC.UK
Assunto: Re: Allowing specific executable files

At 03:40 PM 9/27/2004, Renata D. Vieira wrote:
>I configured MailScanner in my server to deny all the executable files.
>However, there are 2 specific executable files those are send and
>received between our client and us.
>My question is: Is it possible in MailScanner to allow only these 2
>specific executable files and to continue denying all the others?

Yes. Add an allow rule near the top of filename.rules.conf, before the deny
rule for all .exe files.

allow   file1\.exe$     -       -
allow   file2\.exe$     -       -

deny   \.exe$          Windows/DOS
Executable
Executable DOS/Windows programs are dangerous in email

Note: make sure to use tabs not spaces between fields.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 15:35:13 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2639.1137101222.24926.mailscanner@lists.mailscanner.info>

Symantec seems to detects the exploit too (I tried it the other day on
the poc file)

-----Original Message-----
From: Jeff A. Earickson [mailto:jaearick@COLBY.EDU] 
Sent: 28 September 2004 15:11
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: JPEG Virus

I went to the web site, downloaded the virus they had posted, and fed it
to both Sophos and Clam (08.80rc3).  Both detected it, as:

=== Checking virus-jpeg.zip with Sophos sweep
>>> Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg

=== Checking virus-jpeg.zip with ClamAV clamscan Scanning virus-jpeg.zip
virus-jpeg.zip: Exploit.JPEG.Comment FOUND

So at least the anti-virus people are not snoozing...

Jeff Earickson
Colby College

On Tue, 28 Sep 2004, Spicer, Kevin wrote:

> Date: Tue, 28 Sep 2004 09:35:36 +0100
> From: "Spicer, Kevin" <Kevin.Spicer@BMRB.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: JPEG Virus
>
> Looks like the first jpeg virus has hit.  Theres a discussion going on

> on Slashdot right now.  Easynews found it in a couple of usenet posts.
> See here for their analysis....
> http://www.easynews.com/virus.html
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the recipient 
> and may contain confidential and/or privileged material.  If you have 
> received this in error, please contact the sender and delete this 
> message immediately.  Disclosure, copying or other action taken in 
> respect of this email or in reliance on it is prohibited.  BMRB 
> International Limited accepts no liability in relation to any personal

> emails, or content of any email which does not directly relate to our 
> business.
>
>
>
> ------------------------ MailScanner list ------------------------ To 
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ka at PACIFIC.NET  Tue Sep 28 15:51:50 2004
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2640.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dustin Baer wrote:
> kfliong wrote:
>
>> Hi all,
>>
>> As you know, i was having "joe-job" attack yesterday. I have since
>> fixed it
>> by adding the script provided by Steve to sendmail.cf file.
>>
>> I now want to refine script by allowing only mails sent to valid users.
>> Those mails send to invalid users currently goes to catchall account.
>> And I
>> have configured catchall to go to /dev/null. But this is not good
>> enough as
>> these mails are still keep in queues and then processed by
>> mailscanner. Is
>> there a way to drop these mails directly from MTA level?
>
>
> I've used Sendmail for several years and have never had to deal with
> this.  Sendmail doesn't accept mail by default for people not listed in
> its aliases, or virtusertable files.

If MailScanner is run on a relay instead of where your user db is, you
can use the sendmail access list to tell sendmail who the valid users
are, and to deny any others:

TO:valid_user1@domain.com    RELAY
TO:valid_user2@domain.com    RELAY
#
#
#
# Default entry to reject
TO:domain.com  ERROR:5.1.1:550 User unknown

You will need to generate this file from your list of real users,
wherever that is, and scp it over to your MailScanner machine(s).

Ken
Pacific.Net

> The comp.mail.sendmail newsgroup would be a good place for your question.
>
> Dustin
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 15:54:50 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: Allowing specific executable files
Message-ID: <mailman.2641.1137101222.24926.mailscanner@lists.mailscanner.info>

Could you post the file as an attachment please 

-----Original Message-----
From: Renata D. Vieira [mailto:rdvieira@IMPACTOOLS.COM] 
Sent: 28 September 2004 15:22
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: RES: Allowing specific executable files

This is exactly what I need, but it didn't work. In /var/log/maillog, I
get the following error:

Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 63
of /usr/local/etc/MailScanner/filename.rules.conf
Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with
tab characters!
Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 64
of /usr/local/etc/MailScanner/filename.rules.conf
Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with
tab characters!

In the filename.conf.rules, the allow rule is:

allow   ImportWizard\.exe$      -       -
allow   ComsipUpload\.exe$      -       -

It's before the 'deny   \.exe$' rule and I'm using tabs between fields.

Could someone help me, please?

Thanks a lot.

Renata.




-----Mensagem original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome
de Matt Kettler Enviada em: segunda-feira, 27 de setembro de 2004 17:13
Para: MAILSCANNER@JISCMAIL.AC.UK
Assunto: Re: Allowing specific executable files

At 03:40 PM 9/27/2004, Renata D. Vieira wrote:
>I configured MailScanner in my server to deny all the executable files.
>However, there are 2 specific executable files those are send and 
>received between our client and us.
>My question is: Is it possible in MailScanner to allow only these 2 
>specific executable files and to continue denying all the others?

Yes. Add an allow rule near the top of filename.rules.conf, before the
deny rule for all .exe files.

allow   file1\.exe$     -       -
allow   file2\.exe$     -       -

deny   \.exe$          Windows/DOS
Executable
Executable DOS/Windows programs are dangerous in email

Note: make sure to use tabs not spaces between fields.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).





BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at LISTS.COM.AR  Tue Sep 28 15:59:05 2004
From: mailscanner at LISTS.COM.AR (Leonardo Helman)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2642.1137101222.24926.mailscanner@lists.mailscanner.info>

Copy&paste from clamav site:

 ClamAV JPEG Exploit (MS04-028) Detection
    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
ClamAV 0.80rc3 successfuly detects JPEG files with modified comment section that allows attackers to remotely execute arbitrary code on unpatched Windows machines.


I was running the stable version, 0.75-1, but it didn't catch this.
I didn't have trouble with the upgrade (from sources), the rpm
isn't there yet.



On Tue, Sep 28, 2004 at 10:10:35AM -0400, Jeff A. Earickson wrote:
> I went to the web site, downloaded the virus they had posted, and
> fed it to both Sophos and Clam (08.80rc3).  Both detected it, as:
>
> === Checking virus-jpeg.zip with Sophos sweep
> >>>Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg
>
> === Checking virus-jpeg.zip with ClamAV clamscan
> Scanning virus-jpeg.zip
> virus-jpeg.zip: Exploit.JPEG.Comment FOUND
>
> So at least the anti-virus people are not snoozing...
>
> Jeff Earickson
> Colby College
>
> On Tue, 28 Sep 2004, Spicer, Kevin wrote:
>
> >Date: Tue, 28 Sep 2004 09:35:36 +0100
> >From: "Spicer, Kevin" <Kevin.Spicer@BMRB.CO.UK>
> >Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: JPEG Virus
> >
> >Looks like the first jpeg virus has hit.  Theres a discussion going on
> >on Slashdot right now.  Easynews found it in a couple of usenet posts.
> >See here for their analysis....
> >http://www.easynews.com/virus.html
> >
> >
> >
> >BMRB International
> >http://www.bmrb.co.uk
> >+44 (0)20 8566 5000
> >_________________________________________________________________
> >This message (and any attachment) is intended only for the
> >recipient and may contain confidential and/or privileged
> >material.  If you have received this in error, please contact the
> >sender and delete this message immediately.  Disclosure, copying
> >or other action taken in respect of this email or in
> >reliance on it is prohibited.  BMRB International Limited
> >accepts no liability in relation to any personal emails, or
> >content of any email which does not directly relate to our
> >business.
> >
> >
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jeff at IMAGE-SRC.COM  Tue Sep 28 16:09:47 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:27:02 2006
Subject: user_prefs file
Message-ID: <mailman.2643.1137101222.24926.mailscanner@lists.mailscanner.info>

According to the config file:
---------------
# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the
example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
---------------

So I added a user_prefs file to my home directory for testing:
---------------
[root@mailsrv .spamassassin]# ls -la
total 12
drwx------    2 jeff     mailusers     4096 Sep 28 10:44 .
drwx------    5 jeff     mailusers     4096 Sep 26 04:27 ..
-rw-r--r--    1 jeff     mailusers     1275 Sep 24 14:34 user_prefs
---------------

And here's the user_prefs file:
---------------
score SPAMCOP_URI_RBL 6.0
score WS_URI_RBL 6.0
score OB_URI_RBL 6.0
score PH_URI_RBL 6.0
score JP_URI_RBL 6.0
---------------

But when looking at the headers from a piece of spam that came in, the
custom values I used for these checks didn't take hold:
---------------
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (score=13.403, required 6,
        HTML_40_50 0.47, HTML_IMAGE_ONLY_04 1.53, HTML_MESSAGE 0.00,
        JP_URI_RBL 2.50, MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10,
        OB_URI_RBL 2.10, SPAMCOP_URI_RBL 3.00, SUBJ_BUY 0.89,
        WS_URI_RBL 2.10)
X-MailScanner-SpamScore: 13
X-MailScanner-From: n.sfranco_dr@mctier.com
---------------

Those values specified in the headers are the default values for the
site. How do I define per-user values? Also, there's no auto-whitelist
file in my .spamassassin directory even though I have enabled auto
whilelisting in the MailScanner.conf file. Is this normal?

Thanks,

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 16:19:04 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2644.1137101222.24926.mailscanner@lists.mailscanner.info>

 

-----Original Message-----
From: Leonardo Helman [mailto:mailscanner@LISTS.COM.AR] 

> ClamAV JPEG Exploit (MS04-028) Detection
>    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
>ClamAV 0.80rc3 successfuly detects JPEG files with modified comment
section that allows >attackers to remotely execute arbitrary code on
unpatched Windows machines.


>I was running the stable version, 0.75-1, but it didn't catch this.
>I didn't have trouble with the upgrade (from sources), the rpm isn't
there yet.

That's because this kind of detection is only supported with 0.80rc3
(and maybe 0.80rc2?)




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Tue Sep 28 16:24:21 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2645.1137101222.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@LISTS.COM.AR 09/28/04 09:59AM >>>
>Copy&paste from clamav site:
>
> ClamAV JPEG Exploit (MS04-028) Detection
>    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
>ClamAV 0.80rc3 successfuly detects JPEG files with modified comment section that allows attackers to remotely execute arbitrary code on >>>

I assume this means it will work 'out of the box', and the comment section it talks about is *already* modified?  Its not too clear on that, and the website doesn't say.  And I also assume that using clamavmodule from Mailscanner will work just the same as clamav?

thx
Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Tue Sep 28 16:40:47 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2646.1137101222.24926.mailscanner@lists.mailscanner.info>

Further to my earlier message which suggested that up to date Sophos and
McAfee A-V engines & data files did not catch the MS04-028 trojan,
subsequent tests indicate that both do.

Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

   

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>Sent: 28 September 2004 15:11
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: JPEG Virus
>
>I went to the web site, downloaded the virus they had posted, and
>fed it to both Sophos and Clam (08.80rc3).  Both detected it, as:
>
>=== Checking virus-jpeg.zip with Sophos sweep
>>>> Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg
>
>=== Checking virus-jpeg.zip with ClamAV clamscan
>Scanning virus-jpeg.zip
>virus-jpeg.zip: Exploit.JPEG.Comment FOUND
>
>So at least the anti-virus people are not snoozing...
>
>Jeff Earickson
>Colby College
>
>On Tue, 28 Sep 2004, Spicer, Kevin wrote:
>
>> Date: Tue, 28 Sep 2004 09:35:36 +0100
>> From: "Spicer, Kevin" <Kevin.Spicer@BMRB.CO.UK>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: JPEG Virus
>>
>> Looks like the first jpeg virus has hit.  Theres a 
>discussion going on
>> on Slashdot right now.  Easynews found it in a couple of 
>usenet posts.
>> See here for their analysis....
>> http://www.easynews.com/virus.html
>>
>>
>>
>> BMRB International
>> http://www.bmrb.co.uk
>> +44 (0)20 8566 5000
>> _________________________________________________________________
>> This message (and any attachment) is intended only for the
>> recipient and may contain confidential and/or privileged
>> material.  If you have received this in error, please contact the
>> sender and delete this message immediately.  Disclosure, copying
>> or other action taken in respect of this email or in
>> reliance on it is prohibited.  BMRB International Limited
>> accepts no liability in relation to any personal emails, or
>> content of any email which does not directly relate to our
>> business.
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Kevin.Spicer at BMRB.CO.UK  Tue Sep 28 17:02:03 2004
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2647.1137101222.24926.mailscanner@lists.mailscanner.info>

-----Original Message-----
From: Matt Kehler [mailto:mkehler@WRHA.MB.CA] 
>>ClamAV 0.80rc3 successfuly detects JPEG files with modified comment 
>>section that allows attackers to remotely execute arbitrary code on
>>>

>I assume this means it will work 'out of the box', and the comment
section it talks 
>about is *already* modified?  Its not too clear on that, and the
website doesn't say. 

The comment section it refers to is the embedded comment section in a
jpeg file.  The exploit works because the jpeg specification specifies
that a comment starts with the values fffe (2 bytes in hex) followed by
two bytes which indicate the length of the comment.  The two byte length
field is included in the total length, therefore the minimum length is
two bytes.  The expolit works by setting the indicated length to an
invalid 0 or 1 bytes.



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From t.d.lee at DURHAM.AC.UK  Tue Sep 28 17:18:17 2004
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:27:02 2006
Subject: uvscan does not go away
Message-ID: <mailman.2648.1137101222.24926.mailscanner@lists.mailscanner.info>

On Mon, 27 Sep 2004, Denis Beauchemin wrote:

> Kai Wang wrote:
>
> > Hi,
> >
> > I found recently that there are some McAfee uvscan process chewing the
> > mail
> > server cpu. MailScanner was the one that started the process. The
> > directory,
> > which MailScanner started the process, disappeared already. But the
> > uvscan
> > process just does not go.
> >
>
> Kai,
>
> It usually happens when I reload MS while MS is virus scanning some
> email.  The uvscan just stays there and consumes CPU.
>
> I call the included script in root's crontab:
> 0-59/5 * * * * /usr/local/bin/killOldUvscan

We, too, see these CPU-gobbling uvscan processes after MS reload/restart.
But the suggested crontab method of handling feels less than ideal.

Anyone have any thoughts as to how we might address this more cleanly?
(Can we persuade MS to signal any uvscan children, etc.?)


--

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbrodeur+mailscanner at NEXTTIME.COM  Tue Sep 28 17:34:53 2004
From: mbrodeur+mailscanner at NEXTTIME.COM (Matt Brodeur)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2649.1137101222.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Sep 28, 2004 at 04:17:14PM +0800, kfliong wrote:

> I now want to refine script by allowing only mails sent to valid users.
> Those mails send to invalid users currently goes to catchall account. And I
> have configured catchall to go to /dev/null. But this is not good enough as
> these mails are still keep in queues and then processed by mailscanner. Is
> there a way to drop these mails directly from MTA level?

   It sounds like you're looking for a way to have a relay look up
valid users during the SMTP transaction.  There are several ways to do
this, such as LDAP/NIS, script-generated access.db, or something
simple like this:
http://www.milter.info/milter-ahead/index.shtml
   This is a milter that calls ahead to your final delivery host to
check incoming addresses.  It's easy to set up and works well, as long
as the internal host accepts the "MAIL FROM: <>" syntax.

- --
Matt Brodeur                                                       RHCE
MBrodeur@NextTime.com                           http://www.NextTime.com

Give me ambiguity or give me something else.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBWZKtc8/WFSz+GKMRApl4AJ9Z8RkbMAfcMWGE0iG1OgDlsczDAwCghRZZ
FHYaKxTic02TtK7JbsBfgX0=
=CerH
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 17:51:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: user_prefs file
Message-ID: <mailman.2650.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This has been mentioned many times here. MailScanner always calls
SpamAssassin as the same user. The real username to use would only be known
at delivery time, which is long after MailScanner has got out of the way. I
don't interfere with the delivery process at all as it is far too
complicated for most users to be able to setup without lots of help :-)

The things that people usually want to configure per-user are configurable
via MailScanner instead. This includes the score thresholds and actions,
and the white and black lists. And if you want to read these from an SQL,
LDAP or other storage system, you can do all of that with simple Custom
Functions.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rdvieira at IMPACTOOLS.COM  Tue Sep 28 18:12:10 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:27:02 2006
Subject: RES: Allowing specific executable files
Message-ID: <mailman.2651.1137101222.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

 
Hi!

The filename.rules.conf is as an attachment. The rules is in the line 63.

Thanks!

Renata D. Vieira
Support Analyst
Impactools - The wise solution that fits.


-----Mensagem original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome de
Spicer, Kevin
Enviada em: terça-feira, 28 de setembro de 2004 11:55
Para: MAILSCANNER@JISCMAIL.AC.UK
Assunto: Re: Allowing specific executable files

Could you post the file as an attachment please 


-----Original Message-----

From: Renata D. Vieira [mailto:rdvieira@IMPACTOOLS.COM] 

Sent: 28 September 2004 15:22

To: MAILSCANNER@JISCMAIL.AC.UK

Subject: RES: Allowing specific executable files


This is exactly what I need, but it didn't work. In /var/log/maillog, I

get the following error:


Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 63

of /usr/local/etc/MailScanner/filename.rules.conf

Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with

tab characters!

Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 64

of /usr/local/etc/MailScanner/filename.rules.conf

Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with

tab characters!


In the filename.conf.rules, the allow rule is:


allow   ImportWizard\.exe$      -       -

allow   ComsipUpload\.exe$      -       -


It's before the 'deny   \.exe$' rule and I'm using tabs between fields.


Could someone help me, please?


Thanks a lot.


Renata.





-----Mensagem original-----

De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome

de Matt Kettler Enviada em: segunda-feira, 27 de setembro de 2004 17:13

Para: MAILSCANNER@JISCMAIL.AC.UK

Assunto: Re: Allowing specific executable files


At 03:40 PM 9/27/2004, Renata D. Vieira wrote:

>I configured MailScanner in my server to deny all the executable files.

>However, there are 2 specific executable files those are send and

>received between our client and us.

>My question is: Is it possible in MailScanner to allow only these 2

>specific executable files and to continue denying all the others?


Yes. Add an allow rule near the top of filename.rules.conf, before the

deny rule for all .exe files.


allow   file1\.exe$     -       -

allow   file2\.exe$     -       -


deny   \.exe$          Windows/DOS

Executable

Executable DOS/Windows programs are dangerous in email


Note: make sure to use tabs not spaces between fields.


------------------------ MailScanner list ------------------------ To

unsubscribe, email jiscmail@jiscmail.ac.uk with the words:

'leave mailscanner' in the body of the email.

Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


------------------------ MailScanner list ------------------------ To

unsubscribe, email jiscmail@jiscmail.ac.uk with the words:

'leave mailscanner' in the body of the email.

Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the

archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the recipient and may
contain confidential and/or privileged material.  If you have received this
in error, please contact the sender and delete this message immediately.
Disclosure, copying or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited accepts no
liability in relation to any personal emails, or content of any email which
does not directly relate to our business.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/PLAIN (Name: "filename.rules.conf.txt")  124 lines. ]
    [ Unable to print this part. ]


From mailscanner at ecs.soton.ac.uk  Tue Sep 28 18:18:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: uvscan does not go away
Message-ID: <mailman.2652.1137101222.24926.mailscanner@lists.mailscanner.info>

At 17:18 28/09/2004, you wrote:
>On Mon, 27 Sep 2004, Denis Beauchemin wrote:
> > Kai Wang wrote:
> >
> > > Hi,
> > >
> > > I found recently that there are some McAfee uvscan process chewing the
> > > mail
> > > server cpu. MailScanner was the one that started the process. The
> > > directory,
> > > which MailScanner started the process, disappeared already. But the
> > > uvscan
> > > process just does not go.
> > >
> >
> > Kai,
> >
> > It usually happens when I reload MS while MS is virus scanning some
> > email.  The uvscan just stays there and consumes CPU.
> >
> > I call the included script in root's crontab:
> > 0-59/5 * * * * /usr/local/bin/killOldUvscan
>
>We, too, see these CPU-gobbling uvscan processes after MS reload/restart.
>But the suggested crontab method of handling feels less than ideal.
>
>Anyone have any thoughts as to how we might address this more cleanly?
>(Can we persuade MS to signal any uvscan children, etc.?)

Please try the attached patches for /usr/sbin/MailScanner and
/usr/lib/MailScanner/MailScanner/SweepViruses.pm.

Note that 1 hunk of the SweepViruses.pm patch may fail to apply due to a
version number mismatch (I don't know what version of this file you have,
and the patch overlaps the version number). However, take a look at the
patch and you will find it is trivial to apply by hand.

Please let me know if this works or if it causes more trouble than it solves.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "MailScanner.patch")  ]
    [ 918bytes. ]
    [ Unable to print this part. ]


    [ Part 3, Application/OCTET-STREAM (Name: "SweepViruses.pm.patch")  ]
    [ 1.7KB. ]
    [ Unable to print this part. ]


    [ Part 4: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From kevins at BMRB.CO.UK  Tue Sep 28 18:19:29 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:02 2006
Subject: RES: Allowing specific executable files
Message-ID: <mailman.2653.1137101222.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-28 at 18:12, Renata D. Vieira wrote:
>  Hi!
>
> The filename.rules.conf is as an attachment. The rules is in the line 63.
>
Somehow or other every tab in that file got replaced by spaces in
transit (maybe your mail client, maybe mine) could you zip it with gzip
on your mail server before sending it please.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 18:22:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: RES: Allowing specific executable files
Message-ID: <mailman.2654.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
The file you have attached appears to have spaces throughout and no tabs.

At 18:12 28/09/2004, you wrote:
>
>Hi!
>
>The filename.rules.conf is as an attachment. The rules is in the line 63.
>
>Thanks!
>
>Renata D. Vieira
>Support Analyst
>Impactools - The wise solution that fits.
>
>
>-----Original Message-----
>
>From: Renata D. Vieira [mailto:rdvieira@IMPACTOOLS.COM]
>
>Sent: 28 September 2004 15:22
>
>To: MAILSCANNER@JISCMAIL.AC.UK
>
>Subject: RES: Allowing specific executable files
>
>
>This is exactly what I need, but it didn't work. In /var/log/maillog, I
>
>get the following error:
>
>
>Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 63
>
>of /usr/local/etc/MailScanner/filename.rules.conf
>
>Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with
>
>tab characters!
>
>Sep 28 11:19:28 mail MailScanner[3212]: Possible syntax error on line 64
>
>of /usr/local/etc/MailScanner/filename.rules.conf
>
>Sep 28 11:19:28 mail MailScanner[3212]: Remember to separate fields with
>
>tab characters!
>
>
>In the filename.conf.rules, the allow rule is:
>
>
>allow   ImportWizard\.exe$      -       -
>
>allow   ComsipUpload\.exe$      -       -
>
>
>It's before the 'deny   \.exe$' rule and I'm using tabs between fields.
>
>
>Could someone help me, please?
>
>
>Thanks a lot.
>
>
>Renata.
>
>
>
>
>
>-----Mensagem original-----
>
>De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome
>
>de Matt Kettler Enviada em: segunda-feira, 27 de setembro de 2004 17:13
>
>Para: MAILSCANNER@JISCMAIL.AC.UK
>
>Assunto: Re: Allowing specific executable files
>
>
>At 03:40 PM 9/27/2004, Renata D. Vieira wrote:
>
> >I configured MailScanner in my server to deny all the executable files.
>
> >However, there are 2 specific executable files those are send and
>
> >received between our client and us.
>
> >My question is: Is it possible in MailScanner to allow only these 2
>
> >specific executable files and to continue denying all the others?
>
>
>Yes. Add an allow rule near the top of filename.rules.conf, before the
>
>deny rule for all .exe files.
>
>
>allow   file1\.exe$     -       -
>
>allow   file2\.exe$     -       -
>
>
>deny   \.exe$          Windows/DOS
>
>Executable
>
>Executable DOS/Windows programs are dangerous in email
>
>
>Note: make sure to use tabs not spaces between fields.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Tue Sep 28 18:24:05 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2655.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Matt Kehler
> Sent: Tuesday, September 28, 2004 10:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
<snip>
>
> I assume this means it will work 'out of the box', and the
> comment section it talks about is *already* modified?  Its not
> too clear on that, and the website doesn't say.  And I also
> assume that using clamavmodule from Mailscanner will work just
> the same as clamav?
>

F-Prot, BitDefender and ClamAVModule (clamav 0.80rc3)all detect the sample I
have

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Tue Sep 28 18:39:53 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2656.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Spicer, Kevin
> Sent: Tuesday, September 28, 2004 10:19 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
>
>
> -----Original Message-----
>  From: Leonardo Helman [mailto:mailscanner@LISTS.COM.AR]
>
> > ClamAV JPEG Exploit (MS04-028) Detection
>  >    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
>  >ClamAV 0.80rc3 successfuly detects JPEG files with modified comment
>  section that allows >attackers to remotely execute arbitrary code on
>  unpatched Windows machines.
>
>
> >I was running the stable version, 0.75-1, but it didn't catch this.
>  >I didn't have trouble with the upgrade (from sources), the rpm isn't
>  there yet.
>
> That's because this kind of detection is only supported with 0.80rc3
>  (and maybe 0.80rc2?)
>

0.80rc2 doesn't detect it, must use 0.80rc3

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Tue Sep 28 18:48:20 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: Allow password protected/encrypted zip files from a singler
    sender
Message-ID: <mailman.2657.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Tuesday, September 28, 2004 8:57 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Allow password protected/encrypted zip files from a singler
> sender
>
>
> In which case ClamAV is detecting it as a virus, so the
> "Allow Password-Protected Archives" setting won't have any
> effect, as it is
> over-ridden by ClamAV.
>

But the code section of SweepViruses.pm that begins:

if(MailScanner::Config::Value('allowpasszips')

Looks at the allow password protected config value and doesn't add
CL_ENCRYPTED to the call to the scan function unless allow password
protected is false? And clamscan doesn't block encrypted by default.

Rick



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jon.Beets at PACER.COM  Tue Sep 28 19:13:04 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:02 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2658.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Mark Nienberg
> Sent: Sunday, September 26, 2004 11:00 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SpamAssassin installation could not be found?
>
> On Sunday, September 26, 2004, at 06:16  PM, Jon Beets wrote:
> > Running on
> > Linux www.pacer.com 2.4.19C13_III #1 Tue Apr 13 20:41:16 PDT 2004 i586
> > unknown
> > This is Perl version 5.006000 (5.6.0)
> > This is MailScanner version 4.33.3
> >
> SpamAssassin 3.0 requires perl 5.8.
> The SpamAssassin 2.6 series was the last to support perl 5.6
>

I compiled spamassassin in 5.8.0
MailScanner was also originally compiled in 5.8.0 but compiled it in 5.6.0
after I started having this problem hoping it would fix it..

Jon

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Jon.Beets at PACER.COM  Tue Sep 28 19:18:07 2004
From: Jon.Beets at PACER.COM (Jon Beets)
Date: Thu Jan 12 21:27:02 2006
Subject: SpamAssassin installation could not be found?
Message-ID: <mailman.2659.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: Monday, September 27, 2004 12:33 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SpamAssassin installation could not be found?
>
> After a bit of Googling I found a howto for upgrading Perl on a RAQ550:
> http://www.depopo.net/content/howto/cobalt-raq550-perl583.htm
>
> Use at your own risk :) (all standard disclaimers apply)
>
>

Thanks for the help and also the suggestion to maybe load 2.64 with the URI
instead. The reason I loaded SA 3 was for the URI.

I will have to sit and think about the best one to choose and see what
happens..

Jon

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From xterm1 at TATORZ.COM  Tue Sep 28 19:18:41 2004
From: xterm1 at TATORZ.COM (xterm1)
Date: Thu Jan 12 21:27:02 2006
Subject: update_virus_scanners error
Message-ID: <mailman.2660.1137101222.24926.mailscanner@lists.mailscanner.info>

        Just upgraded to Latest rpm

Mailscanner version 4.34.7

RedHat 9
        I keep getting this error on the Virus update process
        /etc/cron.hourly/update_virus_scanners:

       /usr/sbin/update_virus_scanners: line 34:
/usr/lib/MailScanner/generic-wrapper: No such file or directory

Any Ideas where to look! I tried both Files for a possible answer!

TIA
Brian



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rdvieira at IMPACTOOLS.COM  Tue Sep 28 19:22:42 2004
From: rdvieira at IMPACTOOLS.COM (Renata D. Vieira)
Date: Thu Jan 12 21:27:02 2006
Subject: RES: RES: Allowing specific executable files
Message-ID: <mailman.2661.1137101222.24926.mailscanner@lists.mailscanner.info>

Hello all!

It's working now. I'm sorry for the confusing. I copied and paste an
existent rule to change according to what I was needing. Somehow, after the
copy/paste, the editor changed the tab for spaces.

Thanks all for the help!


Renata D. Vieira
Support Analyst
Impactools - The wise solution that fits.


-----Mensagem original-----
De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Em nome de
Kevin Spicer
Enviada em: terça-feira, 28 de setembro de 2004 14:19
Para: MAILSCANNER@JISCMAIL.AC.UK
Assunto: Re: RES: Allowing specific executable files

On Tue, 2004-09-28 at 18:12, Renata D. Vieira wrote:
>  Hi!
>
> The filename.rules.conf is as an attachment. The rules is in the line 63.
>
Somehow or other every tab in that file got replaced by spaces in transit
(maybe your mail client, maybe mine) could you zip it with gzip on your mail
server before sending it please.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the recipient and may
contain confidential and/or privileged material.  If you have received this
in error, please contact the sender and delete this message immediately.
Disclosure, copying or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited accepts no
liability in relation to any personal emails, or content of any email which
does not directly relate to our business.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From tonioli at gmail.com  Tue Sep 28 19:23:05 2004
From: tonioli at gmail.com (Felipe Tonioli)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2662.1137101222.24926.mailscanner@lists.mailscanner.info>

Hi,

How to get this sample ? better, where ?

tks


--
Felipe Tonioli

On Tue, 28 Sep 2004 12:39:53 -0500, Rick Cooper <rcooper@dwford.com> wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Spicer, Kevin
> > Sent: Tuesday, September 28, 2004 10:19 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: JPEG Virus
> >
> >
> >
> >
> > -----Original Message-----
> >  From: Leonardo Helman [mailto:mailscanner@LISTS.COM.AR]
> >
> > > ClamAV JPEG Exploit (MS04-028) Detection
> >  >    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
> >  >ClamAV 0.80rc3 successfuly detects JPEG files with modified comment
> >  section that allows >attackers to remotely execute arbitrary code on
> >  unpatched Windows machines.
> >
> >
> > >I was running the stable version, 0.75-1, but it didn't catch this.
> >  >I didn't have trouble with the upgrade (from sources), the rpm isn't
> >  there yet.
> >
> > That's because this kind of detection is only supported with 0.80rc3
> >  (and maybe 0.80rc2?)
> >
>
> 0.80rc2 doesn't detect it, must use 0.80rc3
>
>
>
> Rick
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From splee at plexio.com  Tue Sep 28 19:24:34 2004
From: splee at plexio.com (Stephen Lee)
Date: Thu Jan 12 21:27:02 2006
Subject: Extraneous msg with MS 4.34.7-1 autoupdate?
Message-ID: <mailman.2663.1137101222.24926.mailscanner@lists.mailscanner.info>

Hi,

I just installed the MS 4.34.7-1 RPM on to a Fedora Core 2 / Exim 4.34 /
Sophos box. Everthing seems to be running fine except I get the
following message during the hourly autoupdates:

/etc/cron.hourly/update_virus_scanners:

/usr/sbin/update_virus_scanners: line 34:
/usr/lib/MailScanner/generic-wrapper: No such file or directory

The Sophos IDEs seem to update fine. Here's a snippet from my logs:

Sep 28 11:01:01 mail update.virus.scanners: Delaying cron job up to 600
seconds
Sep 28 11:01:26 mail MailScanner[20758]: New Batch: Scanning 1 messages,
5971 bytes
Sep 28 11:01:32 mail update.virus.scanners: Found sophos installed
Sep 28 11:01:32 mail update.virus.scanners: Running autoupdate for
sophos
Sep 28 11:01:40 mail Sophos-autoupdate[21017]: Sophos successfully
updated in /usr/local/Sophos/384.200409281101

Should I simply ignore this message?

Thanks!
Stephen

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Tue Sep 28 19:36:38 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: Extraneous msg with MS 4.34.7-1 autoupdate?
Message-ID: <mailman.2664.1137101222.24926.mailscanner@lists.mailscanner.info>

That will be the champagne I had after lunch getting its own back. I forgot
to add the generic-wrapper and generic-autoupdate to the RPM packages.

The missing files are attached. They should go in /usr/lib/MailScanner
along with all the other -wrapper and -autoupdate scripts.

At 19:24 28/09/2004, you wrote:
>Hi,
>
>I just installed the MS 4.34.7-1 RPM on to a Fedora Core 2 / Exim 4.34 /
>Sophos box. Everthing seems to be running fine except I get the
>following message during the hourly autoupdates:
>
>/etc/cron.hourly/update_virus_scanners:
>
>/usr/sbin/update_virus_scanners: line 34:
>/usr/lib/MailScanner/generic-wrapper: No such file or directory

You can safely ignore this, but if you install the attached files the
message should go away.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "generic-wrapper")  3.3KB. ]
    [ Unable to print this part. ]


    [ Part 3, Application/OCTET-STREAM (Name: "generic-autoupdate")  ]
    [ 1.2KB. ]
    [ Unable to print this part. ]


    [ Part 4: "Attached Text" ]

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From mailscanner at ecs.soton.ac.uk  Tue Sep 28 19:37:04 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:02 2006
Subject: update_virus_scanners error
Message-ID: <mailman.2665.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:18 28/09/2004, you wrote:
>         Just upgraded to Latest rpm
>
>Mailscanner version 4.34.7
>
>RedHat 9
>         I keep getting this error on the Virus update process
>         /etc/cron.hourly/update_virus_scanners:
>
>        /usr/sbin/update_virus_scanners: line 34:
>/usr/lib/MailScanner/generic-wrapper: No such file or directory
>
>Any Ideas where to look! I tried both Files for a possible answer!

See the "Extraneous msg" thread in which I have just posted the solution.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Tue Sep 28 19:39:31 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: JPEG Virus
Message-ID: <mailman.2666.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Felipe Tonioli
> Sent: Tuesday, September 28, 2004 1:23 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
> Hi,
>
> How to get this sample ? better, where ?
>
> tks
>
<snip>

http://easynews.com/virus/virus-jpeg.zip

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From devonharding at gmail.com  Tue Sep 28 19:58:22 2004
From: devonharding at gmail.com (Devon Harding)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2667.1137101222.24926.mailscanner@lists.mailscanner.info>

Whats the CPAN command to install ClamAV?


On Tue, 28 Sep 2004 15:17:36 +0100, Julian Field
<mailscanner@ecs.soton.ac.uk> wrote:
> One thing. When I tried it, it put "gb" as my country code when it actually
> needed to use "uk", so the updates didn't work.
>
> At 14:54 28/09/2004, you wrote:
> >Dear ClamAV users,
> >
> >This release candidate eliminates possible false positive alerts in
> >UPX/FSG compressed files and clarifies behaviour of default actions
> >in clamd and freshclam.
> >
> >We encourage users to take advantage of our new mirror structure. In
> >order to download the database from the closest mirror you should configure
> >freshclam to use db.XY.clamav.net where XY is your country code (see
> >http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
> >the following lines to freshclam.conf:
> >
> >     DNSDatabaseInfo current.cvd.clamav.net
> >     DatabaseMirror db.XY.clamav.net
> >     DatabaseMirror database.clamav.net
> >
> >DNSDatabaseInfo enables database and software version verification
> >through DNS TXT records, and the second database mirror acts as a
> >fallback in
> >case a connection to the first mirror fails for some reason.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From peter at UCGBOOK.COM  Tue Sep 28 20:09:11 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2668.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Devon Harding wrote:
> Whats the CPAN command to install ClamAV?

I guess you mean the perl module that requires Clam AV in binary form?

Then it's:

cpan> install Mail::ClamAV

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Tue Sep 28 20:10:56 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2669.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Devon Harding
> Sent: Tuesday, September 28, 2004 1:58 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: FW: [Clamav-announce] announcing ClamAV 0.80rc3
>
>
> Whats the CPAN command to install ClamAV?
>


cpan -i Mail::ClamAV

But you do realize you actually have to install the ClamAV package (source
or RPM) before installing the perl ClamAV module, correct?

If not go here : http://www.clamav.net/ to get the package

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From greyhair at GREYHAIR.NET  Tue Sep 28 21:16:15 2004
From: greyhair at GREYHAIR.NET (greyhair)
Date: Thu Jan 12 21:27:02 2006
Subject: FW: [Clamav-announce] announcing ClamAV 0.80rc3
Message-ID: <mailman.2670.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
to get into cpan:
perl -MCPAN -e shell

then at the "cpan>" prompt:
install Mail::ClamAV

Devon Harding wrote:
> Whats the CPAN command to install ClamAV?
>
>
> On Tue, 28 Sep 2004 15:17:36 +0100, Julian Field
> <mailscanner@ecs.soton.ac.uk> wrote:
>
>>One thing. When I tried it, it put "gb" as my country code when it actually
>>needed to use "uk", so the updates didn't work.
>>
>>At 14:54 28/09/2004, you wrote:
>>
>>>Dear ClamAV users,
>>>
>>>This release candidate eliminates possible false positive alerts in
>>>UPX/FSG compressed files and clarifies behaviour of default actions
>>>in clamd and freshclam.
>>>
>>>We encourage users to take advantage of our new mirror structure. In
>>>order to download the database from the closest mirror you should configure
>>>freshclam to use db.XY.clamav.net where XY is your country code (see
>>>http://www.iana.org/cctld/cctld-whois.htm for the full list). Please add
>>>the following lines to freshclam.conf:
>>>
>>>    DNSDatabaseInfo current.cvd.clamav.net
>>>    DatabaseMirror db.XY.clamav.net
>>>    DatabaseMirror database.clamav.net
>>>
>>>DNSDatabaseInfo enables database and software version verification
>>>through DNS TXT records, and the second database mirror acts as a
>>>fallback in
>>>case a connection to the first mirror fails for some reason.
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>Buy the MailScanner book at www.MailScanner.info/store
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From lists at ListOwners.Net  Tue Sep 28 21:34:51 2004
From: lists at ListOwners.Net (Mailing List Subscriber)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2671.1137101222.24926.mailscanner@lists.mailscanner.info>

kfliong <kfliong@WOFS.COM> said:


> I now want to refine script by allowing only mails sent to valid users.
> Those mails send to invalid users currently goes to catchall account. And I
> have configured catchall to go to /dev/null. But this is not good enough as
> these mails are still keep in queues and then processed by mailscanner. Is
> there a way to drop these mails directly from MTA level?

So you have your regular aliases defined for addresses that you want to be
deliverable, then a catchall that sends anything else to /dev/null, but you
actually want anything else to be rejected.  Pretty simple.  Just get rid of
the catchall.  End of problem.  If the invalid address does not match a
defined alias, and no catchall exists, (which is how it becomes invalid),
sendmail will automagically reject any mail sent to that address as "user
unknown" during the initial communications between hosts.  You won't wind up
queueing any mail at all this way.

Because you have a catchall defined, all addresses, real and imagined, are
valid and therefore deliverable.  Remove the catchall and the only
deliverable addresses are those you have aliases for.  The rest get rejected
automatically.  I don't see a need for any special scripts here.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Tue Sep 28 21:48:00 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:02 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2672.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,
After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
database in a struggle to get that working), I have noticed that my
percentage of high spam discards have dropped from about 75% of my
spam to about 25%.

The other thing I did last week was to clean out local rulesets in
/etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's creation?).
I was under the impression that a lot of this had been added to 3.0.
After poking around the 3.0 rulesets, I'm not convinced and I've
restored these files to /etc/mail/spamassassin.

I'm wondering what other SA 3.0 users have for local rulesets in
their spamassassin directory...  I know that bigevil.cf is now
considered a Bad Thing.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rob at THEHOSTMASTERS.COM  Tue Sep 28 21:54:05 2004
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2673.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have a question I am confused about, how do most people here use sendmail?
I mean I simply use sendmail as is out of box, so to speak with a couple
additions like Mailscanner and such. But I do not have, let me see if the
term is right, "virtual domains and users"??

I host about 50 or so domains on my sendmail box , running on redhat 9.0

They way it works now is, if you send mail to rob@domain.com, the user rob
on the system will get it. so if you sent it to rob@domain.com or
domain2.com or any other domain I accept mail for , rob will get it.

Now is this what most people do? As I get some clients asking me to stop
email going to joe@domain.com as he is joe@domain2.com but he gets the email
going to joe@domain.com

if I need to have 2 robs at a domain.com I simply create system user rob2
and forward rob@domain.com to rob2 in my virtualusertable file, and leave
the original rob there, where any other rob@domain2.com will go.

have I confused everyone now??

But I would like to simply have a set up where I can have multiple robs on
multiple domains without doing this and if email is sent to rob@domain.com
and there is no rob@domain.com but there is at domain2.com I want the email
rejected for rob@domain.com

sorry if this should not be discussed on this list....

But any info would be appreciated...

:)

Rob....



----- Original Message -----
From: "Mailing List Subscriber" <lists@ListOwners.Net>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, September 28, 2004 4:34 PM
Subject: Re: Configuring sendmail to drop invalid users


> kfliong <kfliong@WOFS.COM> said:
>
>
>> I now want to refine script by allowing only mails sent to valid users.
>> Those mails send to invalid users currently goes to catchall account. And
>> I
>> have configured catchall to go to /dev/null. But this is not good enough
>> as
>> these mails are still keep in queues and then processed by mailscanner.
>> Is
>> there a way to drop these mails directly from MTA level?
>
> So you have your regular aliases defined for addresses that you want to be
> deliverable, then a catchall that sends anything else to /dev/null, but
> you
> actually want anything else to be rejected.  Pretty simple.  Just get rid
> of
> the catchall.  End of problem.  If the invalid address does not match a
> defined alias, and no catchall exists, (which is how it becomes invalid),
> sendmail will automagically reject any mail sent to that address as "user
> unknown" during the initial communications between hosts.  You won't wind
> up
> queueing any mail at all this way.
>
> Because you have a catchall defined, all addresses, real and imagined, are
> valid and therefore deliverable.  Remove the catchall and the only
> deliverable addresses are those you have aliases for.  The rest get
> rejected
> automatically.  I don't see a need for any special scripts here.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From martinh at SOLID-STATE-LOGIC.COM  Tue Sep 28 21:56:13 2004
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:27:02 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2674.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jeff

Still on 2.64 myself, but most of the ones in
www.rulesemporium.com/rulesets plus a couple of others.

Won't be upgrading to 3.0 still 3.01 is out and fixes the pyzor issues.

I'd make sure you've turned on the surbl.org URI, I'm sure they are
enables by default I think you have to give then a score or turn them on
via an enable switch

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Jeff A. Earickson wrote:
> Hi,
> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
> database in a struggle to get that working), I have noticed that my
> percentage of high spam discards have dropped from about 75% of my
> spam to about 25%.
>
> The other thing I did last week was to clean out local rulesets in
> /etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
> bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's creation?).
> I was under the impression that a lot of this had been added to 3.0.
> After poking around the 3.0 rulesets, I'm not convinced and I've
> restored these files to /etc/mail/spamassassin.
>
> I'm wondering what other SA 3.0 users have for local rulesets in
> their spamassassin directory...  I know that bigevil.cf is now
> considered a Bad Thing.
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hunter at userfriendly.net  Tue Sep 28 21:57:14 2004
From: hunter at userfriendly.net (Michael Weiner)
Date: Thu Jan 12 21:27:02 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2675.1137101222.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-28 at 16:48 -0400, Jeff A. Earickson wrote:
> Hi,
> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
> database in a struggle to get that working), I have noticed that my
> percentage of high spam discards have dropped from about 75% of my
> spam to about 25%.
>
> The other thing I did last week was to clean out local rulesets in
> /etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
> bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's creation?).
> I was under the impression that a lot of this had been added to 3.0.
> After poking around the 3.0 rulesets, I'm not convinced and I've
> restored these files to /etc/mail/spamassassin.
>
> I'm wondering what other SA 3.0 users have for local rulesets in
> their spamassassin directory...  I know that bigevil.cf is now
> considered a Bad Thing.

I have been running 3.0 since rc1 and still use my old rule files. i use
several, as following:

$ls *.cf
99_sare_adult.cf
99_sare_biz_market_learn_post25x.cf
99_sare_fraud_post25x.cf
antidrug.cf
backhair.cf
bigevil2.cf
bogus-virus-warnings.cf
chickenpox.cf
coding_html.cf
evilnumbers.cf
general_body.cf
general_subject.cf
general_uri.cf
header_abuse.cf
meta_addition.cf
mr_wiggly.cf
random.current.cf
ratware.cf
regression_tests.cf
sa-blacklist.current.uri.cf
tripwire.cf
vbounce.cf
weeds.cf

As for your other issue regarding the high spam discards, i have not
seen that, but others may have. i would imagine it depends on your
scoring, etc.

HTH
Michael Weiner

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Tue Sep 28 21:59:42 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:02 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2676.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jeff A. Earickson
> Sent: Tuesday, September 28, 2004 4:48 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: SA 3.0.0, what other local cf files?
>
> Hi,
> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
> database in a struggle to get that working), I have noticed that my
> percentage of high spam discards have dropped from about 75% of my
> spam to about 25%.
>
> The other thing I did last week was to clean out local rulesets in
> /etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
> bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's
> creation?).
> I was under the impression that a lot of this had been added to 3.0.
> After poking around the 3.0 rulesets, I'm not convinced and I've
> restored these files to /etc/mail/spamassassin.
>
> I'm wondering what other SA 3.0 users have for local rulesets in
> their spamassassin directory...  I know that bigevil.cf is now
> considered a Bad Thing.
>

Jeff,

Install Rules_Du_Jour. I've put together a starter kit at:

        http://www.fsl.com/support/Rules_Du_Jour.tar.gz


Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jeff at IMAGE-SRC.COM  Tue Sep 28 22:03:08 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:27:02 2006
Subject: user_prefs file
Message-ID: <mailman.2677.1137101222.24926.mailscanner@lists.mailscanner.info>

You should modify the config file comments as it is misleading. I read a
bunch of posts from other sites with admins who misinterpeted the
comments as well.

Thanks,

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Tuesday, September 28, 2004 12:51 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: user_prefs file


This has been mentioned many times here. MailScanner always calls
SpamAssassin as the same user. The real username to use would only be
known
at delivery time, which is long after MailScanner has got out of the
way. I
don't interfere with the delivery process at all as it is far too
complicated for most users to be able to setup without lots of help :-)

The things that people usually want to configure per-user are
configurable
via MailScanner instead. This includes the score thresholds and actions,
and the white and black lists. And if you want to read these from an
SQL,
LDAP or other storage system, you can do all of that with simple Custom
Functions.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wont-i at wkh.org  Tue Sep 28 22:05:22 2004
From: wont-i at wkh.org (William K. Hardeman)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2678.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--On Tuesday, September 28, 2004 16:17 +0800 kfliong <kfliong@WOFS.COM>
wrote:

> Hi all,
>
> As you know, i was having "joe-job" attack yesterday. I have since fixed
> it
> by adding the script provided by Steve to sendmail.cf file.
>
> I now want to refine script by allowing only mails sent to valid users.
> Those mails send to invalid users currently goes to catchall account. And
> I
> have configured catchall to go to /dev/null. But this is not good enough
> as
> these mails are still keep in queues and then processed by mailscanner. Is
> there a way to drop these mails directly from MTA level?

I would suggest you look into doing real time user lookups to determine if
the user exists. If the user doesn't, you can have sendmail break the
connection immediately, before receiving any data. The only page I know
discussing it in detail is is
http://anfi.homeunix.net/sendmail/rtcyrus2.html which is specific to
connecting Sendmail and Cyrus together to do real-time user lookups.

Hope this helps some
Will

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From listonly at WEBPRESENCEGROUP.NET  Tue Sep 28 22:07:52 2004
From: listonly at WEBPRESENCEGROUP.NET (David Thurman)
Date: Thu Jan 12 21:27:02 2006
Subject: SA 3.0.0, what other local cf files? [Scanned]
Message-ID: <mailman.2679.1137101222.24926.mailscanner@lists.mailscanner.info>

On 9/28/04 3:48 PM, "Jeff A. Earickson" wrote:

> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
> database in a struggle to get that working), I have noticed that my
> percentage of high spam discards have dropped from about 75% of my
> spam to about 25%.

Odd? We did a complete upgrade of MS and SA and we removed ALL our rules and
flow of spam is actually even less, not hearing any FP from anyone so I am
thinking it is doing a better job, also our load has gone from a 4 down to a
.6 to 1.7. Or maybe we are in a black hole;)
--
David Thurman
The Web Presence Group
http://www.the-presence.com
Web Development/E-Commerce/CMS/Hosting/Dedicated Servers
800-399-6441/309-679-0774

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From splee at plexio.com  Tue Sep 28 22:17:45 2004
From: splee at plexio.com (Stephen Lee)
Date: Thu Jan 12 21:27:02 2006
Subject: Extraneous msg with MS 4.34.7-1 autoupdate?
Message-ID: <mailman.2680.1137101222.24926.mailscanner@lists.mailscanner.info>

Thanks much Julian! No more error. Thanks again for a great product.

Stephen
On Tue, 2004-09-28 at 11:36, Julian Field wrote:
> That will be the champagne I had after lunch getting its own back. I forgot
> to add the generic-wrapper and generic-autoupdate to the RPM packages.
>
> The missing files are attached. They should go in /usr/lib/MailScanner
> along with all the other -wrapper and -autoupdate scripts.
>
> At 19:24 28/09/2004, you wrote:
> >Hi,
> >
> >I just installed the MS 4.34.7-1 RPM on to a Fedora Core 2 / Exim 4.34 /
> >Sophos box. Everthing seems to be running fine except I get the
> >following message during the hourly autoupdates:
> >
> >/etc/cron.hourly/update_virus_scanners:
> >
> >/usr/sbin/update_virus_scanners: line 34:
> >/usr/lib/MailScanner/generic-wrapper: No such file or directory
>
> You can safely ignore this, but if you install the attached files the
> message should go away.
>
> ______________________________________________________________________
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gib at TMISNET.COM  Tue Sep 28 23:15:09 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2681.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi.

I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
tried posting this question to the ClamAV-Users list but haven't gotten a
response as of yet, and I'm wondering if anyone has any ideas what might be
going on. I have been using ClamAV-0.75.1 with great success. Here is the
error I get when running the make command.

# make
make  all-recursive
Making all in libclamav
source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
-DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2 -c -o
mbox.lo mbox.c
rm -f .libs/mbox.lo
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
mbox.c:516: curl/curl.h: No such file or directory
*** Error code 1

Any help you give would be appreciated

Thanks

gib




--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From b.addis at TIMESMEDIA.CO.NZ  Tue Sep 28 23:21:41 2004
From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2682.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Seems you need curl, or at least the curl dev libraries?

(Curl being much like wget)

Gib Gilbertson Jr. wrote:

> Hi.
>
> I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
> tried posting this question to the ClamAV-Users list but haven't gotten a
> response as of yet, and I'm wondering if anyone has any ideas what
> might be
> going on. I have been using ClamAV-0.75.1 with great success. Here is the
> error I get when running the make command.
>
> # make
> make  all-recursive
> Making all in libclamav
> source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
> tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
> ../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
> -DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2
> -c -o
> mbox.lo mbox.c
> rm -f .libs/mbox.lo
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
> mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
> mbox.c:516: curl/curl.h: No such file or directory
> *** Error code 1
>
> Any help you give would be appreciated
>
> Thanks
>
> gib
>
>
>
>
> --
>
>      Gib Gilbertson Jr.
>     Tierramiga Info Systems
>      619-287-8647 Support
>      http://www.tmisnet.com
>      San Diego's "Friendly ISP"
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--
Regards,

Brent Addis
Group Systems Administrator
Times Media Group

Mob: 021 890 241
DDI: 488 3433

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Tue Sep 28 23:51:37 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2683.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Gib Gilbertson Jr.
> Sent: Tuesday, September 28, 2004 6:15 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: ClamAV 0.80rc3
>
> Hi.
>
> I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
> tried posting this question to the ClamAV-Users list but haven't gotten a
> response as of yet, and I'm wondering if anyone has any ideas what might
> be
> going on. I have been using ClamAV-0.75.1 with great success. Here is the
> error I get when running the make command.
>
> # make
> make  all-recursive
> Making all in libclamav
> source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
> tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
> ../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
> -DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2 -c -o
> mbox.lo mbox.c
> rm -f .libs/mbox.lo
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
> mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
> mbox.c:516: curl/curl.h: No such file or directory
> *** Error code 1
>
> Any help you give would be appreciated
I'm having problems install ClamAV on Fedora Core 1 and Red Hat Ent 2.1 ES
systems. Look lie it's time to join the ClamAV list again :(

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gib at TMISNET.COM  Wed Sep 29 00:00:59 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2684.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi.

Curl is installed.

# which curl
/usr/local/bin/curl

At 10:21 AM 9/29/2004 +1200, you wrote:
>Seems you need curl, or at least the curl dev libraries?
>
>(Curl being much like wget)
>
>Gib Gilbertson Jr. wrote:
>
>>Hi.
>>
>>I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
>>tried posting this question to the ClamAV-Users list but haven't gotten a
>>response as of yet, and I'm wondering if anyone has any ideas what
>>might be
>>going on. I have been using ClamAV-0.75.1 with great success. Here is the
>>error I get when running the make command.
>>
>># make
>>make  all-recursive
>>Making all in libclamav
>>source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
>>tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
>>../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
>>-DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2
>>-c -o
>>mbox.lo mbox.c
>>rm -f .libs/mbox.lo
>>gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
>>mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
>>mbox.c:516: curl/curl.h: No such file or directory
>>*** Error code 1
>>
>>Any help you give would be appreciated
>>
>>Thanks
>>
>>gib
>>
>>
>>
>>
>>--
>>
>>      Gib Gilbertson Jr.
>>     Tierramiga Info Systems
>>      619-287-8647 Support
>>      http://www.tmisnet.com
>>      San Diego's "Friendly ISP"
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>--
>Regards,
>
>Brent Addis
>Group Systems Administrator
>Times Media Group
>
>Mob: 021 890 241
>DDI: 488 3433
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mgt at STELLARCORE.NET  Wed Sep 29 00:12:08 2004
From: mgt at STELLARCORE.NET (Mike Tremaine)
Date: Thu Jan 12 21:27:02 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2685.1137101222.24926.mailscanner@lists.mailscanner.info>

On Tue, 2004-09-28 at 13:54, Rob wrote:

This probably belongs on the sendmail news group but here goes...

> if I need to have 2 robs at a domain.com I simply create system user rob2
> and forward rob@domain.com to rob2 in my virtualusertable file, and leave
> the original rob there, where any other rob@domain2.com will go.
>

I get the feeling you are using this as a gateway? If not then what are
the real usernames on the system level?


> But I would like to simply have a set up where I can have multiple robs on
> multiple domains without doing this and if email is sent to rob@domain.com
> and there is no rob@domain.com but there is at domain2.com I want the email
> rejected for rob@domain.com
>

/etc/mail/virtualusertable [As you know] is pretty powerful generally I
do this for each virtual domain

bob@domain.com    blastname
rob@domain.com    rlastname
@domain.com       error:nouser No such user here

rob@domain2.com   rdifferntname
@domain2.com    error:nouser No such user here


That maps the alias@domain to the localuser and stops "bleed through".
Critical so you don;t get all the webmaster and postmaster and root
@domain junk.

But I think you know this and are actually asking about something
else...

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From b.addis at TIMESMEDIA.CO.NZ  Wed Sep 29 00:18:02 2004
From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2686.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
thats the curl binary. you need the curl dev libraries.

What are you installing it on?




Gib Gilbertson Jr. wrote:

> Hi.
>
> Curl is installed.
>
> # which curl
> /usr/local/bin/curl
>
> At 10:21 AM 9/29/2004 +1200, you wrote:
>
>> Seems you need curl, or at least the curl dev libraries?
>>
>> (Curl being much like wget)
>>
>> Gib Gilbertson Jr. wrote:
>>
>>> Hi.
>>>
>>> I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
>>> tried posting this question to the ClamAV-Users list but haven't
>>> gotten a
>>> response as of yet, and I'm wondering if anyone has any ideas what
>>> might be
>>> going on. I have been using ClamAV-0.75.1 with great success. Here
>>> is the
>>> error I get when running the make command.
>>>
>>> # make
>>> make  all-recursive
>>> Making all in libclamav
>>> source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
>>> tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
>>> ../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
>>> -DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2
>>> -c -o
>>> mbox.lo mbox.c
>>> rm -f .libs/mbox.lo
>>> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
>>> mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
>>> mbox.c:516: curl/curl.h: No such file or directory
>>> *** Error code 1
>>>
>>> Any help you give would be appreciated
>>>
>>> Thanks
>>>
>>> gib
>>>
>>>
>>>
>>>
>>> --
>>>
>>>      Gib Gilbertson Jr.
>>>     Tierramiga Info Systems
>>>      619-287-8647 Support
>>>      http://www.tmisnet.com
>>>      San Diego's "Friendly ISP"
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>
>> --
>> Regards,
>>
>> Brent Addis
>> Group Systems Administrator
>> Times Media Group
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
> --
>
>      Gib Gilbertson Jr.
>     Tierramiga Info Systems
>      619-287-8647 Support
>      http://www.tmisnet.com
>      San Diego's "Friendly ISP"
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--
Regards,

Brent Addis
Group Systems Administrator
Times Media Group

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From raymond at PROLOCATION.NET  Wed Sep 29 00:18:18 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2687.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

>
> Curl is installed.
>
> # which curl
> /usr/local/bin/curl

The curl development package is most likely what you are missing?
Not curl itself.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 00:21:01 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:02 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2688.1137101222.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Gib Gilbertson Jr.
> Sent: Tuesday, September 28, 2004 5:15 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: ClamAV 0.80rc3
>
>
> Hi.
>
> I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
> tried posting this question to the ClamAV-Users list but haven't gotten a
> response as of yet, and I'm wondering if anyone has any ideas
> what might be
> going on. I have been using ClamAV-0.75.1 with great success. Here is the
> error I get when running the make command.
>
> # make
> make  all-recursive
> Making all in libclamav
> source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
> tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
> ../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
> -DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2 -c -o
> mbox.lo mbox.c
> rm -f .libs/mbox.lo
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
> mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
> mbox.c:516: curl/curl.h: No such file or directory
> *** Error code 1
>
> Any help you give would be appreciated
>
> Thanks

Either you do not have the curl development package installed, or no curl at
all. Either install curl or try adding --without-libcurl to your ./configure
line. the latest clamav will follow urls embedded in your emails and check
the links for a virus as well as the attached files. It works pretty slick.
I have tested it with exiscan but it's not usable with MS, even if you patch
it to use the CL_SCAN_MAILURI flag since MailScanner doesn't hand the entire
message, as a whole, to the virus scanner.

If you have no way to use it you might as well disable it anyway. It's also
not recommended for use with heavily loaded mail systems since it causes
clam to call curl and download the link(s) to scan.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gib at TMISNET.COM  Wed Sep 29 00:21:53 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2689.1137101222.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi

FreeBSD 4.10

At 11:18 AM 9/29/2004 +1200, you wrote:
>thats the curl binary. you need the curl dev libraries.
>
>What are you installing it on?
>
>
>
>
>Gib Gilbertson Jr. wrote:
>
>>Hi.
>>
>>Curl is installed.
>>
>># which curl
>>/usr/local/bin/curl
>>
>>At 10:21 AM 9/29/2004 +1200, you wrote:
>>
>>>Seems you need curl, or at least the curl dev libraries?
>>>
>>>(Curl being much like wget)
>>>
>>>Gib Gilbertson Jr. wrote:
>>>
>>>>Hi.
>>>>
>>>>I'm trying to install ClamAV-0.80rc3 and I'm having some problems. I've
>>>>tried posting this question to the ClamAV-Users list but haven't
>>>>gotten a
>>>>response as of yet, and I'm wondering if anyone has any ideas what
>>>>might be
>>>>going on. I have been using ClamAV-0.75.1 with great success. Here
>>>>is the
>>>>error I get when running the make command.
>>>>
>>>># make
>>>>make  all-recursive
>>>>Making all in libclamav
>>>>source='mbox.c' object='mbox.lo' libtool=yes  depfile='.deps/mbox.Plo'
>>>>tmpdepfile='.deps/mbox.TPlo'  depmode=gcc /usr/local/bin/bash
>>>>../depcomp  /usr/local/bin/bash ../libtool --mode=compile gcc
>>>>-DHAVE_CONFIG_H  -I. -I. -I.. -I.. -I./zziplib -I./mspack     -g -O2
>>>>-c -o
>>>>mbox.lo mbox.c
>>>>rm -f .libs/mbox.lo
>>>>gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -g -O2 -c
>>>>mbox.c -Wp,-MD,.deps/mbox.TPlo  -fPIC -DPIC -o .libs/mbox.lo
>>>>mbox.c:516: curl/curl.h: No such file or directory
>>>>*** Error code 1
>>>>
>>>>Any help you give would be appreciated
>>>>
>>>>Thanks
>>>>
>>>>gib
>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>
>>>>      Gib Gilbertson Jr.
>>>>     Tierramiga Info Systems
>>>>      619-287-8647 Support
>>>>      http://www.tmisnet.com
>>>>      San Diego's "Friendly ISP"
>>>>
>>>>------------------------ MailScanner list ------------------------
>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>>'leave mailscanner' in the body of the email.
>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>
>>>
>>>--
>>>Regards,
>>>
>>>Brent Addis
>>>Group Systems Administrator
>>>Times Media Group
>>>
>>>
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>>
>>--
>>
>>      Gib Gilbertson Jr.
>>     Tierramiga Info Systems
>>      619-287-8647 Support
>>      http://www.tmisnet.com
>>      San Diego's "Friendly ISP"
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>--
>Regards,
>
>Brent Addis
>Group Systems Administrator
>Times Media Group
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 00:24:16 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2690.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Gib Gilbertson Jr.
> Sent: Tuesday, September 28, 2004 6:01 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: ClamAV 0.80rc3
>
>
> Hi.
>
> Curl is installed.
>
> # which curl
> /usr/local/bin/curl
>

Where is your curl.h located? I believe the default location is
/usr/local/include/curl, but the development package for curl is most
important and as I recall it comes in a separate RPM if that is how it was
loaded

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From gib at TMISNET.COM  Wed Sep 29 00:43:16 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2691.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi Rick.

Thanks, that took care of it. Curl was installed, added --without-libcurl
and working like a charm. Now just need to get the new jpeg virus sent
through to test.

At 06:21 PM 9/28/2004 -0500, you wrote:

>all. Either install curl or try adding --without-libcurl to your ./configure


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From gib at TMISNET.COM  Wed Sep 29 01:07:29 2004
From: gib at TMISNET.COM (Gib Gilbertson Jr.)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2692.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:24 PM 9/28/2004 -0500, you wrote:
> >
> > Hi.
> >
> > Curl is installed.
> >
> > # which curl
> > /usr/local/bin/curl
> >
>
>Where is your curl.h located? I believe the default location is
>/usr/local/include/curl, but the development package for curl is most
>important and as I recall it comes in a separate RPM if that is how it was
>loaded

/usr/local/include/curl/curl.h

On FreeBSD 4.10

I can't find a curl developer port on the system.

I used

# ./configure --without-libcurl

and then ran make and make install and it installed fine. Updated the
freshclam.conf file as per the README and things are working correctly now.

Thanks

gib


--

      Gib Gilbertson Jr.
     Tierramiga Info Systems
      619-287-8647 Support
      http://www.tmisnet.com
      San Diego's "Friendly ISP"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 01:44:00 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2693.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 21:48 28/09/2004, you wrote:
>Hi,
>After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
>database in a struggle to get that working), I have noticed that my
>percentage of high spam discards have dropped from about 75% of my
>spam to about 25%.
>
>The other thing I did last week was to clean out local rulesets in
>/etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
>bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's creation?).
>I was under the impression that a lot of this had been added to 3.0.
>After poking around the 3.0 rulesets, I'm not convinced and I've
>restored these files to /etc/mail/spamassassin.

Of that lot, the only ones you need to keep are antidrug.cf and
bogus-virus-warnings.cf, the others are all built in.
If you use bogus-virus-warnings.cf, please set
         score VIRUS_WARNING62 0
or else posts from me will often get thrown away :-(
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 01:44:40 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: user_prefs file
Message-ID: <mailman.2694.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Exactly which comments and what wording would you prefer?

At 22:03 28/09/2004, you wrote:
>You should modify the config file comments as it is misleading. I read a
>bunch of posts from other sites with admins who misinterpeted the
>comments as well.
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Tuesday, September 28, 2004 12:51 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: user_prefs file
>
>
>This has been mentioned many times here. MailScanner always calls
>SpamAssassin as the same user. The real username to use would only be
>known
>at delivery time, which is long after MailScanner has got out of the
>way. I
>don't interfere with the delivery process at all as it is far too
>complicated for most users to be able to setup without lots of help :-)
>
>The things that people usually want to configure per-user are
>configurable
>via MailScanner instead. This includes the score thresholds and actions,
>and the white and black lists. And if you want to read these from an
>SQL,
>LDAP or other storage system, you can do all of that with simple Custom
>Functions.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Wed Sep 29 02:02:54 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2695.1137101223.24926.mailscanner@lists.mailscanner.info>

Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They all have the below scores in common when looking at the message details via MailWatch.  But a LOT of these are obviously spam messages, even though they score as below.

spam autolearn=not   
-3.30 ALL_TRUSTED   
-2.60 BAYES_00 Bayesian spam probability is 0 to 1% 

Is this a problem with Bayes; and if so, should I just wipe it out and let it recreate from scratch?  And if so, can I just stop MS, delete the Bayes files and restart MS?

thx
Matt
MS 4.33.3 / SA 3.0




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Wed Sep 29 02:02:54 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2696.1137101223.24926.mailscanner@lists.mailscanner.info>

Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They all have the below scores in common when looking at the message details via MailWatch.  But a LOT of these are obviously spam messages, even though they score as below.

spam autolearn=not   
-3.30 ALL_TRUSTED   
-2.60 BAYES_00 Bayesian spam probability is 0 to 1% 

Is this a problem with Bayes; and if so, should I just wipe it out and let it recreate from scratch?  And if so, can I just stop MS, delete the Bayes files and restart MS?

thx
Matt
MS 4.33.3 / SA 3.0




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Wed Sep 29 02:08:15 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2697.1137101223.24926.mailscanner@lists.mailscanner.info>

>>> mkehler@WRHA.MB.CA 09/28/04 20:03 PM >>>
>Since I moved to SA 3.0, I seem to have a LOT more >spam getting by.  They all have the below scores in >common when looking at the message details via >MailWatch.  But a LOT of these are obviously spam >messages, even though they score as below.>
>
>spam autolearn=not   
>-3.30 ALL_TRUSTED   
>-2.60 BAYES_00 Bayesian spam probability is 0 to 1% 

FYI, sa-learn --dump shows as per below, if that helps.  Started using it in October of 2003; its never been cleared.

[root@sydney spamassassin]# sa-learn --dump |more
0.000          0          3          0  non-token data: bayes db version
0.000          0        630          0  non-token data: nspam
0.000          0      13696          0  non-token data: nham
0.000          0     140889          0  non-token data: ntokens
0.000          0 1066323290          0  non-token data: oldest atime
0.000          0 1096290975          0  non-token data: newest atime
0.000          0 1096419917          0  non-token data: last journal sync atime
0.000          0 1096419930          0  non-token data: last expiry atime
0.000          0     345600          0  non-token data: last expire atime delta
0.000          0      18729          0  non-token data: last expire reduction count




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Wed Sep 29 02:08:15 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2698.1137101223.24926.mailscanner@lists.mailscanner.info>

>>> mkehler@WRHA.MB.CA 09/28/04 20:03 PM >>>
>Since I moved to SA 3.0, I seem to have a LOT more >spam getting by.  They all have the below scores in >common when looking at the message details via >MailWatch.  But a LOT of these are obviously spam >messages, even though they score as below.>
>
>spam autolearn=not   
>-3.30 ALL_TRUSTED   
>-2.60 BAYES_00 Bayesian spam probability is 0 to 1% 

FYI, sa-learn --dump shows as per below, if that helps.  Started using it in October of 2003; its never been cleared.

[root@sydney spamassassin]# sa-learn --dump |more
0.000          0          3          0  non-token data: bayes db version
0.000          0        630          0  non-token data: nspam
0.000          0      13696          0  non-token data: nham
0.000          0     140889          0  non-token data: ntokens
0.000          0 1066323290          0  non-token data: oldest atime
0.000          0 1096290975          0  non-token data: newest atime
0.000          0 1096419917          0  non-token data: last journal sync atime
0.000          0 1096419930          0  non-token data: last expiry atime
0.000          0     345600          0  non-token data: last expire atime delta
0.000          0      18729          0  non-token data: last expire reduction count




This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 02:10:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2699.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:02 29/09/2004, you wrote:
>Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They
>all have the below scores in common when looking at the message details
>via MailWatch.  But a LOT of these are obviously spam messages, even
>though they score as below.
>
>spam autolearn=not
>-3.30 ALL_TRUSTED
>-2.60 BAYES_00 Bayesian spam probability is 0 to 1%

Did you do the Bayes db format upgrade as described in the installation
notes for SA3?

>Is this a problem with Bayes;

Most likely, yes.

>  and if so, should I just wipe it out and let it recreate from
> scratch?  And if so, can I just stop MS, delete the Bayes files and restart MS?

Yes you can. You don't actually need to restart MS in this situation, I
think SA3 rebinds to the db for every message.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Wed Sep 29 02:29:45 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2700.1137101223.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/28/04 20:10 PM >>>
At 02:02 29/09/2004, you wrote:
>Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They
>all have the below scores in common when looking at the message details
>via MailWatch.  But a LOT of these are obviously spam messages, even
>though they score as below.
>
>spam autolearn=not
>-3.30 ALL_TRUSTED
>-2.60 BAYES_00 Bayesian spam probability is 0 to 1%

>>Did you do the Bayes db format upgrade as described >>in the installation
>>notes for SA3?

Yep, shut it all down, ran a sa-learn --sync

>Is this a problem with Bayes;

>>Most likely, yes.

>  and if so, should I just wipe it out and let it recreate from
> scratch?  And if so, can I just stop MS, delete the Bayes files and restart MS?

>>Yes you can. You don't actually need to restart MS >>in this situation, I
>>think SA3 rebinds to the db for every message.

Just to clarify then, is deleting everything from /root/.spamassasin/ the same as running a ' sa-learn --clear '?

thanks!
Matt


This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mkehler at WRHA.MB.CA  Wed Sep 29 02:29:45 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2701.1137101223.24926.mailscanner@lists.mailscanner.info>

>>> mailscanner@ECS.SOTON.AC.UK 09/28/04 20:10 PM >>>
At 02:02 29/09/2004, you wrote:
>Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They
>all have the below scores in common when looking at the message details
>via MailWatch.  But a LOT of these are obviously spam messages, even
>though they score as below.
>
>spam autolearn=not
>-3.30 ALL_TRUSTED
>-2.60 BAYES_00 Bayesian spam probability is 0 to 1%

>>Did you do the Bayes db format upgrade as described >>in the installation
>>notes for SA3?

Yep, shut it all down, ran a sa-learn --sync

>Is this a problem with Bayes;

>>Most likely, yes.

>  and if so, should I just wipe it out and let it recreate from
> scratch?  And if so, can I just stop MS, delete the Bayes files and restart MS?

>>Yes you can. You don't actually need to restart MS >>in this situation, I
>>think SA3 rebinds to the db for every message.

Just to clarify then, is deleting everything from /root/.spamassasin/ the same as running a ' sa-learn --clear '?

thanks!
Matt


This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Wed Sep 29 03:24:06 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV 0.80rc3
Message-ID: <mailman.2702.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Gib Gilbertson Jr.
> Sent: Tuesday, September 28, 2004 7:07 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: ClamAV 0.80rc3
>
>
> At 06:24 PM 9/28/2004 -0500, you wrote:
> > >
> > > Hi.
> > >
> > > Curl is installed.
> > >
> > > # which curl
> > > /usr/local/bin/curl
> > >
> >
> >Where is your curl.h located? I believe the default location is
> >/usr/local/include/curl, but the development package for curl is most
> >important and as I recall it comes in a separate RPM if that is
> how it was
> >loaded
>
> /usr/local/include/curl/curl.h
>
> On FreeBSD 4.10
>
> I can't find a curl developer port on the system.
>
> I used
>
> # ./configure --without-libcurl
>
> and then ran make and make install and it installed fine. Updated the
> freshclam.conf file as per the README and things are working
> correctly now.
>
> Thanks
>

Your welcome. If you want to compile with the curl functions try adding

CPPFLAGS=-I/usr/local/include OR  --includedir=/usr/local/include
OR --oldincludedir=/usr/local/include (if not gcc) (but I would think the
CPPFLAGS directive would work)

to your configure command (without the --without-libcurl option) and see if
it doesn't find your curl header file.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Wed Sep 29 03:38:00 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2703.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 29 Sep 2004, Julian Field wrote:

> Date: Wed, 29 Sep 2004 01:44:00 +0100
> From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0.0, what other local cf files?
>
> At 21:48 28/09/2004, you wrote:
>> Hi,
>> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
>> database in a struggle to get that working), I have noticed that my
>> percentage of high spam discards have dropped from about 75% of my
>> spam to about 25%.
>>
>> The other thing I did last week was to clean out local rulesets in
>> /etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
>> bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve Swaney's creation?).
>> I was under the impression that a lot of this had been added to 3.0.
>> After poking around the 3.0 rulesets, I'm not convinced and I've
>> restored these files to /etc/mail/spamassassin.
>
> Of that lot, the only ones you need to keep are antidrug.cf and
> bogus-virus-warnings.cf, the others are all built in.
> If you use bogus-virus-warnings.cf, please set
>        score VIRUS_WARNING62 0
> or else posts from me will often get thrown away :-(

Before using bogus-warnings, I always go thru it and comment out all
rulesets that reference MailScanner.  I've been burned by that before.

The only one of the four above that hasn't been used since I added
them back in is multi.surbl.org.cf.  In fact my MS syslogs since upgrading
to SA 3.0 show zero use of SURBL (either multi.surbl.org.cf or 25_uribl.cf)
so something is clearly broken there.  Nonuse of SURBL could account
for my increase in spam.  Wonder why it broke...

BTW, I am still running MS 4.33.3.  Do I need to upgrade to 4.34.x
to get the full benefit of SA 3.0?  I was waiting for the paint to dry.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Wed Sep 29 03:41:41 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2704.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Tue, 28 Sep 2004, Matt Kehler wrote:

> Date: Tue, 28 Sep 2004 20:02:54 -0500
> From: Matt Kehler <mkehler@WRHA.MB.CA>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: More spam since moving to SA 3.0?
>
> Since I moved to SA 3.0, I seem to have a LOT more spam getting by.  They all have the below scores in common when looking at the message details via MailWatch.  But a LOT of these are obviously spam messages, even though they score as below.

Are you using SURBL?  Were you in SA 2.64?  Did it quit working after the
SA 3.0 upgrade?  Grep your syslogs for SURBL to find out.  This looks like
an issue I have to solve in my case.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 03:59:00 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2705.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Jeff A. Earickson
> Sent: Tuesday, September 28, 2004 9:38 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0.0, what other local cf files?
>
>
> On Wed, 29 Sep 2004, Julian Field wrote:
>
> > Date: Wed, 29 Sep 2004 01:44:00 +0100
> > From: Julian Field <mailscanner@ECS.SOTON.AC.UK>
> > Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: SA 3.0.0, what other local cf files?
> >
> > At 21:48 28/09/2004, you wrote:
> >> Hi,
> >> After upgrading from SA 2.64 to 3.0 last week (and wiping out my Bayes
> >> database in a struggle to get that working), I have noticed that my
> >> percentage of high spam discards have dropped from about 75% of my
> >> spam to about 25%.
> >>
> >> The other thing I did last week was to clean out local rulesets in
> >> /etc/mail/spamassassin -- I removed backhair.cf, antidrug.cf,
> >> bogus-virus-warnings.cf, and multi.surbl.org.cf (Steve
> Swaney's creation?).
> >> I was under the impression that a lot of this had been added to 3.0.
> >> After poking around the 3.0 rulesets, I'm not convinced and I've
> >> restored these files to /etc/mail/spamassassin.
> >
> > Of that lot, the only ones you need to keep are antidrug.cf and
> > bogus-virus-warnings.cf, the others are all built in.
> > If you use bogus-virus-warnings.cf, please set
> >        score VIRUS_WARNING62 0
> > or else posts from me will often get thrown away :-(
>
> Before using bogus-warnings, I always go thru it and comment out all
> rulesets that reference MailScanner.  I've been burned by that before.
>
> The only one of the four above that hasn't been used since I added
> them back in is multi.surbl.org.cf.  In fact my MS syslogs since upgrading
> to SA 3.0 show zero use of SURBL (either multi.surbl.org.cf or
> 25_uribl.cf)
> so something is clearly broken there.  Nonuse of SURBL could account
> for my increase in spam.  Wonder why it broke...
>
> BTW, I am still running MS 4.33.3.  Do I need to upgrade to 4.34.x
> to get the full benefit of SA 3.0?  I was waiting for the paint to dry.
>

Just for chuckles and grins, su to the user that runs SA and do a
spamassassin -D --lint 2>&1 | less

and look at your DNS test section toward the top of output. I had noticed
that 8 out of 10 times I would see a failure notice. I could immediately dig
the host that could not be reached and it would resolve instantly. I made
sure all the network/dns perl mods were current and that wouldn't matter. I
added dns_available (in the spamassassin.prefs file) with a list of MY
servers that I knew were resolvable forward and reverse and it would still
fail. I then added "dns_available yes" and all the problems were gone. I
still have to look into why SA was failing without forcing it to skip the
availability tests. (yes caching dns server, no default not 127.0.0.1, bind9
latest). If you see a failure, and you have working DNS, add the
dns_available yes to your spam.assassin.prefs.conf and see what happens.

I'll get around to it sooner or later. This was not an issue prior to 3.0

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shearmagic at gmail.com  Wed Sep 29 05:22:23 2004
From: shearmagic at gmail.com (Edmond Yeoh)
Date: Thu Jan 12 21:27:03 2006
Subject: user_prefs file
Message-ID: <mailman.2706.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi Julian :)

With reference to one of your previous mail:

> And if you want to read these from an SQL,
> LDAP or other storage system, you can do all of that with simple Custom
> Functions.

I'm a little bit confused because previously, you did mention that
there was no way for MailScanner to find out the real username and you
would not want to interfere with the delivery process. However, now it
looks like there may be Custom Functions that can be used to load the
preference from a LDAP or SQL server.
Do you know of any samples / examples of these customs functions to
read from an SQL / LDAP servers? I was trying to look for any
information on this, but could not find any. Any useful URLs could
help would be greatly appreciated. Thanks!

Regards,
Edmond

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From james_gray at OCS.COM  Wed Sep 29 06:03:45 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:27:03 2006
Subject: Perl libraries not being picked up
Message-ID: <mailman.2707.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi All,

My Debian Woody (+backports.org) install is having a problem with
CPAN-installed modules not being picked up by SpamAssassin 3.0.

$perl -v:
...snipped...
Characteristics of this binary (from libperl):
  Compile-time options: USE_LARGE_FILES
  Built under linux
  Compiled at Apr  4 2004 05:57:53
  @INC:
    /usr/local/lib/perl/5.6.1
    /usr/local/share/perl/5.6.1
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.6.1
    /usr/share/perl/5.6.1
    /usr/local/lib/site_perl
    .

I did a fresh "install Net::DNS" from a CPAN shell which installed Net::DNS
version 0.48 into /usr/local/lib/perl/5.6.1/Net.  Notice above that
"/usr/local/lib/perl/5.6.1" is at the top of the @INC list, so anything under
it should be picked up first (right??)

However, linting the SpamAssassin rules with debug (running as the "mail"
user):

#su - mail -c "spamassassin --lint \
-p /etc/MailScanner/spam.assassin.prefs.conf \
--debug" 2>&1 | grep -i dns

...reveals the following error (and a bunch of others about RBL's which I
believe are releated to this problem):

debug: diag: module installed: Net::DNS, version 0.19
debug: Net::DNS version is 0.19, but need 0.34

So why is SpamAssassin *NOT* seeing the newer Net::DNS?  Is there a config
I've missed somewhere??

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mbullock at TROIKANETWORKS.COM  Wed Sep 29 06:06:57 2004
From: mbullock at TROIKANETWORKS.COM (Matt Bullock)
Date: Thu Jan 12 21:27:03 2006
Subject: Configuring sendmail to drop invalid users
Message-ID: <mailman.2708.1137101223.24926.mailscanner@lists.mailscanner.info>

Just a quick opinion regarding catch-all configurations - without one
set up, if someone misspells your name sending you an email, they would
get an almost immediate reply that the address doesn't exist.  With a
catch-all they would never get any notice that the email they sent
didn't arrive as planned.  I like the idea of not having a ton of bogus
return email sitting in the outbound queue, but I think it's a good
tradeoff so an accidental misspelling doesn't end up in limbo.


Regards,

Matt Bullock
Troika Networks, Inc.
Network Administrator
805.367.2728

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of kfliong
Sent: Tuesday, September 28, 2004 1:17 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Configuring sendmail to drop invalid users

Hi all,

As you know, i was having "joe-job" attack yesterday. I have since fixed
it by adding the script provided by Steve to sendmail.cf file.

I now want to refine script by allowing only mails sent to valid users.
Those mails send to invalid users currently goes to catchall account.
And I have configured catchall to go to /dev/null. But this is not good
enough as these mails are still keep in queues and then processed by
mailscanner. Is there a way to drop these mails directly from MTA level?

I have looked in the link in mailscanner.info that teaches how to check
for valid users but that uses windows active directory users. I am using
ensim pro on the same box with sendmail. Any solution to this?

Thanks in advance.

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike.norton at JOBSITE.CO.UK  Wed Sep 29 08:56:29 2004
From: mike.norton at JOBSITE.CO.UK (Mike Norton)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2709.1137101223.24926.mailscanner@lists.mailscanner.info>

Is it safe to upgrade to ClamAVModule (clamav 0.80rc3) on a production server 
as I would like to block any JPEG viruses should they hit our mailserver ?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike.norton at JOBSITE.CO.UK  Wed Sep 29 08:56:29 2004
From: mike.norton at JOBSITE.CO.UK (Mike Norton)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2710.1137101223.24926.mailscanner@lists.mailscanner.info>

Is it safe to upgrade to ClamAVModule (clamav 0.80rc3) on a production server
as I would like to block any JPEG viruses should they hit our mailserver ?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep 29 09:24:23 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2711.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
> Just for chuckles and grins, su to the user that runs SA and do a
> spamassassin -D --lint 2>&1 | less
>
> and look at your DNS test section toward the top of output. I had noticed
> that 8 out of 10 times I would see a failure notice. I could immediately dig
> the host that could not be reached and it would resolve instantly. I made
> sure all the network/dns perl mods were current and that wouldn't matter. I
> added dns_available (in the spamassassin.prefs file) with a list of MY
> servers that I knew were resolvable forward and reverse and it would still
> fail. I then added "dns_available yes" and all the problems were gone. I
> still have to look into why SA was failing without forcing it to skip the
> availability tests. (yes caching dns server, no default not 127.0.0.1, bind9
> latest). If you see a failure, and you have working DNS, add the
> dns_available yes to your spam.assassin.prefs.conf and see what happens.

I am still struggling with SURBL too. The output from the above command
makes me believe that SURBL is working (some snippets):
debug: diag: module installed: URI, version 1.33
debug: running uri tests; score so far=-3.174
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
implements 'check_tick'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
implements 'check_post_dnsbl'
debug: running uri tests; score so far=0.222

At the end of the lot:
debug:
tests=ALL_TRUSTED,BAYES_50,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME
debug:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID


But mails never get scored for URI hits. I *assume* my SpamAssassin
install is ok and really haven't got a clue what to look for now.

Any hints greatly appreciated :)


With regard to the problem with Bayes, on one box I simply wiped out the
complete databases and then installed SA 3.0. I have sufficient
honey-pots to retrain the database in record time anyways.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From misterpo at IFRANCE.COM  Wed Sep 29 09:32:44 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2712.1137101223.24926.mailscanner@lists.mailscanner.info>

Hell all,

I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
postfix 2.0.18 on a RedHat 9 linux box.

My setup looks to work except that clamAV detects viruses but MailScanner
requeues the message with the infected attachment.

Nothins is appended to the message header and body. Here is a sample of my
mailog file :

Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
id=<415A72AC.5000207@alpha-mos.com>
Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages, 2012
bytes
Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
attribute: reason
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
attribute: (list terminator)
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
queued as 6FD6964122
Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
[192.168.1.10]
Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808
Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning: Starting
Sep 29 10:26:25 mx MailScanner
[18917]: /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
 Gen.8ball.a FOUND
Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
infections
Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126

I have chosen not to quarantine infected files.

Any idea ?

Thanks,

PO.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 09:32:44 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2713.1137101223.24926.mailscanner@lists.mailscanner.info>

Hell all,

I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
postfix 2.0.18 on a RedHat 9 linux box.

My setup looks to work except that clamAV detects viruses but MailScanner
requeues the message with the infected attachment.

Nothins is appended to the message header and body. Here is a sample of my
mailog file :

Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
id=<415A72AC.5000207@alpha-mos.com>
Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages, 2012
bytes
Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
attribute: reason
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
attribute: (list terminator)
Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
queued as 6FD6964122
Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
[192.168.1.10]
Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808
Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning: Starting
Sep 29 10:26:25 mx MailScanner
[18917]: /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
 Gen.8ball.a FOUND
Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
infections
Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126

I have chosen not to quarantine infected files.

Any idea ?

Thanks,

PO.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ricardo.canavate at nozar.es  Wed Sep 29 09:41:07 2004
From: ricardo.canavate at nozar.es (Ricardo Luis Canavate)
Date: Thu Jan 12 21:27:03 2006
Subject: Attachment blocking and email queuing
Message-ID: <mailman.2714.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o = 
"urn:schemas-microsoft-com:office:office" xmlns:w = 
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>Have 
you tried with mailwatch?</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>When 
a message is archived in quarantine folder, you can see it through the web 
interface and you can set it as SPAM or HAM and release it.</FONT></SPAN></DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>Hope 
I help you.</FONT></SPAN></DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE>
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Mensaje original-----<BR><B>De:</B> MailScanner mailing list 
  [mailto:MAILSCANNER@JISCMAIL.AC.UK]<B>En nombre de </B>mark 
  radford<BR><B>Enviado el:</B> jueves, 23 de septiembre de 2004 
  8:46<BR><B>Para:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Asunto:</B> Attachment 
  blocking and email queuing<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Is it possible to block emails 
  containing an attachment and then place the email in a queue that can later be 
  processed? For example, initially block all emails containing .pps files to a 
  queue. The queue can then be check to determine if the emails look suspicious. 
  If the emails seem legit they can then be processed onto the intended 
  recipient. This would avoid simply dumping and losing all files that contain a 
  specific attachment.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P></DIV>------------------------ 
  MailScanner list ------------------------ To unsubscribe, email <A 
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the 
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting, 
  read the MAQ (<A 
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and 
  the archives (<A 
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>). 
</BLOCKQUOTE></BODY><br />=========================================================<br />
<font size="2" face="Arial, Helvetica, sans-serif" justify="justify">Usted recibe este mensaje porque su dirección e-mail se encuentra en<br /> 
nuestra base de datos al haber tenido contactos anteriores con nosotros,<br /> 
por lo que entendemos que contamos con su autorización para enviarle<br /> 
información profesional. No obstante, si no desea seguir recibiéndola<br /> 
basta con hacérnoslo saber.<br />
Este mensaje se dirige exclusivamente a su destinatario y puede contener<br /> 
información privilegiada o confidencial. Si no es vd. el destinatario<br /> 
indicado, queda notificado de que la utilización, divulgación y/o copia<br /> 
sin autorización está prohibida en virtud de la legislación vigente.<br />
Si ha recibido este mensaje por error, le rogamos que nos lo comunique<br /> 
inmediatamente por esta misma vía y proceda a su destrucción.<br /><br />
You are receiving this message because your e-mail address is listed in<br /> 
our database due to previous communications with us,<br />
so we have assumed that we have your permission to send you professional<br />
information. However, if you do not wish to continue to receive such<br />
information then please let us know.<br />
This message is intended exclusively for its addressee and may contain<br />
information that is CONFIDENTIAL and protected by professional privilege.<br />
If you are not the intended recipient you are hereby notified that any<br />
dissemination, copy or disclosure of this communication is strictly<br />
prohibited by law. If this message has been received in error, please<br />
immediately notify us via e-mail and delete it.</font><br />
==========================================================<br />
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From ricardo.canavate at NOZAR.ES  Wed Sep 29 09:41:07 2004
From: ricardo.canavate at NOZAR.ES (Ricardo Luis Canavate)
Date: Thu Jan 12 21:27:03 2006
Subject: Attachment blocking and email queuing
Message-ID: <mailman.2715.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>Have
you tried with mailwatch?</FONT></SPAN></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>When
a message is archived in quarantine folder, you can see it through the web 
interface and you can set it as SPAM or HAM and release it.</FONT></SPAN></DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff size=2>Hope
I help you.</FONT></SPAN></DIV>
<DIV><SPAN class=937230708-29092004><FONT face=Tahoma color=#0000ff
size=2></FONT></SPAN>&nbsp;</DIV>
<BLOCKQUOTE>
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
  size=2>-----Mensaje original-----<BR><B>De:</B> MailScanner mailing list
  [mailto:MAILSCANNER@JISCMAIL.AC.UK]<B>En nombre de </B>mark
  radford<BR><B>Enviado el:</B> jueves, 23 de septiembre de 2004
  8:46<BR><B>Para:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Asunto:</B> Attachment
  blocking and email queuing<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Is it possible to block emails
  containing an attachment and then place the email in a queue that can later be
  processed? For example, initially block all emails containing .pps files to a
  queue. The queue can then be check to determine if the emails look suspicious.
  If the emails seem legit they can then be processed onto the intended
  recipient. This would avoid simply dumping and losing all files that contain a
  specific attachment.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-AU
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks.<o:p></o:p></SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial size=2><SPAN
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p>&nbsp;</o:p></SPAN></FONT></P></DIV>------------------------
  MailScanner list ------------------------ To unsubscribe, email <A
  href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</A> with the
  words:<BR>'leave mailscanner' in the body of the email.<BR>Before posting,
  read the MAQ (<A
  href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</A>)<BR>and
  the archives (<A
  href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</A>).
</BLOCKQUOTE></BODY><br />=========================================================<br />
<font size="2" face="Arial, Helvetica, sans-serif" justify="justify">Usted recibe este mensaje porque su dirección e-mail se encuentra en<br />
nuestra base de datos al haber tenido contactos anteriores con nosotros,<br />
por lo que entendemos que contamos con su autorización para enviarle<br />
información profesional. No obstante, si no desea seguir recibiéndola<br />
basta con hacérnoslo saber.<br />
Este mensaje se dirige exclusivamente a su destinatario y puede contener<br />
información privilegiada o confidencial. Si no es vd. el destinatario<br />
indicado, queda notificado de que la utilización, divulgación y/o copia<br />
sin autorización está prohibida en virtud de la legislación vigente.<br />
Si ha recibido este mensaje por error, le rogamos que nos lo comunique<br />
inmediatamente por esta misma vía y proceda a su destrucción.<br /><br />
You are receiving this message because your e-mail address is listed in<br />
our database due to previous communications with us,<br />
so we have assumed that we have your permission to send you professional<br />
information. However, if you do not wish to continue to receive such<br />
information then please let us know.<br />
This message is intended exclusively for its addressee and may contain<br />
information that is CONFIDENTIAL and protected by professional privilege.<br />
If you are not the intended recipient you are hereby notified that any<br />
dissemination, copy or disclosure of this communication is strictly<br />
prohibited by law. If this message has been received in error, please<br />
immediately notify us via e-mail and delete it.</font><br />
==========================================================<br />
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 09:45:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: More spam since moving to SA 3.0?
Message-ID: <mailman.2716.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 02:29 29/09/2004, you wrote:
> >  and if so, should I just wipe it out and let it recreate from
> > scratch?  And if so, can I just stop MS, delete the Bayes files and
> restart MS?
>
> >>Yes you can. You don't actually need to restart MS >>in this situation, I
> >>think SA3 rebinds to the db for every message.
>
>Just to clarify then, is deleting everything from /root/.spamassasin/ the
>same as running a ' sa-learn --clear '?

I haven't tried the --clear option, but deleting the files will clear the
database sure enough.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 09:47:52 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2717.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 03:38 29/09/2004, you wrote:
>BTW, I am still running MS 4.33.3.  Do I need to upgrade to 4.34.x
>to get the full benefit of SA 3.0?  I was waiting for the paint to dry.

No you don't. I would wait for the paint to dry too :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 09:49:19 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: user_prefs file
Message-ID: <mailman.2718.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 05:22 29/09/2004, you wrote:
>Hi Julian :)
>
>With reference to one of your previous mail:
>
> > And if you want to read these from an SQL,
> > LDAP or other storage system, you can do all of that with simple Custom
> > Functions.
>
>I'm a little bit confused because previously, you did mention that
>there was no way for MailScanner to find out the real username and you
>would not want to interfere with the delivery process. However, now it
>looks like there may be Custom Functions that can be used to load the
>preference from a LDAP or SQL server.

You can look up the destination's email address as seen by MailScanner, but
that doesn't necessarily map to a single known user on your system. Aliases
make a good example of when this is not the case.

>Do you know of any samples / examples of these customs functions to
>read from an SQL / LDAP servers? I was trying to look for any
>information on this, but could not find any. Any useful URLs could
>help would be greatly appreciated. Thanks!

There are some examples of various things in CustomConfig.pm, start there.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 09:52:52 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: Perl libraries not being picked up
Message-ID: <mailman.2719.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 06:03 29/09/2004, you wrote:
>Hi All,
>
>My Debian Woody (+backports.org) install is having a problem with
>CPAN-installed modules not being picked up by SpamAssassin 3.0.
>
>$perl -v:

But which perl is that running? /usr/local/bin/perl or /usr/bin/perl? You
appear to have 2 Perls installed, which will cause you endless trouble.

>...snipped...
>Characteristics of this binary (from libperl):
>   Compile-time options: USE_LARGE_FILES
>   Built under linux
>   Compiled at Apr  4 2004 05:57:53
>   @INC:
>     /usr/local/lib/perl/5.6.1
>     /usr/local/share/perl/5.6.1
>     /usr/lib/perl5
>     /usr/share/perl5
>     /usr/lib/perl/5.6.1
>     /usr/share/perl/5.6.1
>     /usr/local/lib/site_perl

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From housey at TALK21.COM  Wed Sep 29 10:14:29 2004
From: housey at TALK21.COM (Paul Houselander)
Date: Thu Jan 12 21:27:03 2006
Subject: filetype.rules precedence?
Message-ID: <mailman.2720.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi

One of my customers wants to send an email with a
specific exe as an attachment.

Ive set up a filename.rules ruleset for him and added

allow   abc\.exe$ - -

It seems to pass this rule but gets denied by the
filetype.rules i.e.

deny executable No Executables No programs allowed

Is this what I should expect? should the
filename.rules not take precence and allow the file as
ive explicitly allowed it?

Thanks

Paul









___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun!  http://uk.messenger.yahoo.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lists at DVD-GOETSCH.DE  Wed Sep 29 10:17:51 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:27:03 2006
Subject: Postfix start / stop
Message-ID: <mailman.2721.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi All,

no major issue here:
I just realized that whenever I'm checking MailScanner's status there is an
error message in the logfiles, before I'm told it's running:

Sep 29 11:13:24 caesar postfix/postfix-script: fatal: usage: postfix start
(or stop, reload, abort, flush, or check)

Also when starting MailScanner, I mostly get a "failed" response, although
MailScanner (and postfix) are being started successfully and are reported as
"running" when I check their status.

Is this just sort of timeout I can ignore or is there anything that could be
done?

.sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Wed Sep 29 10:25:19 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:03 2006
Subject: filetype.rules precedence?
Message-ID: <mailman.2722.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-29 at 10:14, Paul Houselander wrote:
> It seems to pass this rule but gets denied by the
> filetype.rules i.e.
>
> deny executable No Executables No programs allowed
>
> Is this what I should expect?

That is exactly what you should expect.

I've patched my copy to use a special keyword in filename rules to
override filetype rules.  However this could be easily confusing, I'm
hoping Julian might adopt my feature suggestion to allow the
specification of attachment filenames in rules files, which would also
solve your problem.






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From prandal at HEREFORDSHIRE.GOV.UK  Wed Sep 29 10:42:41 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2723.1137101223.24926.mailscanner@lists.mailscanner.info>

Works fine here.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Norton
> Sent: 29 September 2004 08:56
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Is it safe to upgrade to ClamAVModule (clamav 0.80rc3) on a
> production server as I would like to block any JPEG viruses
> should they hit our mailserver ?
>
> Mike
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 11:12:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: filetype.rules precedence?
Message-ID: <mailman.2724.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:25 29/09/2004, you wrote:
>I'm
>hoping Julian might adopt my feature suggestion to allow the
>specification of attachment filenames in rules files, which would also
>solve your problem.

I'll have a think about that. It won't appear in the next release unless
I'm really bored :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Wed Sep 29 12:10:57 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2725.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 29 Sep 2004, Mister PO wrote:

> Date: Wed, 29 Sep 2004 09:32:44 +0100
> From: Mister PO <misterpo@IFRANCE.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: ClamAV sends infected attachments
>
> Hell all,
>
> I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
> postfix 2.0.18 on a RedHat 9 linux box.

Your version of clam is way out of date and is no longer supported.
The virus db file will also be out of date since they don't support
that db format anymore.  Upgrade!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Wed Sep 29 12:14:19 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2726.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
IMHO, Yes.  I'm doing it.

Jeff Earickson
Colby College

On Wed, 29 Sep 2004, Mike Norton wrote:

> Date: Wed, 29 Sep 2004 08:56:29 +0100
> From: Mike Norton <mike.norton@JOBSITE.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Is it safe to upgrade to ClamAVModule (clamav 0.80rc3) on a production server
> as I would like to block any JPEG viruses should they hit our mailserver ?
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 12:22:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2727.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
wouldn't compile. And using the old one with 0.80rc3 was failing with lots
of "ENCRYPTED" error reports and MailScanner said the virus scanner was
failing.

So I had to stop using the clamavmodule and use clamav instead.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 12:34:49 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2728.1137101223.24926.mailscanner@lists.mailscanner.info>



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Remco Barendse
> Sent: Wednesday, September 29, 2004 3:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0.0, what other local cf files?
>
>
> > Just for chuckles and grins, su to the user that runs SA and do a
> > spamassassin -D --lint 2>&1 | less
> >
<snip>
>
> I am still struggling with SURBL too. The output from the above command
> makes me believe that SURBL is working (some snippets):
> debug: diag: module installed: URI, version 1.33
> debug: running uri tests; score so far=-3.174
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
> implements 'check_tick'
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
> implements 'check_post_dnsbl'
> debug: running uri tests; score so far=0.222
>
> At the end of the lot:
> debug:
> tests=ALL_TRUSTED,BAYES_50,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJE
> CT,NO_REAL_NAME
> debug:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGI
> D,__UNUSABLE_MSGID
>
>
> But mails never get scored for URI hits. I *assume* my SpamAssassin
> install is ok and really haven't got a clue what to look for now.
>
> Any hints greatly appreciated :)
>
>

did you get "debug: RBL: success for 1 of 1 queries"? and are you running
that command as the user who runs SA? (mail, or whatever)? I am attaching a
message file (the names have been changed to protect the innocent, er me)
that hits about five RBL rules and five SURBL rules (from my own corpus)
that you can use to test with spamassassin --test < bad.msg but make sure
you run the tests as the user that runs SA, incase there are any permission
problems you are not aware of.

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "bad.msg")  2.6KB. ]
    [ Unable to print this part. ]


From rcooper at DWFORD.COM  Wed Sep 29 12:34:49 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2729.1137101223.24926.mailscanner@lists.mailscanner.info>



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Remco Barendse
> Sent: Wednesday, September 29, 2004 3:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0.0, what other local cf files?
>
>
> > Just for chuckles and grins, su to the user that runs SA and do a
> > spamassassin -D --lint 2>&1 | less
> >
<snip>
>
> I am still struggling with SURBL too. The output from the above command
> makes me believe that SURBL is working (some snippets):
> debug: diag: module installed: URI, version 1.33
> debug: running uri tests; score so far=-3.174
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
> implements 'check_tick'
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
> implements 'check_post_dnsbl'
> debug: running uri tests; score so far=0.222
>
> At the end of the lot:
> debug:
> tests=ALL_TRUSTED,BAYES_50,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJE
> CT,NO_REAL_NAME
> debug:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGI
> D,__UNUSABLE_MSGID
>
>
> But mails never get scored for URI hits. I *assume* my SpamAssassin
> install is ok and really haven't got a clue what to look for now.
>
> Any hints greatly appreciated :)
>
>

did you get "debug: RBL: success for 1 of 1 queries"? and are you running
that command as the user who runs SA? (mail, or whatever)? I am attaching a
message file (the names have been changed to protect the innocent, er me)
that hits about five RBL rules and five SURBL rules (from my own corpus)
that you can use to test with spamassassin --test < bad.msg but make sure
you run the tests as the user that runs SA, incase there are any permission
problems you are not aware of.

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/OCTET-STREAM (Name: "bad.msg")  2.6KB. ]
    [ Unable to print this part. ]


From rcooper at DWFORD.COM  Wed Sep 29 12:58:26 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2730.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, September 29, 2004 6:22 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
> Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
> release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
> wouldn't compile. And using the old one with 0.80rc3 was failing with lots
> of "ENCRYPTED" error reports and MailScanner said the virus scanner was
> failing.
>
> So I had to stop using the clamavmodule and use clamav instead.

I have rc3 and it's not a problem. The CL_ENCRYPTED is obsolete but
supported. the author needs to update that module one of these days to
support all the changes and addtions.

/* aliases for backward compatibility */
#define CL_RAW          CL_SCAN_RAW
#define CL_ARCHIVE      CL_SCAN_ARCHIVE
#define CL_MAIL         CL_SCAN_MAIL
#define CL_DISABLERAR   CL_SCAN_DISABLERAR
#define CL_OLE2         CL_SCAN_OLE2
#define CL_ENCRYPTED    CL_SCAN_ENCRYPTED

Odd that your clamav.h wouldn't have that same section?

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Wed Sep 29 12:59:30 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:03 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2731.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 29 Sep 2004, Rick Cooper wrote:
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Remco Barendse
>> Sent: Wednesday, September 29, 2004 3:24 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: SA 3.0.0, what other local cf files?
>>
>>
>>> Just for chuckles and grins, su to the user that runs SA and do a
>>> spamassassin -D --lint 2>&1 | less
>>>
> <snip>
>>
>> I am still struggling with SURBL too. The output from the above command
>> makes me believe that SURBL is working (some snippets):
>> debug: diag: module installed: URI, version 1.33
>> debug: running uri tests; score so far=-3.174
>> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
>> implements 'check_tick'
>> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x90a8458)
>> implements 'check_post_dnsbl'
>> debug: running uri tests; score so far=0.222
>>
>> At the end of the lot:
>> debug:
>> tests=ALL_TRUSTED,BAYES_50,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJE
>> CT,NO_REAL_NAME
>> debug:
>> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGI
>> D,__UNUSABLE_MSGID
>>
>>
>> But mails never get scored for URI hits. I *assume* my SpamAssassin
>> install is ok and really haven't got a clue what to look for now.
>>
>> Any hints greatly appreciated :)
>>
>>
>
> did you get "debug: RBL: success for 1 of 1 queries"? and are you running
> that command as the user who runs SA? (mail, or whatever)? I am attaching a
> message file (the names have been changed to protect the innocent, er me)
> that hits about five RBL rules and five SURBL rules (from my own corpus)
> that you can use to test with spamassassin --test < bad.msg but make sure
> you run the tests as the user that runs SA, incase there are any permission
> problems you are not aware of.

Thanks for your help.

Yes, I do get the "debug: RBL: success for 1 of 1 queries" message.

I am running SA as root. The box is running sendmail which is running as
root too, so guess that should be ok?

The message you sent generates lots of hits :
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e02dbc)
implements 'check_tick'
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_AB_SURBL):
127.0.0.118
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_WS_SURBL):
127.0.0.118
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_OB_SURBL):
127.0.0.118
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_SC_SURBL):
127.0.0.118
debug: URIDNSBL: query for money-deal.info took 6 seconds to look up
(multi.surbl.org.:money-deal.info)
debug: URIDNSBL: queries completed: 2 started: 2
debug: URIDNSBL: queries active:  at Wed Sep 29 13:52:24 2004

debug: URIDNSBL: queries completed: 2 started: 2
debug: URIDNSBL: queries active:  at Wed Sep 29 13:52:24 2004
debug: RBL: success for 26 of 26 queries
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e02dbc)
implements 'check_post_dnsbl'
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=2 at Wed Sep 29 13:52:24 2004
debug: waiting 2 seconds for URIDNSBL lookups to complete
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=2 at Wed Sep 29 13:52:24 2004
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18401"
debug: URIDNSBL: query for money-deal.info took 7 seconds to look up
(sbl.spamhaus.org.:226.52.233.222)
debug: URIDNSBL: domain "money-deal.info" listed (URIBL_SBL):
"http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19598"
debug: URIDNSBL: query for money-deal.info took 7 seconds to look up
(sbl.spamhaus.org.:114.115.116.210)
debug: URIDNSBL: queries completed: 2 started: 0
debug: URIDNSBL: queries active:  at Wed Sep 29 13:52:25 2004
debug: done waiting for URIDNSBL lookups to complete
debug: running uri tests; score so far=23.159


I guess this means that SA is working correctly, dont know why the scores
aren't assingned to the mails.

Thanx!!

>
> Rick
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 13:03:15 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2732.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 9:32, Mister PO said:
> Hell all,
>
> I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
> postfix 2.0.18 on a RedHat 9 linux box.

As has been mentioned before ClamAV is very old!
>
> My setup looks to work except that clamAV detects viruses but MailScanner
> requeues the message with the infected attachment.
>
> Nothins is appended to the message header and body. Here is a sample of my
> mailog file :
>
> Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
> id=<415A72AC.5000207@alpha-mos.com>
> Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages,
> 2012
> bytes
> Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
> Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
> attribute: reason
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
> attribute: (list terminator)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
> queued as 6FD6964122
> Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
> Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
> Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
> [192.168.1.10]
> Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
> Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808

>From here I would suggest that Postfix looks very ill. The watchdog
kicking in is the Postfix self preservation timer killing a hung process.
Have you been having any error mail messages from Postfix? I'm not sure
which attribute it's missing but as Postfix is also quite old, I would
suggest upgrading to 2.1.x as that is the current stable, which should
also fix this issue.

> Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning:
> Starting
> Sep 29 10:26:25 mx MailScanner
> [18917]:
> /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
>  Gen.8ball.a FOUND
> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
> infections
> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
> Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126
>

Check your path to the MailScanner work directory for sym links as this
will have this effect (E.g. /tmp being /usr/tmp)

HTH

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 13:03:15 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2733.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 9:32, Mister PO said:
> Hell all,
>
> I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
> postfix 2.0.18 on a RedHat 9 linux box.

As has been mentioned before ClamAV is very old!
>
> My setup looks to work except that clamAV detects viruses but MailScanner
> requeues the message with the infected attachment.
>
> Nothins is appended to the message header and body. Here is a sample of my
> mailog file :
>
> Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
> id=<415A72AC.5000207@alpha-mos.com>
> Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages,
> 2012
> bytes
> Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
> Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
> attribute: reason
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
> attribute: (list terminator)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
> Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
> queued as 6FD6964122
> Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
> Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
> Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
> [192.168.1.10]
> Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
> Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808

Received: From here I would suggest that Postfix looks very ill. The watchdog
kicking in is the Postfix self preservation timer killing a hung process.
Have you been having any error mail messages from Postfix? I'm not sure
which attribute it's missing but as Postfix is also quite old, I would
suggest upgrading to 2.1.x as that is the current stable, which should
also fix this issue.

> Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning:
> Starting
> Sep 29 10:26:25 mx MailScanner
> [18917]:
> /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
>  Gen.8ball.a FOUND
> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
> infections
> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
> Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126
>

Check your path to the MailScanner work directory for sym links as this
will have this effect (E.g. /tmp being /usr/tmp)

HTH

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hywel at BURRIS.ORG.UK  Wed Sep 29 13:27:30 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2734.1137101223.24926.mailscanner@lists.mailscanner.info>

Yes I had this error on my fedora-core-2 box.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: 29 September 2004 12:22
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: JPEG Virus

Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
wouldn't compile. And using the old one with 0.80rc3 was failing with lots
of "ENCRYPTED" error reports and MailScanner said the virus scanner was
failing.

So I had to stop using the clamavmodule and use clamav instead.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From hywel at BURRIS.ORG.UK  Wed Sep 29 13:27:30 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2735.1137101223.24926.mailscanner@lists.mailscanner.info>

Yes I had this error on my fedora-core-2 box.


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: 29 September 2004 12:22
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: JPEG Virus

Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
wouldn't compile. And using the old one with 0.80rc3 was failing with lots
of "ENCRYPTED" error reports and MailScanner said the virus scanner was
failing.

So I had to stop using the clamavmodule and use clamav instead.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From chris.jones at ATMOSENERGY.COM  Wed Sep 29 13:35:31 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:03 2006
Subject: user_prefs file
Message-ID: <mailman.2736.1137101223.24926.mailscanner@lists.mailscanner.info>

I am in the process of putting together a module to look up a
White/Black list entry in an MySql db. I have "borrowed" tons from the
example ByDomainSpamWhitelist (provided by Julian Field). This function
does not work it is still in the pre-alpha stage. I would appreciate any
comments/suggestions from anyone. Basically it is a mirror of
ByDomainSpamWhitelist and instead of getting information from a file it
gets it from the dB.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Wednesday, September 29, 2004 3:49 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: user_prefs file


At 05:22 29/09/2004, you wrote:
>Hi Julian :)
>
>With reference to one of your previous mail:
>
> > And if you want to read these from an SQL,
> > LDAP or other storage system, you can do all of that with simple
> > Custom Functions.
>
>I'm a little bit confused because previously, you did mention that
>there was no way for MailScanner to find out the real username and you 
>would not want to interfere with the delivery process. However, now it 
>looks like there may be Custom Functions that can be used to load the 
>preference from a LDAP or SQL server.

You can look up the destination's email address as seen by MailScanner,
but that doesn't necessarily map to a single known user on your system.
Aliases make a good example of when this is not the case.

>Do you know of any samples / examples of these customs functions to
>read from an SQL / LDAP servers? I was trying to look for any 
>information on this, but could not find any. Any useful URLs could help

>would be greatly appreciated. Thanks!

There are some examples of various things in CustomConfig.pm, start
there.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, "MySqlBL.pm"  Application/OCTET-STREAM (Name: "MySqlBL.pm")  ]
    [ 10KB. ]
    [ Unable to print this part. ]


From chris.jones at ATMOSENERGY.COM  Wed Sep 29 13:35:31 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:03 2006
Subject: user_prefs file
Message-ID: <mailman.2737.1137101223.24926.mailscanner@lists.mailscanner.info>

I am in the process of putting together a module to look up a
White/Black list entry in an MySql db. I have "borrowed" tons from the
example ByDomainSpamWhitelist (provided by Julian Field). This function
does not work it is still in the pre-alpha stage. I would appreciate any
comments/suggestions from anyone. Basically it is a mirror of
ByDomainSpamWhitelist and instead of getting information from a file it
gets it from the dB.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Wednesday, September 29, 2004 3:49 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: user_prefs file


At 05:22 29/09/2004, you wrote:
>Hi Julian :)
>
>With reference to one of your previous mail:
>
> > And if you want to read these from an SQL,
> > LDAP or other storage system, you can do all of that with simple
> > Custom Functions.
>
>I'm a little bit confused because previously, you did mention that
>there was no way for MailScanner to find out the real username and you
>would not want to interfere with the delivery process. However, now it
>looks like there may be Custom Functions that can be used to load the
>preference from a LDAP or SQL server.

You can look up the destination's email address as seen by MailScanner,
but that doesn't necessarily map to a single known user on your system.
Aliases make a good example of when this is not the case.

>Do you know of any samples / examples of these customs functions to
>read from an SQL / LDAP servers? I was trying to look for any
>information on this, but could not find any. Any useful URLs could help

>would be greatly appreciated. Thanks!

There are some examples of various things in CustomConfig.pm, start
there.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, "MySqlBL.pm"  Application/OCTET-STREAM (Name: "MySqlBL.pm")  ]
    [ 10KB. ]
    [ Unable to print this part. ]


From mailscanner at ecs.soton.ac.uk  Wed Sep 29 13:42:51 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2738.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 12:58 29/09/2004, you wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Julian Field
> > Sent: Wednesday, September 29, 2004 6:22 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: JPEG Virus
> >
> >
> > Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
> > release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
> > wouldn't compile. And using the old one with 0.80rc3 was failing with lots
> > of "ENCRYPTED" error reports and MailScanner said the virus scanner was
> > failing.
> >
> > So I had to stop using the clamavmodule and use clamav instead.
>
>I have rc3 and it's not a problem. The CL_ENCRYPTED is obsolete but
>supported. the author needs to update that module one of these days to
>support all the changes and addtions.
>
>/* aliases for backward compatibility */
>#define CL_RAW          CL_SCAN_RAW
>#define CL_ARCHIVE      CL_SCAN_ARCHIVE
>#define CL_MAIL         CL_SCAN_MAIL
>#define CL_DISABLERAR   CL_SCAN_DISABLERAR
>#define CL_OLE2         CL_SCAN_OLE2
>#define CL_ENCRYPTED    CL_SCAN_ENCRYPTED
>
>Odd that your clamav.h wouldn't have that same section?

It has that section, but then does not define CL_SCAN_ENCRYPTED anywhere.
Looks like I'm not the only person with this problem, either.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From john at TRADOC.FR  Wed Sep 29 13:45:40 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2739.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, 29 Sep 2004 12:22:15 +0100, Julian Field wrote:
> Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
> release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
> wouldn't compile. And using the old one with 0.80rc3 was failing with lots
> of "ENCRYPTED" error reports and MailScanner said the virus scanner was
> failing.

I'm using a non-rebuilt Mail::ClamAV 0.11 with 0.80rc3 without any
problems (on RH9 with MS 4.32.5) - no ENCRYPTED errors, zipped viruses
detected OK. 

However if I do try to rebuild I get the same error. 

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From john at TRADOC.FR  Wed Sep 29 13:45:40 2004
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2740.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, 29 Sep 2004 12:22:15 +0100, Julian Field wrote:
> Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
> release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
> wouldn't compile. And using the old one with 0.80rc3 was failing with lots
> of "ENCRYPTED" error reports and MailScanner said the virus scanner was
> failing.

I'm using a non-rebuilt Mail::ClamAV 0.11 with 0.80rc3 without any
problems (on RH9 with MS 4.32.5) - no ENCRYPTED errors, zipped viruses
detected OK.

However if I do try to rebuild I get the same error.

John.

--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hywel at BURRIS.ORG.UK  Wed Sep 29 14:01:40 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2741.1137101223.24926.mailscanner@lists.mailscanner.info>

>
>
>It has that section, but then does not define CL_SCAN_ENCRYPTED anywhere.
>Looks like I'm not the only person with this problem, either.
>


I am getting the following errors when running INSTALL-rpm.sh on a
fedora-core-2 machine.

In the section Attempting to build and install perl-Test-Harness-2.42-1

t/test-harness......NOK 40#     Failed test (t/test-harness.t at line 535)
#          got: 'Scalar found where operator expected at (eval 163) line 1,
near "'int'  $__val"
#       (Missing operator before   $__val?)
# '
#     expected: ''
t/test-harness......ok 208/208# Looks like you failed 1 tests of 208.


I then get the following error when trying to make Mail-ClamAV-0.11

make[1]: Entering directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
ClamAV.xsc ClamAV.c
gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/local/include
-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386
-mcpu=i686   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE"   ClamAV.c
ClamAV.xs: In function `clamav_perl_constant':
ClamAV.xs:282: error: `CL_SCAN_ENCRYPTED' undeclared (first use in this
function)
ClamAV.xs:282: error: (Each undeclared identifier is reported only once
ClamAV.xs:282: error: for each function it appears in.)
ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
function)
ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
function)
make[1]: *** [ClamAV.o] Error 1

Is the Test Harness a dependency for Mail-ClamAV-0.11?

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From hywel at BURRIS.ORG.UK  Wed Sep 29 14:01:40 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2742.1137101223.24926.mailscanner@lists.mailscanner.info>

>
>
>It has that section, but then does not define CL_SCAN_ENCRYPTED anywhere.
>Looks like I'm not the only person with this problem, either.
>


I am getting the following errors when running INSTALL-rpm.sh on a
fedora-core-2 machine.

In the section Attempting to build and install perl-Test-Harness-2.42-1

t/test-harness......NOK 40#     Failed test (t/test-harness.t at line 535)
#          got: 'Scalar found where operator expected at (eval 163) line 1,
near "'int'  $__val"
#       (Missing operator before   $__val?)
# '
#     expected: ''
t/test-harness......ok 208/208# Looks like you failed 1 tests of 208.


I then get the following error when trying to make Mail-ClamAV-0.11

make[1]: Entering directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
ClamAV.xsc ClamAV.c
gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/local/include
-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386
-mcpu=i686   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE"   ClamAV.c
ClamAV.xs: In function `clamav_perl_constant':
ClamAV.xs:282: error: `CL_SCAN_ENCRYPTED' undeclared (first use in this
function)
ClamAV.xs:282: error: (Each undeclared identifier is reported only once
ClamAV.xs:282: error: for each function it appears in.)
ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
function)
ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
function)
make[1]: *** [ClamAV.o] Error 1

Is the Test Harness a dependency for Mail-ClamAV-0.11?

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From misterpo at IFRANCE.COM  Wed Sep 29 14:16:58 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2743.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi,

I have just upgraded postfix to release 2.1.5.

"input attribute" stuff has disappeared but postfix crashes with a
postfix/postfix-script: fatal: the Postfix mail system is already running
message....

I have no zombie postfix process...

Here is My MailScanner.conf file :

Max Children = 5
Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 5
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Restart Every = 14400
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User = postfix
Incoming Work Group = postfix
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0640
Max Unscanned Bytes Per Scan = 1000000000
Max Unsafe Bytes Per Scan = 500000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Maximum Attachments Per Message = 200
Expand TNEF = yes
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef
TNEF Timeout = 240
File Command = /usr/bin/file
File Timeout = 200
Maximum Message Size = 0
Maximum Attachment Size = 5242880
Maximum Archive Depth = 3
Find Archives By Content = yes
Virus Scanning = yes
Virus Scanners = clamav
Virus Scanner Timeout = 1800
Deliver Disinfected Files = no
Silent Viruses =  HTML-IFrame
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Monitors for ClamAV Updates = /usr/local/clamav/share/clamav/*.cvd
Dangerous Content Scanning = yes
Allow Partial Messages = no
Allow External Message Bodies = no
Allow IFrame Tags = no
Log IFrame Tags = no
Allow Form Tags = yes
Allow Script Tags = yes
Allow WebBugs = yes
Allow Object Codebase Tags = no
Convert Dangerous HTML To Text = no
Filename Rules = %etc-dir%/filename.rules.conf
Filetype Rules = %etc-dir%/filetype.rules.conf
Quarantine Infections = no
Quarantine Silent Viruses = no
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Language Strings = %report-dir%/languages.conf
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = no

Any idea ?


>On Wed, September 29, 2004 9:32, Mister PO said:
>> Hell all,
>>
>> I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
>> postfix 2.0.18 on a RedHat 9 linux box.
>
>As has been mentioned before ClamAV is very old!
>>
>> My setup looks to work except that clamAV detects viruses but MailScanner
>> requeues the message with the infected attachment.
>>
>> Nothins is appended to the message header and body. Here is a sample of
my
>> mailog file :
>>
>> Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
>> id=<415A72AC.5000207@alpha-mos.com>
>> Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages,
>> 2012
>> bytes
>> Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
>> Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
>> attribute: reason
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
>> attribute: (list terminator)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
>> queued as 6FD6964122
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
>> [192.168.1.10]
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
>> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
>> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808
>
>From here I would suggest that Postfix looks very ill. The watchdog
>kicking in is the Postfix self preservation timer killing a hung process.
>Have you been having any error mail messages from Postfix? I'm not sure
>which attribute it's missing but as Postfix is also quite old, I would
>suggest upgrading to 2.1.x as that is the current stable, which should
>also fix this issue.
>
>> Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning:
>> Starting
>> Sep 29 10:26:25 mx MailScanner
>> [18917]:
>> /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
>>  Gen.8ball.a FOUND
>> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
>> infections
>> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
>> Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126
>>
>
>Check your path to the MailScanner work directory for sym links as this
>will have this effect (E.g. /tmp being /usr/tmp)
>
>HTH
>
>Drew
>
>
>--
>In line with our policy, this message has
>been scanned for viruses and dangerous
>content by MailScanner, and is believed to be clean.
>www.themarshalls.co.uk/policy
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 14:16:58 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2744.1137101223.24926.mailscanner@lists.mailscanner.info>

Hi,

I have just upgraded postfix to release 2.1.5.

"input attribute" stuff has disappeared but postfix crashes with a
postfix/postfix-script: fatal: the Postfix mail system is already running
message....

I have no zombie postfix process...

Here is My MailScanner.conf file :

Max Children = 5
Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 5
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Restart Every = 14400
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User = postfix
Incoming Work Group = postfix
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0640
Max Unscanned Bytes Per Scan = 1000000000
Max Unsafe Bytes Per Scan = 500000000
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Maximum Attachments Per Message = 200
Expand TNEF = yes
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef
TNEF Timeout = 240
File Command = /usr/bin/file
File Timeout = 200
Maximum Message Size = 0
Maximum Attachment Size = 5242880
Maximum Archive Depth = 3
Find Archives By Content = yes
Virus Scanning = yes
Virus Scanners = clamav
Virus Scanner Timeout = 1800
Deliver Disinfected Files = no
Silent Viruses =  HTML-IFrame
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Monitors for ClamAV Updates = /usr/local/clamav/share/clamav/*.cvd
Dangerous Content Scanning = yes
Allow Partial Messages = no
Allow External Message Bodies = no
Allow IFrame Tags = no
Log IFrame Tags = no
Allow Form Tags = yes
Allow Script Tags = yes
Allow WebBugs = yes
Allow Object Codebase Tags = no
Convert Dangerous HTML To Text = no
Filename Rules = %etc-dir%/filename.rules.conf
Filetype Rules = %etc-dir%/filetype.rules.conf
Quarantine Infections = no
Quarantine Silent Viruses = no
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Language Strings = %report-dir%/languages.conf
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = no

Any idea ?


>On Wed, September 29, 2004 9:32, Mister PO said:
>> Hell all,
>>
>> I am unsing MailScanner 4.32.5.1, clamAV 0.5 and spamassassin 2.63 with
>> postfix 2.0.18 on a RedHat 9 linux box.
>
>As has been mentioned before ClamAV is very old!
>>
>> My setup looks to work except that clamAV detects viruses but MailScanner
>> requeues the message with the infected attachment.
>>
>> Nothins is appended to the message header and body. Here is a sample of
my
>> mailog file :
>>
>> Sep 29 10:26:16 mx postfix/cleanup[19778]: 6FD6964122: message-
>> id=<415A72AC.5000207@alpha-mos.com>
>> Sep 29 10:26:17 mx MailScanner[18917]: New Batch: Scanning 1 messages,
>> 2012
>> bytes
>> Sep 29 10:26:17 mx MailScanner[18917]: Spam Checks: Starting
>> Sep 29 10:26:16 mx postfix/smtpd[19790]: input attribute name: status
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: 0
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
>> attribute: reason
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: reason
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute value: (end)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: public/cleanup socket: wanted
>> attribute: (list terminator)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: input attribute name: (end)
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: > unknown[192.168.1.10]: 250 Ok:
>> queued as 6FD6964122
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: watchdog_pat: 0x8076808
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: smtp_get: EOF
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: disconnect from unknown
>> [192.168.1.10]
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: master_notify: status 1
>> Sep 29 10:26:17 mx postfix/smtpd[19790]: connection closed
>> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_stop: 0x8076808
>> Sep 29 10:26:18 mx postfix/smtpd[19790]: watchdog_start: 0x8076808
>
>From here I would suggest that Postfix looks very ill. The watchdog
>kicking in is the Postfix self preservation timer killing a hung process.
>Have you been having any error mail messages from Postfix? I'm not sure
>which attribute it's missing but as Postfix is also quite old, I would
>suggest upgrading to 2.1.x as that is the current stable, which should
>also fix this issue.
>
>> Sep 29 10:26:20 mx MailScanner[18917]: Virus and Content Scanning:
>> Starting
>> Sep 29 10:26:25 mx MailScanner
>> [18917]:
>> /usr/var/spool/MailScanner/incoming/18917/./6FD6964122/8ball.a.zip:
>>  Gen.8ball.a FOUND
>> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: ClamAV found 1
>> infections
>> Sep 29 10:26:25 mx MailScanner[18917]: Virus Scanning: Found 1 viruses
>> Sep 29 10:26:25 mx MailScanner[18917]: Requeue: 6FD6964122 to 3963664126
>>
>
>Check your path to the MailScanner work directory for sym links as this
>will have this effect (E.g. /tmp being /usr/tmp)
>
>HTH
>
>Drew
>
>
>--
>In line with our policy, this message has
>been scanned for viruses and dangerous
>content by MailScanner, and is believed to be clean.
>www.themarshalls.co.uk/policy
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 14:21:50 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2745.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:01 29/09/2004, you wrote:
>I am getting the following errors when running INSTALL-rpm.sh on a
>fedora-core-2 machine.
>
>In the section Attempting to build and install perl-Test-Harness-2.42-1
>
>t/test-harness......NOK 40#     Failed test (t/test-harness.t at line 535)
>#          got: 'Scalar found where operator expected at (eval 163) line 1,
>near "'int'  $__val"
>#       (Missing operator before   $__val?)
># '
>#     expected: ''
>t/test-harness......ok 208/208# Looks like you failed 1 tests of 208.

That's /probably/ harmless.

>I then get the following error when trying to make Mail-ClamAV-0.11
>
>make[1]: Entering directory
>`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>/usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
>/usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
>ClamAV.xsc ClamAV.c
>gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/local/include
>-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
>-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386
>-mcpu=i686   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
>"-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE"   ClamAV.c
>ClamAV.xs: In function `clamav_perl_constant':
>ClamAV.xs:282: error: `CL_SCAN_ENCRYPTED' undeclared (first use in this
>function)
>ClamAV.xs:282: error: (Each undeclared identifier is reported only once
>ClamAV.xs:282: error: for each function it appears in.)
>ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
>function)
>ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
>function)
>make[1]: *** [ClamAV.o] Error 1

This is exactly the error a few others of us are getting. Mail::ClamAV
won't build against the new ClamAV 0.80rc3. I'll mail the Mail::ClamAV
maintainer.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 14:31:47 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2746.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 14:16, Mister PO said:
> Hi,
>
> I have just upgraded postfix to release 2.1.5.
>
> "input attribute" stuff has disappeared but postfix crashes with a
> postfix/postfix-script: fatal: the Postfix mail system is already running
> message....
>
> I have no zombie postfix process...
>
Which distro are you running (I think you mentioned previously but I've
forgotten :-( )? Have you got an rc. start up script that starts Postfix
on boot? Some distro's include it as default...

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Sep 29 14:35:50 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:03 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2747.1137101223.24926.mailscanner@lists.mailscanner.info>

Am running MS 4.34.6-1 (BETA) + SA 3.0.0 on RH AS3 with Sendmail +
Sophos + McAfee.

I have "SpamAssassin Auto Whitelist = no" in MailScanner.conf but I
notice that the file /root/.spamassassin/auto-whitelist is being
actively updated. I do not want to auto-whitelist!

I assume that if I have turned auto-whitelisting off via
MailScanner.conf I do not need also to add "use_auto_whitelist 0" to
spam.assassin.prefs.conf.

Have I missed something?

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Sep 29 14:35:50 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:03 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2748.1137101223.24926.mailscanner@lists.mailscanner.info>

Am running MS 4.34.6-1 (BETA) + SA 3.0.0 on RH AS3 with Sendmail +
Sophos + McAfee.

I have "SpamAssassin Auto Whitelist = no" in MailScanner.conf but I
notice that the file /root/.spamassassin/auto-whitelist is being
actively updated. I do not want to auto-whitelist!

I assume that if I have turned auto-whitelisting off via
MailScanner.conf I do not need also to add "use_auto_whitelist 0" to
spam.assassin.prefs.conf.

Have I missed something?

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 14:57:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:03 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2749.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 14:35 29/09/2004, you wrote:
>Am running MS 4.34.6-1 (BETA) + SA 3.0.0 on RH AS3 with Sendmail +
>Sophos + McAfee.
>
>I have "SpamAssassin Auto Whitelist = no" in MailScanner.conf but I
>notice that the file /root/.spamassassin/auto-whitelist is being
>actively updated. I do not want to auto-whitelist!
>
>I assume that if I have turned auto-whitelisting off via
>MailScanner.conf I do not need also to add "use_auto_whitelist 0" to
>spam.assassin.prefs.conf.
>
>Have I missed something?

For some reason it doesn't work, you are quite right. I haven't been able
to figure out why. You need to set it in spam.assassin.prefs.conf as well.

Apparently they have done a lot of work on the auto-whitelisting and the
previous exploits against it don't work any more. I thought I would give it
a try and see if it actually works well now.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Wed Sep 29 15:01:55 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2750.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Hywel Burris
> Sent: Wednesday, September 29, 2004 8:28 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Yes I had this error on my fedora-core-2 box.
>
>

On the two Fedora core 1 systems I've tried to update, ClamAV 0.80rc3
compiles but fails with a core dump:

        [root@dedicated tmp]# clamscan .
        LibClamAV Error: Signature for TR.DiskEraser.9 is too short
        LibClamAV Error: cli_parse_add(): Problem adding signature
        LibClamAV Error: Problem parsing signature at line 12089
        LibClamAV Error: Problem parsing database at line 12089
        LibClamAV Error: Malformed database file /tmp/clamav-
c24da630dfdfbaed/viruses.db
        Segmentation fault


The errors that occurred during the compile:

message.c: In function `messageExport':
message.c:1438: warning: assignment discards qualifiers from pointer target
type
message.c: In function `messageToFileblob':
message.c:1561: warning: passing arg 3 of `messageExport' from incompatible
pointer type
message.c:1561: warning: passing arg 4 of `messageExport' from incompatible
pointer type
message.c:1561: warning: passing arg 5 of `messageExport' from incompatible
pointer type
message.c:1561: warning: passing arg 6 of `messageExport' from incompatible
pointer type
message.c:1561: warning: passing arg 7 of `messageExport' from incompatible
pointer type
message.c: In function `messageToBlob':
message.c:1571: warning: passing arg 3 of `messageExport' from incompatible
pointer type
message.c:1571: warning: passing arg 4 of `messageExport' from incompatible
pointer type
message.c:1571: warning: passing arg 5 of `messageExport' from incompatible
pointer type
message.c:1571: warning: passing arg 6 of `messageExport' from incompatible
pointer type
message.c:1571: warning: passing arg 7 of `messageExport' from incompatible
pointer type


Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf
> Of Julian Field
> Sent: 29 September 2004 12:22
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Has anyone seen any problems rebuilding Mail::ClamAV against the 0.80rc3
> release? On the system I tried it, the CL_ENCRYPTED #define wasn't, so it
> wouldn't compile. And using the old one with 0.80rc3 was failing with lots
> of "ENCRYPTED" error reports and MailScanner said the virus scanner was
> failing.
>
> So I had to stop using the clamavmodule and use clamav instead.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From robin at PRIMUS.CA  Wed Sep 29 15:08:20 2004
From: robin at PRIMUS.CA (Robin M.)
Date: Thu Jan 12 21:27:03 2006
Subject: how di I re-inject a quarantined message
Message-ID: <mailman.2751.1137101223.24926.mailscanner@lists.mailscanner.info>

I have a message that I need to re-inject to be sent out, what is the best
way to do this.

The mta is postfix

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 15:08:41 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2752.1137101223.24926.mailscanner@lists.mailscanner.info>

Sorry for the previous post, it was made by mistake.

I have upgraded clamav ot release 0.80rc3 and postfix to release 2.1.5.

Problem with postfix startup is fixed but MailScanner behaves the same.

Do I need to install the Mail::ClamAV perl module ? Is there any option
before compiling ClamAV ?

Sep 29 15:52:21 mx postfix/smtpd[12409]: > unknown[192.168.1.10]: 250 Ok:
queued as 3EE3764124
Sep 29 15:52:21 mx postfix/smtpd[12409]: watchdog_pat: 0x807efd0
Sep 29 15:52:22 mx postfix/smtpd[12409]: smtp_get: EOF
Sep 29 15:52:22 mx postfix/smtpd[12409]: disconnect from unknown
[192.168.1.10]
Sep 29 15:52:22 mx postfix/smtpd[12409]: master_notify: status 1
Sep 29 15:52:22 mx postfix/smtpd[12409]: connection closed
Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_stop: 0x807efd0
Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_start: 0x807efd0
Sep 29 15:52:23 mx MailScanner[12322]: New Batch: Scanning 1 messages, 5056
bytes
Sep 29 15:52:23 mx MailScanner[12322]: Spam Checks: Starting
Sep 29 15:52:27 mx MailScanner[12322]: Virus and Content Scanning: Starting
Sep 29 15:52:30 mx MailScanner
[12322]: /usr/var/spool/MailScanner/incoming/12322/./3EE3764124/8ball.a.zip:
 Gen.8ball.a FOUND
Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: ClamAV found 1
infections
Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: Found 1 viruses
Sep 29 15:52:30 mx MailScanner[12322]: Requeue: 3EE3764124 to 85C8564127
Sep 29 15:52:30 mx postfix/qmgr[12299]: 85C8564127: from=<spam@alpha-
mos.com>, size=5016, nrcpt=1 (queue active)
Sep 29 15:52:30 mx MailScanner[12322]: Uninfected: Delivered 1 messages

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 15:08:41 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2753.1137101223.24926.mailscanner@lists.mailscanner.info>

Sorry for the previous post, it was made by mistake.

I have upgraded clamav ot release 0.80rc3 and postfix to release 2.1.5.

Problem with postfix startup is fixed but MailScanner behaves the same.

Do I need to install the Mail::ClamAV perl module ? Is there any option
before compiling ClamAV ?

Sep 29 15:52:21 mx postfix/smtpd[12409]: > unknown[192.168.1.10]: 250 Ok:
queued as 3EE3764124
Sep 29 15:52:21 mx postfix/smtpd[12409]: watchdog_pat: 0x807efd0
Sep 29 15:52:22 mx postfix/smtpd[12409]: smtp_get: EOF
Sep 29 15:52:22 mx postfix/smtpd[12409]: disconnect from unknown
[192.168.1.10]
Sep 29 15:52:22 mx postfix/smtpd[12409]: master_notify: status 1
Sep 29 15:52:22 mx postfix/smtpd[12409]: connection closed
Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_stop: 0x807efd0
Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_start: 0x807efd0
Sep 29 15:52:23 mx MailScanner[12322]: New Batch: Scanning 1 messages, 5056
bytes
Sep 29 15:52:23 mx MailScanner[12322]: Spam Checks: Starting
Sep 29 15:52:27 mx MailScanner[12322]: Virus and Content Scanning: Starting
Sep 29 15:52:30 mx MailScanner
[12322]: /usr/var/spool/MailScanner/incoming/12322/./3EE3764124/8ball.a.zip:
 Gen.8ball.a FOUND
Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: ClamAV found 1
infections
Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: Found 1 viruses
Sep 29 15:52:30 mx MailScanner[12322]: Requeue: 3EE3764124 to 85C8564127
Sep 29 15:52:30 mx postfix/qmgr[12299]: 85C8564127: from=<spam@alpha-
mos.com>, size=5016, nrcpt=1 (queue active)
Sep 29 15:52:30 mx MailScanner[12322]: Uninfected: Delivered 1 messages

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Wed Sep 29 15:10:43 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:03 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2754.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Quentin Campbell
> Sent: Wednesday, September 29, 2004 9:36 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
>
> Am running MS 4.34.6-1 (BETA) + SA 3.0.0 on RH AS3 with Sendmail +
>
> Sophos + McAfee.
>
>
> I have "SpamAssassin Auto Whitelist = no" in MailScanner.conf but I
>
> notice that the file /root/.spamassassin/auto-whitelist is being
>
> actively updated. I do not want to auto-whitelist!
>
>
> I assume that if I have turned auto-whitelisting off via
>
> MailScanner.conf I do not need also to add "use_auto_whitelist 0" to
>
> spam.assassin.prefs.conf.
>
>
> Have I missed something?
>
The defaults appear to have changed. I noticed the same thing until I added:

####################
# The --auto-whitelist and -a options for "spamd" and "spamassassin" to
# turn on the auto-whitelist have been removed and replaced by the
# "use_auto_whitelist" configuration option which is also now turned on by
# default

use_auto_whitelist 0
####################

To my spam.assassin.prefs.conf

Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 15:13:34 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:03 2006
Subject: Mail Security Appliances
Message-ID: <mailman.2755.1137101223.24926.mailscanner@lists.mailscanner.info>

Any one seen one of these http://surfcontrol.riskfilter.com/home.aspx ?
I have been asked what was in it. I assume some form of MTA, SA and maybe
MailScanner???

Mind you does seem a bit daft as you can get so much more (And probably
better value for money) from an IBM 325 or similar. But hey what do I
know... :-)

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Wed Sep 29 15:17:18 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2756.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, September 29, 2004 7:43 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
> At 12:58 29/09/2004, you wrote:
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > > Behalf Of Julian Field
> > > Sent: Wednesday, September 29, 2004 6:22 AM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: JPEG Virus
> > >
> > >
> > > Has anyone seen any problems rebuilding Mail::ClamAV against
> the 0.80rc3
> > > release? On the system I tried it, the CL_ENCRYPTED #define
> wasn't, so it
> > > wouldn't compile. And using the old one with 0.80rc3 was
> failing with lots
> > > of "ENCRYPTED" error reports and MailScanner said the virus
> scanner was
> > > failing.
> > >
> > > So I had to stop using the clamavmodule and use clamav instead.
> >
> >I have rc3 and it's not a problem. The CL_ENCRYPTED is obsolete but
> >supported. the author needs to update that module one of these days to
> >support all the changes and addtions.
> >
> >/* aliases for backward compatibility */
> >#define CL_RAW          CL_SCAN_RAW
> >#define CL_ARCHIVE      CL_SCAN_ARCHIVE
> >#define CL_MAIL         CL_SCAN_MAIL
> >#define CL_DISABLERAR   CL_SCAN_DISABLERAR
> >#define CL_OLE2         CL_SCAN_OLE2
> >#define CL_ENCRYPTED    CL_SCAN_ENCRYPTED
> >
> >Odd that your clamav.h wouldn't have that same section?
>
> It has that section, but then does not define CL_SCAN_ENCRYPTED anywhere.
> Looks like I'm not the only person with this problem, either.

I stupidly did not try and recompile my working Mail::ClamAV. You are right,
and there are two other defines missing as well. the following patch to
clamav.h will correct the typo that is causing the encrypted errors and add
the two missing defines, that you don't use but will still stop the module
from compiling. The module doesn't use them either (CL_NUM_CHILDS and
CL_MIN_LENGTH)

------------------------------ begin snip below ---------------------

*** clamav.h    Wed Sep 29 08:58:05 2004
--- clamav.h.new        Wed Sep 29 08:57:58 2004
***************
*** 84,92 ****
  #define CL_ARCHIVE    CL_SCAN_ARCHIVE
  #define CL_MAIL               CL_SCAN_MAIL
  #define CL_DISABLERAR CL_SCAN_DISABLERAR
  #define CL_OLE2               CL_SCAN_OLE2
! #define CL_ENCRYPTED    CL_SCAN_ENCRYPTED


  struct cli_bm_patt {
      char *pattern, *virname, *offset;
--- 84,96 ----
  #define CL_ARCHIVE    CL_SCAN_ARCHIVE
  #define CL_MAIL               CL_SCAN_MAIL
  #define CL_DISABLERAR CL_SCAN_DISABLERAR
  #define CL_OLE2               CL_SCAN_OLE2
! /* #define CL_ENCRYPTED    CL_SCAN_ENCRYPTED */
! #define CL_ENCRYPTED    CL_SCAN_BLOCKENCRYPTED
! #define CL_NUM_CHILDS 256
! #define CL_MIN_LENGTH 2
!


  struct cli_bm_patt {
      char *pattern, *virname, *offset;

--------------- end snip -----------------------

Sorry for not paying closer attention to what you actually said. I sent
along a note about this to the clamav user list as well.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wont-i at wkh.org  Wed Sep 29 15:20:27 2004
From: wont-i at wkh.org (William K. Hardeman)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2757.1137101223.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--On Wednesday, 29 September, 2004 14:21 +0100 Julian Field
<mailscanner@ECS.SOTON.AC.UK> wrote:

> At 14:01 29/09/2004, you wrote:
>> I then get the following error when trying to make Mail-ClamAV-0.11
>>
>> make[1]: Entering directory
>> `/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>> /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp  -typemap
>> /usr/lib/perl5/5.8.3/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
>> ClamAV.xsc ClamAV.c
>> gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/local/include
>> -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
>> -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386
>> -mcpu=i686   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
>> "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE"   ClamAV.c
>> ClamAV.xs: In function `clamav_perl_constant':
>> ClamAV.xs:282: error: `CL_SCAN_ENCRYPTED' undeclared (first use in this
>> function)
>> ClamAV.xs:282: error: (Each undeclared identifier is reported only once
>> ClamAV.xs:282: error: for each function it appears in.)
>> ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
>> function)
>> ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
>> function)
>> make[1]: *** [ClamAV.o] Error 1
>
> This is exactly the error a few others of us are getting. Mail::ClamAV
> won't build against the new ClamAV 0.80rc3. I'll mail the Mail::ClamAV
> maintainer.


As everyone else, I was getting this error too. In scanning the sources,
though, it _looks_ like Mail::ClamAV makes no use of CL_NUM_CHILDS,
CL_MIN_LENGTH and CL_SCAN_ENCRYPTED. I therefore removed those lines from
the Mail::ClamAV xs file and it compiled fine. I'm not using the
clamav-module scanner, though, so I couldn't say for certain it didn't
cause problems in removing those lines.

Will

--
----------------------------------------------------------------------------
William K. Hardeman
wont-i@wkh.org
http://www.wkh.org

The most exciting phrase to hear in science, the one that heralds new
discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
                -- Isaac Asimov

Always listen to experts. They'll tell you what can't be done and why. Then
do it.
--Robert A. Heinlein

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 15:24:55 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2758.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, September 29, 2004 8:22 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
<snip>
> >ClamAV.xs:284: error: `CL_NUM_CHILDS' undeclared (first use in this
> >function)
> >ClamAV.xs:285: error: `CL_MIN_LENGTH' undeclared (first use in this
> >function)
> >make[1]: *** [ClamAV.o] Error 1
>
> This is exactly the error a few others of us are getting. Mail::ClamAV
> won't build against the new ClamAV 0.80rc3. I'll mail the Mail::ClamAV
> maintainer.
> --

You might mention, while you are at it, that virtually every exported value
is no longer valid and a few of them are there for backward compatibility
(hence the type causing your issue) and he might want to update that entire
section. Of course you would also need to update MS's CL_ references unless
he maintains them for compatibility reasons. Two are totally depreciated it
would appear. I would do it myself but given your stature, he is likely to
pay more attention to a request from you.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 15:31:42 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2759.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 15:08, Mister PO said:
> Sorry for the previous post, it was made by mistake.
>
> I have upgraded clamav ot release 0.80rc3 and postfix to release 2.1.5.
>
> Problem with postfix startup is fixed but MailScanner behaves the same.
>
> Do I need to install the Mail::ClamAV perl module ? Is there any option
> before compiling ClamAV ?

No and looking at the errors others are seeing at the moment, it won't
complile against 0.8rc3.

>
> Sep 29 15:52:21 mx postfix/smtpd[12409]: > unknown[192.168.1.10]: 250 Ok:
> queued as 3EE3764124
> Sep 29 15:52:21 mx postfix/smtpd[12409]: watchdog_pat: 0x807efd0
> Sep 29 15:52:22 mx postfix/smtpd[12409]: smtp_get: EOF
> Sep 29 15:52:22 mx postfix/smtpd[12409]: disconnect from unknown
> [192.168.1.10]
> Sep 29 15:52:22 mx postfix/smtpd[12409]: master_notify: status 1
> Sep 29 15:52:22 mx postfix/smtpd[12409]: connection closed
> Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_stop: 0x807efd0
> Sep 29 15:52:22 mx postfix/smtpd[12409]: watchdog_start: 0x807efd0

You are still getting these?? What is connecting and holding your smtpd
process open (It will be further up the log file).
Could you check your master.cf file.

> Sep 29 15:52:23 mx MailScanner[12322]: New Batch: Scanning 1 messages,
> 5056
> bytes
> Sep 29 15:52:23 mx MailScanner[12322]: Spam Checks: Starting
> Sep 29 15:52:27 mx MailScanner[12322]: Virus and Content Scanning:
> Starting
> Sep 29 15:52:30 mx MailScanner
> [12322]:
> /usr/var/spool/MailScanner/incoming/12322/./3EE3764124/8ball.a.zip:
>  Gen.8ball.a FOUND
> Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: ClamAV found 1
> infections
> Sep 29 15:52:30 mx MailScanner[12322]: Virus Scanning: Found 1 viruses
> Sep 29 15:52:30 mx MailScanner[12322]: Requeue: 3EE3764124 to 85C8564127
> Sep 29 15:52:30 mx postfix/qmgr[12299]: 85C8564127: from=<spam@alpha-
> mos.com>, size=5016, nrcpt=1 (queue active)
> Sep 29 15:52:30 mx MailScanner[12322]: Uninfected: Delivered 1 messages
>

Have you checked for sym link directories in /var/spool?

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From rcooper at DWFORD.COM  Wed Sep 29 15:36:33 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:03 2006
Subject: JPEG Virus
Message-ID: <mailman.2760.1137101223.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of William K. Hardeman
> Sent: Wednesday, September 29, 2004 9:20 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
> --On Wednesday, 29 September, 2004 14:21 +0100 Julian Field
> <mailscanner@ECS.SOTON.AC.UK> wrote:
>
> > At 14:01 29/09/2004, you wrote:
<snip>

> As everyone else, I was getting this error too. In scanning the sources,
> though, it _looks_ like Mail::ClamAV makes no use of CL_NUM_CHILDS,
> CL_MIN_LENGTH and CL_SCAN_ENCRYPTED. I therefore removed those lines from
> the Mail::ClamAV xs file and it compiled fine. I'm not using the
> clamav-module scanner, though, so I couldn't say for certain it didn't
> cause problems in removing those lines.
>

It will cause problems for anyone using the ClamAV module, MS uses the
CL_ENCRYPTED flag which refers to CL_SCAN_ENCRYPTED. Just fix the alias typo
and add the old (unused) MIN_LENGTH and NUM_CHILDS defines and it will
compile and run fine

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Wed Sep 29 15:52:53 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:03 2006
Subject: Mail Security Appliances
Message-ID: <mailman.2761.1137101223.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-29 at 15:13, Drew Marshall wrote:
> Any one seen one of these http://surfcontrol.riskfilter.com/home.aspx ?
> I have been asked what was in it. I assume some form of MTA, SA and maybe
> MailScanner???

I've not seen the appliance but I have sen the surfcontrol email filter
software.  I think it uses trend as its virus engine.  Its basically a
proxy (in the same way that MS is a proxy).  One organisation I deal
with uses it, my impression is it drops mail it doesn't like without
telling anyone (even the recipient) which is okay on viruses, but not on
filename type rules.  It also seems to introduce large delays into mail
processing.  Both of these could easily by configuration problems or
inadequate hardware at the site though.  MailScanner is miles better!




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 15:53:20 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2762.1137101223.24926.mailscanner@lists.mailscanner.info>

Here is my master.cf file :

smtp      inet  n       -       n       -       -       smtpd -v
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#

Regarding symlink, my /var/spool/MailScanner directory is a 20 MB RAMdisk.
Could this explain the problem ?

PO.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From misterpo at IFRANCE.COM  Wed Sep 29 15:53:20 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:03 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2763.1137101223.24926.mailscanner@lists.mailscanner.info>

Here is my master.cf file :

smtp      inet  n       -       n       -       -       smtpd -v
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#

Regarding symlink, my /var/spool/MailScanner directory is a 20 MB RAMdisk.
Could this explain the problem ?

PO.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wont-i at wkh.org  Wed Sep 29 16:00:21 2004
From: wont-i at wkh.org (William K. Hardeman)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2764.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
--On Wednesday, September 29, 2004 09:36 -0500 Rick Cooper
<rcooper@DWFORD.COM> wrote:

>
> It will cause problems for anyone using the ClamAV module, MS uses the
> CL_ENCRYPTED flag which refers to CL_SCAN_ENCRYPTED. Just fix the alias
> typo and add the old (unused) MIN_LENGTH and NUM_CHILDS defines and it
> will compile and run fine
>

Figures they'd be used somewhere external. Due to the problems with
compiling the module, I opted not to use the clamav-module scanner anyway,
so I'm concerned about that scanner being broken (using clamav scanner,
instead). But I certainly do appreciate you letting me know, so that I can
get it fixed. Here's hoping the maintainer will actually get it updated
pretty quickly.

Will

--
----------------------------------------------------------------------------
William K. Hardeman
wont-i@wkh.org
http://www.wkh.org

The most exciting phrase to hear in science, the one that heralds new
discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
                -- Isaac Asimov

Always listen to experts. They'll tell you what can't be done and why. Then
do it.
--Robert A. Heinlein

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From rcooper at DWFORD.COM  Wed Sep 29 16:04:38 2004
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2765.1137101224.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Steve Swaney
> Sent: Wednesday, September 29, 2004 9:02 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Hywel Burris
> > Sent: Wednesday, September 29, 2004 8:28 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: JPEG Virus
> >
> > Yes I had this error on my fedora-core-2 box.
> >
> >
>
> On the two Fedora core 1 systems I've tried to update, ClamAV 0.80rc3
> compiles but fails with a core dump:
>
>         [root@dedicated tmp]# clamscan .
>         LibClamAV Error: Signature for TR.DiskEraser.9 is too short
>         LibClamAV Error: cli_parse_add(): Problem adding signature
>         LibClamAV Error: Problem parsing signature at line 12089
>         LibClamAV Error: Problem parsing database at line 12089
>         LibClamAV Error: Malformed database file /tmp/clamav-
> c24da630dfdfbaed/viruses.db
>         Segmentation fault
>

I got the same errors on my fedora core 2 boxes when I did the
clamscan/clamscan test from the install directory. I installed clamav and
started freshclam, which immediately updated the virus dbs to the current
format and latest versions and no more problems. It would appear it was
caused by the DB format from 0.75 to 0.80rc3.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From martelm at QUARK.VSC.EDU  Wed Sep 29 16:16:19 2004
From: martelm at QUARK.VSC.EDU (Michael H. Martel)
Date: Thu Jan 12 21:27:04 2006
Subject: Using rules to control Spam filtering
Message-ID: <mailman.2766.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hello!

I want to use rules to control which messages get fed to SpamAssassin.  I
want to do this so that lists that contain Spam stuff don't pollute the
Bayes Database.  To that end I setup a rule that I _thought_ would do it.
It doesn't appear to.

My initial thought is that I can't filter on the incoming To line.  And
that the To in FromOrTo is for outgoing.

Thanks!

# Do you want to find spam using the "SpamAssassin" package?
# This can also be the filename of a ruleset.
#Use SpamAssassin = yes
Use SpamAssassin = /opt/VSC-MailScanner/rules/spamassassin.rules


[root@hemlock etc]# cd /opt/VSC-MailScanner/rules/
-rw-r--r--    1 root     root          186 Sep 29 11:04 spamassassin.rules

[root@hemlock rules]# cat spamassassin.rules
FromOrTo:       spamtools@lists.abuse.net       no
FromOrTo:       SPAM-L@PEACH.EASE.LSOFT.COM     no
FromOrTo:       users@spamassassin.apache.org   no
FromOrTo:       discuss@lists.surbl.org         no
FromOrTo:       default                         yes





Michael

--

  --------------------------------o-------------------------------      --
   Michael H. Martel              | Systems Administrator
   martelm@quark.vsc.edu          | Vermont State Colleges
   http://probe.vsc.edu/~michael  | PH:802-241-2544 FX:802-241-3363

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Sep 29 16:17:57 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:04 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2767.1137101224.24926.mailscanner@lists.mailscanner.info>

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Swaney
>Sent: 29 September 2004 15:11
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Quentin Campbell
>> Sent: Wednesday, September 29, 2004 9:36 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
>>
[snip]
>The defaults appear to have changed. I noticed the same thing 
>until I added:
>
>####################
># The --auto-whitelist and -a options for "spamd" and "spamassassin" to
># turn on the auto-whitelist have been removed and replaced by the
># "use_auto_whitelist" configuration option which is also now 
>turned on by
># default
>
>use_auto_whitelist 0
>####################
>
>To my spam.assassin.prefs.conf

Steve

Thanks for the reply. I noticed that as well thanks to the sample SA 3.0
prefs file on your web site!

However that is not the main issue. The real problem is that 

  SpamAssassin Auto Whitelist = no 

in MailScanner.conf no longer (with MS 4.34.6-1 + SA 3.0.0) has the
effect it should.

Julian knows about the problem. I would be quite happy if he simply
removed that feature from MailScanner.conf. Perhaps it would be better
to keep all the SA customising stuff in its own "conf" file rather than
having some of it specified in MailScanner.conf and some in
spam.assassin.prefs.conf.

Quentin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Sep 29 16:17:57 2004
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:27:04 2006
Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
Message-ID: <mailman.2768.1137101224.24926.mailscanner@lists.mailscanner.info>

>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Swaney
>Sent: 29 September 2004 15:11
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Quentin Campbell
>> Sent: Wednesday, September 29, 2004 9:36 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: MS 4.34.6-1 & SA 3.0.0 auto-whitelist problem?
>>
[snip]
>The defaults appear to have changed. I noticed the same thing
>until I added:
>
>####################
># The --auto-whitelist and -a options for "spamd" and "spamassassin" to
># turn on the auto-whitelist have been removed and replaced by the
># "use_auto_whitelist" configuration option which is also now
>turned on by
># default
>
>use_auto_whitelist 0
>####################
>
>To my spam.assassin.prefs.conf

Steve

Thanks for the reply. I noticed that as well thanks to the sample SA 3.0
prefs file on your web site!

However that is not the main issue. The real problem is that

  SpamAssassin Auto Whitelist = no

in MailScanner.conf no longer (with MS 4.34.6-1 + SA 3.0.0) has the
effect it should.

Julian knows about the problem. I would be quite happy if he simply
removed that feature from MailScanner.conf. Perhaps it would be better
to keep all the SA customising stuff in its own "conf" file rather than
having some of it specified in MailScanner.conf and some in
spam.assassin.prefs.conf.

Quentin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From marcel-ml at IRC-ADDICTS.DE  Wed Sep 29 16:17:58 2004
From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:27:04 2006
Subject: Antivir update Problems..
Message-ID: <mailman.2769.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi there,

after the update of bitdefender failed..and this problem seems to be fixed
by now..

antivir hangs :(

Autoupdate for antivir seems not to work properly..maybe now their server
seems to be down..

but..in fact of this error..if Mailscanner seems to try to update
antivir all imcoming mails got stuck in the mqueue.in

Thats for your info

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 16:35:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Fwd: Re: Problems building Mail::ClamAV against new ClamAV 0.80
Message-ID: <mailman.2770.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Just got this from the Mail::ClamAV maintainer:

>Subject: Re: Problems building Mail::ClamAV against new ClamAV 0.80
>From: Scott Beck <sbeck@gossamer-threads.com>
>To: Julian Field <jkf@ecs.soton.ac.uk>
>Date: Wed, 29 Sep 2004 08:23:06 -0700
>
>On Wed, 2004-09-29 at 06:23, Julian Field wrote:
> > I, and several other people in the MailScanner community, are having
> > trouble building Mail::ClamAV with the new ClamAV 0.80rc3.
> >
> > We are getting the errors below. Is there a workaround for this, or is it
> > something you need to fix in your Perl module?
> >
>
>Something I need to change. I plan on updating as soon as 0.80 comes
>out. Not planing on updating for every release candidate.
>
>Cheers,
>
>Scott
>
>-------------------- Gossamer Threads Inc. ----------------------
>Scott Beck                      Email: scott@gossamer-threads.com
>Lead Software Developer         Phone: (604) 687-5804
>http://www.gossamer-threads.com Fax:   (604) 687-5806

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From misterpo at IFRANCE.COM  Wed Sep 29 16:37:27 2004
From: misterpo at IFRANCE.COM (Mister PO)
Date: Thu Jan 12 21:27:04 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2771.1137101224.24926.mailscanner@lists.mailscanner.info>

You were right !

My /var directory was a link to /usr/var...
I updated my configuration files and everything looks to work now.

Thanks a lot for your insight ;-)

PO.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alengua at VIRTUAL-ORBIS.COM  Wed Sep 29 16:40:00 2004
From: alengua at VIRTUAL-ORBIS.COM (Alejandro Lengua - Virtual Orbis)
Date: Thu Jan 12 21:27:04 2006
Subject: Using rules to control Spam filtering
Message-ID: <mailman.2772.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Following on the same subject, I have also noticed that it is not possible
to make rules based on Subject (e.g. "viagra"), am I right? If not, if this
planned for a future release? I would be nice and very useful to have this
feature.

Regards
Alejandro Lengua

Michael H. Martel wrote:

> Hello!
>
> I want to use rules to control which messages get fed to SpamAssassin.  I
> want to do this so that lists that contain Spam stuff don't pollute the
> Bayes Database.  To that end I setup a rule that I _thought_ would do it.
> It doesn't appear to.
>
> My initial thought is that I can't filter on the incoming To line.  And
> that the To in FromOrTo is for outgoing.
>
> Thanks!
>
> # Do you want to find spam using the "SpamAssassin" package?
> # This can also be the filename of a ruleset.
> #Use SpamAssassin = yes
> Use SpamAssassin = /opt/VSC-MailScanner/rules/spamassassin.rules

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ELIQUID.COM  Wed Sep 29 16:48:50 2004
From: mailscanner at ELIQUID.COM (Wess)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2773.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
Hey folks,<BR>
<BR>
I just want to be very sure here...<BR>
<BR>
I am running the latest mailscanner with clamav.&nbsp; Will MS and Clam pick up on this JPEG virus right away?<BR>
<BR>
Thanks guys!<BR>
<BR>
<BR>
On Wed, 2004-09-29 at 11:00, William K. Hardeman wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>--On Wednesday, September 29, 2004 09:36 -0500 Rick Cooper
&lt;rcooper@DWFORD.COM&gt; wrote:

&gt;
&gt; It will cause problems for anyone using the ClamAV module, MS uses the
&gt; CL_ENCRYPTED flag which refers to CL_SCAN_ENCRYPTED. Just fix the alias
&gt; typo and add the old (unused) MIN_LENGTH and NUM_CHILDS defines and it
&gt; will compile and run fine
&gt;

Figures they'd be used somewhere external. Due to the problems with
compiling the module, I opted not to use the clamav-module scanner anyway,
so I'm concerned about that scanner being broken (using clamav scanner,
instead). But I certainly do appreciate you letting me know, so that I can
get it fixed. Here's hoping the maintainer will actually get it updated
pretty quickly.

Will

--
----------------------------------------------------------------------------
William K. Hardeman
wont-i@wkh.org</FONT>
<A HREF="http://www.wkh.org"><U>http://www.wkh.org</U></A>
<FONT COLOR="#737373">
The most exciting phrase to hear in science, the one that heralds new
discoveries, is not &quot;Eureka!&quot; (I found it!) but &quot;That's funny ...&quot;
                -- Isaac Asimov

Always listen to experts. They'll tell you what can't be done and why. Then
do it.
--Robert A. Heinlein

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (</FONT><A HREF="http://www.mailscanner.biz/maq/"><U>http://www.mailscanner.biz/maq/</U></A><FONT COLOR="#737373">) and
the archives (</FONT><A HREF="http://www.jiscmail.ac.uk/lists/mailscanner.html"><U>http://www.jiscmail.ac.uk/lists/mailscanner.html</U></A><FONT COLOR="#737373">).</I></FONT></PRE>
</BLOCKQUOTE>
<PRE><TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<TT>Wess Bechard<BR>
Systems Administrator<BR>
eliquidMEDIA<BR>
International Inc.<BR>
<BR>
<A HREF="mailto:wess@eliquid.com"><U>wess@eliquid.com</U></A><BR>
519.973.1930 -1.800.561.7525</TT>
</TD>
</TR>
</TABLE>
</PRE>
</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ELIQUID.COM  Wed Sep 29 16:48:50 2004
From: mailscanner at ELIQUID.COM (Wess)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2774.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
Hey folks,<BR>
<BR>
I just want to be very sure here...<BR>
<BR>
I am running the latest mailscanner with clamav.&nbsp; Will MS and Clam pick up on this JPEG virus right away?<BR>
<BR>
Thanks guys!<BR>
<BR>
<BR>
On Wed, 2004-09-29 at 11:00, William K. Hardeman wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>--On Wednesday, September 29, 2004 09:36 -0500 Rick Cooper
&lt;rcooper@DWFORD.COM&gt; wrote:

&gt;
&gt; It will cause problems for anyone using the ClamAV module, MS uses the
&gt; CL_ENCRYPTED flag which refers to CL_SCAN_ENCRYPTED. Just fix the alias
&gt; typo and add the old (unused) MIN_LENGTH and NUM_CHILDS defines and it
&gt; will compile and run fine
&gt;

Figures they'd be used somewhere external. Due to the problems with
compiling the module, I opted not to use the clamav-module scanner anyway,
so I'm concerned about that scanner being broken (using clamav scanner,
instead). But I certainly do appreciate you letting me know, so that I can
get it fixed. Here's hoping the maintainer will actually get it updated
pretty quickly.

Will

--
----------------------------------------------------------------------------
William K. Hardeman
wont-i@wkh.org</FONT>
<A HREF="http://www.wkh.org"><U>http://www.wkh.org</U></A>
<FONT COLOR="#737373">
The most exciting phrase to hear in science, the one that heralds new
discoveries, is not &quot;Eureka!&quot; (I found it!) but &quot;That's funny ...&quot;
                -- Isaac Asimov

Always listen to experts. They'll tell you what can't be done and why. Then
do it.
--Robert A. Heinlein

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (</FONT><A HREF="http://www.mailscanner.biz/maq/"><U>http://www.mailscanner.biz/maq/</U></A><FONT COLOR="#737373">) and
the archives (</FONT><A HREF="http://www.jiscmail.ac.uk/lists/mailscanner.html"><U>http://www.jiscmail.ac.uk/lists/mailscanner.html</U></A><FONT COLOR="#737373">).</I></FONT></PRE>
</BLOCKQUOTE>
<PRE><TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<TT>Wess Bechard<BR>
Systems Administrator<BR>
eliquidMEDIA<BR>
International Inc.<BR>
<BR>
<A HREF="mailto:wess@eliquid.com"><U>wess@eliquid.com</U></A><BR>
519.973.1930 -1.800.561.7525</TT>
</TD>
</TR>
</TABLE>
</PRE>
</BODY>
</HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From cparker at SWATGEAR.COM  Wed Sep 29 16:54:46 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:27:04 2006
Subject: my server getting email bombs, HELP!!!
Message-ID: <mailman.2775.1137101224.24926.mailscanner@lists.mailscanner.info>

kfliong <mailto:kfliong@WOFS.COM>
    on Sunday, September 26, 2004 11:52 PM said:

> all are undelivered mails send back to us but in the first place, we
> did not sent them out. Someone is masking as our domain and sending
> out spams. Cause the mails that get delivered back is sent to email
> accounts that does not exist. Mailscanner is able to filter them but
> not fast enough as the mails comes in splitseconds.
> 
> Anyway I can filter this at MTA level? Or can i set sendmail to reject
> mails that have "blank" from field?

i use sendmail and block all email that is not sent to a known user.
some information can be found in the MAQ. i should say that i don't do
it the way the MAQ describes, but in a way that needs to be updated by
hand (as opposed to automatically via script).

http://www.mailscanner.biz/maq/#whatifijust


chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From cparker at SWATGEAR.COM  Wed Sep 29 16:54:46 2004
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:27:04 2006
Subject: my server getting email bombs, HELP!!!
Message-ID: <mailman.2776.1137101224.24926.mailscanner@lists.mailscanner.info>

kfliong <mailto:kfliong@WOFS.COM>
    on Sunday, September 26, 2004 11:52 PM said:

> all are undelivered mails send back to us but in the first place, we
> did not sent them out. Someone is masking as our domain and sending
> out spams. Cause the mails that get delivered back is sent to email
> accounts that does not exist. Mailscanner is able to filter them but
> not fast enough as the mails comes in splitseconds.
>
> Anyway I can filter this at MTA level? Or can i set sendmail to reject
> mails that have "blank" from field?

i use sendmail and block all email that is not sent to a known user.
some information can be found in the MAQ. i should say that i don't do
it the way the MAQ describes, but in a way that needs to be updated by
hand (as opposed to automatically via script).

http://www.mailscanner.biz/maq/#whatifijust


chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 16:59:36 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Using rules to control Spam filtering
Message-ID: <mailman.2777.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'll take a look at doing that, and see how hard it is to implement. Might
well be fairly easy.

At 16:40 29/09/2004, you wrote:
>Following on the same subject, I have also noticed that it is not possible
>to make rules based on Subject (e.g. "viagra"), am I right? If not, if this
>planned for a future release? I would be nice and very useful to have this
>feature.
>
>Regards
>Alejandro Lengua
>
>Michael H. Martel wrote:
>
>>Hello!
>>
>>I want to use rules to control which messages get fed to SpamAssassin.  I
>>want to do this so that lists that contain Spam stuff don't pollute the
>>Bayes Database.  To that end I setup a rule that I _thought_ would do it.
>>It doesn't appear to.
>>
>>My initial thought is that I can't filter on the incoming To line.  And
>>that the To in FromOrTo is for outgoing.
>>
>>Thanks!
>>
>># Do you want to find spam using the "SpamAssassin" package?
>># This can also be the filename of a ruleset.
>>#Use SpamAssassin = yes
>>Use SpamAssassin = /opt/VSC-MailScanner/rules/spamassassin.rules
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 17:07:21 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:04 2006
Subject: ClamAV sends infected attachments
Message-ID: <mailman.2778.1137101224.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 16:37, Mister PO said:
> You were right !
>
> My /var directory was a link to /usr/var...
> I updated my configuration files and everything looks to work now.

Excellent
>
> Thanks a lot for your insight ;-)

A pleasure!


Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 17:09:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Antivir update Problems..
Message-ID: <mailman.2779.1137101224.24926.mailscanner@lists.mailscanner.info>

At 16:17 29/09/2004, you wrote:
>Hi there,
>
>after the update of bitdefender failed..and this problem seems to be fixed
>by now..
>
>antivir hangs :(
>
>Autoupdate for antivir seems not to work properly..maybe now their server
>seems to be down..
>
>but..in fact of this error..if Mailscanner seems to try to update
>antivir all imcoming mails got stuck in the mqueue.in

Try the attached antivir-autoupdate in place of the one you have in
/usr/lib/MailScanner. It has a 5 minute timeout built into it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "antivir-autoupdate")  ]
    [ 2.1KB. ]
    [ Unable to print this part. ]


    [ Part 3: "Attached Text" ]

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
From mailscanner at ecs.soton.ac.uk  Wed Sep 29 17:09:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Antivir update Problems..
Message-ID: <mailman.2780.1137101224.24926.mailscanner@lists.mailscanner.info>

At 16:17 29/09/2004, you wrote:
>Hi there,
>
>after the update of bitdefender failed..and this problem seems to be fixed
>by now..
>
>antivir hangs :(
>
>Autoupdate for antivir seems not to work properly..maybe now their server
>seems to be down..
>
>but..in fact of this error..if Mailscanner seems to try to update
>antivir all imcoming mails got stuck in the mqueue.in

Try the attached antivir-autoupdate in place of the one you have in
/usr/lib/MailScanner. It has a 5 minute timeout built into it.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
    [ Part 2, Application/OCTET-STREAM (Name: "antivir-autoupdate")  ]
    [ 2.1KB. ]
    [ Unable to print this part. ]


    [ Part 3, Text/PLAIN  18 lines. ]
    [ Unable to print this part. ]


From mailscanner at ecs.soton.ac.uk  Wed Sep 29 17:10:12 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2781.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 16:48 29/09/2004, you wrote:
>I just want to be very sure here...
>
>I am running the latest mailscanner with clamav.  Will MS and Clam pick up
>on this JPEG virus right away?

If you are running ClamAV 0.80rc3, then yes it will.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Wed Sep 29 17:10:55 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:04 2006
Subject: Using rules to control Spam filtering
Message-ID: <mailman.2782.1137101224.24926.mailscanner@lists.mailscanner.info>

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Alejandro Lengua - Virtual Orbis
> Sent: Wednesday, September 29, 2004 11:40 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Using rules to control Spam filtering
>
> Following on the same subject, I have also noticed that it is not possible
> to make rules based on Subject (e.g. "viagra"), am I right? If not, if
> this
> planned for a future release? I would be nice and very useful to have this
> feature.
>

This Feature already exists in SpamAssassin. You can create your own
rulesets to match and score anything in the Subjetc, header or body of a
message.

Steve


Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com

> Regards
> Alejandro Lengua
>
> Michael H. Martel wrote:
>
> > Hello!
> >
> > I want to use rules to control which messages get fed to SpamAssassin.
> I
> > want to do this so that lists that contain Spam stuff don't pollute the
> > Bayes Database.  To that end I setup a rule that I _thought_ would do
> it.
> > It doesn't appear to.
> >
> > My initial thought is that I can't filter on the incoming To line.  And
> > that the To in FromOrTo is for outgoing.
> >
> > Thanks!
> >
> > # Do you want to find spam using the "SpamAssassin" package?
> > # This can also be the filename of a ruleset.
> > #Use SpamAssassin = yes
> > Use SpamAssassin = /opt/VSC-MailScanner/rules/spamassassin.rules
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Wed Sep 29 17:22:42 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:04 2006
Subject: JPEG Virus
Message-ID: <mailman.2783.1137101224.24926.mailscanner@lists.mailscanner.info>

On Wed, September 29, 2004 17:10, Julian Field said:
> At 16:48 29/09/2004, you wrote:
>>I just want to be very sure here...
>>
>>I am running the latest mailscanner with clamav.  Will MS and Clam pick
>> up
>>on this JPEG virus right away?
>
> If you are running ClamAV 0.80rc3, then yes it will.

As does F-Prot 4.4.6 with the latest definitions



--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Wed Sep 29 17:53:33 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2784.1137101224.24926.mailscanner@lists.mailscanner.info>

On 29 Sep 2004 at 13:59, Remco Barendse wrote:
> I guess this means that SA is working correctly, dont know why the scores
> aren't assingned to the mails.

Simple test is to go to the following website, copy one of the recently reported
website urls, paste it into a message and e-mail it to yourself.  (Being aware of any
whitelisting you may have set up, etc).

http://www.spamcop.net/w3m?action=inprogress&type=www



--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent at MIRABITO.COM  Wed Sep 29 18:02:44 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2785.1137101224.24926.mailscanner@lists.mailscanner.info>

Hello,

I'm trying to follow the FAQ and specify a different filename rules file
for outgoing and incoming mail.
Here is what I did so far.
Copied the original 'filename.rules.conf' file to
'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
them in my rules directory.
Created a new filename.rules.conf file that contains the following:
From:           192.168.0
%rules-dir%/outbound.filename.rules.conf
FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf

When I start MailScanner I get these errors in the maillog:

Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
line 1 of /etc/MailScanner/rules/filename.rules.conf
Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
with tab characters!
Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
line 2 of /etc/MailScanner/rules/filename.rules.conf
Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
with tab characters!

And the rules are not applied. I definitely used tabs to delimit the
fields of that file. If I change the setting for the filename rules file
in MailScanner.conf to use either the inbound or outbound file it works
with no syntax error. 

MS ver 4.32.4
Fedora Core 1

Thanks,

Brent Strignano

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent at MIRABITO.COM  Wed Sep 29 18:02:44 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2786.1137101224.24926.mailscanner@lists.mailscanner.info>

Hello,

I'm trying to follow the FAQ and specify a different filename rules file
for outgoing and incoming mail.
Here is what I did so far.
Copied the original 'filename.rules.conf' file to
'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
them in my rules directory.
Created a new filename.rules.conf file that contains the following:
From:           192.168.0
%rules-dir%/outbound.filename.rules.conf
FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf

When I start MailScanner I get these errors in the maillog:

Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
line 1 of /etc/MailScanner/rules/filename.rules.conf
Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
with tab characters!
Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
line 2 of /etc/MailScanner/rules/filename.rules.conf
Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
with tab characters!

And the rules are not applied. I definitely used tabs to delimit the
fields of that file. If I change the setting for the filename rules file
in MailScanner.conf to use either the inbound or outbound file it works
with no syntax error.

MS ver 4.32.4
Fedora Core 1

Thanks,

Brent Strignano

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 18:12:57 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2787.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:02 29/09/2004, you wrote:
>Hello,
>
>I'm trying to follow the FAQ and specify a different filename rules file
>for outgoing and incoming mail.
>Here is what I did so far.
>Copied the original 'filename.rules.conf' file to
>'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
>them in my rules directory.
>Created a new filename.rules.conf file that contains the following:
>From:           192.168.0
>%rules-dir%/outbound.filename.rules.conf
>FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf
>
>When I start MailScanner I get these errors in the maillog:
>
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
>line 1 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>with tab characters!
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
>line 2 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>with tab characters!
>
>And the rules are not applied. I definitely used tabs to delimit the
>fields of that file. If I change the setting for the filename rules file
>in MailScanner.conf to use either the inbound or outbound file it works
>with no syntax error.

What you should have done is this:
1. Copy original filenames.rules.conf file to inbound.filename.rules.conf
and outbound.filename.rules.conf (let's just leave them in /etc/MailScanner
for this example, they are conf files more than rules files, sorry for the
filenames I came up with, they weren't a good choice).
2. Create a file %rules-dir%/filename.rules. In it put these 2 lines:
From: 192.168.0 %etc-dir%/outbound.filename.rules.conf
FromOrTo: default %etc-dir%/inbound.filename.rules.conf
It doesn't matter what mix of spaces or tabs you use in real rules files
(which this is).
3. In MailScanner.conf, put this line:
Filename Rules = %rules-dir%/filename.rules

The files in which tab characters matter are filename.rules.conf and
filetype.rules.conf. From/To rules files (which are normally put in
%rules-dir%) don't mind what sort of white space you use.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Wed Sep 29 18:17:16 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2788.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Brent Strignano wrote:

>Hello,
>
>I'm trying to follow the FAQ and specify a different filename rules file
>for outgoing and incoming mail.
>Here is what I did so far.
>Copied the original 'filename.rules.conf' file to
>'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
>them in my rules directory.
>Created a new filename.rules.conf file that contains the following:
>From:           192.168.0
>%rules-dir%/outbound.filename.rules.conf
>FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf
>
>When I start MailScanner I get these errors in the maillog:
>
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
>line 1 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>with tab characters!
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
>line 2 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>with tab characters!
>
>And the rules are not applied. I definitely used tabs to delimit the
>fields of that file. If I change the setting for the filename rules file
>in MailScanner.conf to use either the inbound or outbound file it works
>with no syntax error.
>

It isn't the tabs that is the problem, it is the files you are creating.

1.  Point MailScanner.conf  to a ruleset, e.g.

    Filename Rules = %rules-dir%/Filename.rules

2.  In the above file you will use your From: and FromOrTo: default lines:

    From:   192.168.0   /opt/MailScanner/etc/outbound.filename.rules.conf
    FromOrTo:   default   /opt/MailScanner/etc/filename.rules.conf

You shouldn't need to change the original filename.rules.conf for
incoming email, just outbound, I'm assuming.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jd at BENTECMED.COM  Wed Sep 29 18:20:46 2004
From: jd at BENTECMED.COM (JD)
Date: Thu Jan 12 21:27:04 2006
Subject: How do I deal with {blocked content}?
Message-ID: <mailman.2789.1137101224.24926.mailscanner@lists.mailscanner.info>

I've recently been getting multiple {blocked content} messages that are
valid messages. Mailscanner reports a script in the html message or doesn't
report anything at all. What solutions are there to minimize {blocked
content} to legitimate email?

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jeff at IMAGE-SRC.COM  Wed Sep 29 18:21:40 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:27:04 2006
Subject: user_prefs file
Message-ID: <mailman.2790.1137101224.24926.mailscanner@lists.mailscanner.info>

# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

When I first read this, I thought that MailScanner would look for the
user_prefs or whitelist files in my home directory and in another specified
directory (wasn't really sure how this would be implemented but didn't need
it anyhow). I don't know, the combination of "per-user" and
"~/.spamassassin/" made me think I could set up per-user rules easily by
putting user_prefs files in the users home directories. All I'm saying, is
that before I posted I searched archives for user_prefs (which returned no
relevant posts) and searched google a bit and it seemed like I had a simple
config problem - not that it wasn't possible.

Here's another post from someone who read it the same way:

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20904277.html

At any rate, I don't really even need this functionality...I had just wanted
to test what increasing the scores for a few rules would do to suspected
spam on my email before I implemented it site-wide.

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, September 28, 2004 8:45 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: user_prefs file


Exactly which comments and what wording would you prefer?

At 22:03 28/09/2004, you wrote:
>You should modify the config file comments as it is misleading. I read a
>bunch of posts from other sites with admins who misinterpeted the
>comments as well.
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Tuesday, September 28, 2004 12:51 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: user_prefs file
>
>
>This has been mentioned many times here. MailScanner always calls
>SpamAssassin as the same user. The real username to use would only be
>known
>at delivery time, which is long after MailScanner has got out of the
>way. I
>don't interfere with the delivery process at all as it is far too
>complicated for most users to be able to setup without lots of help :-)
>
>The things that people usually want to configure per-user are
>configurable
>via MailScanner instead. This includes the score thresholds and actions,
>and the white and black lists. And if you want to read these from an
>SQL,
>LDAP or other storage system, you can do all of that with simple Custom
>Functions.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jeff at IMAGE-SRC.COM  Wed Sep 29 18:21:40 2004
From: jeff at IMAGE-SRC.COM (Jeff Graves)
Date: Thu Jan 12 21:27:04 2006
Subject: user_prefs file
Message-ID: <mailman.2791.1137101224.24926.mailscanner@lists.mailscanner.info>

# The per-user files (bayes, auto-whitelist, user_prefs) are looked
# for here and in ~/.spamassassin/. Note the files are mutable.
# If this is unset then no extra places are searched for.
# If using Postfix, you probably want to set this as shown in the example
# line at the end of this comment, and do
#      mkdir /var/spool/MailScanner/spamassassin
#      chown postfix.postfix /var/spool/MailScanner/spamassassin
#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

When I first read this, I thought that MailScanner would look for the
user_prefs or whitelist files in my home directory and in another specified
directory (wasn't really sure how this would be implemented but didn't need
it anyhow). I don't know, the combination of "per-user" and
"~/.spamassassin/" made me think I could set up per-user rules easily by
putting user_prefs files in the users home directories. All I'm saying, is
that before I posted I searched archives for user_prefs (which returned no
relevant posts) and searched google a bit and it seemed like I had a simple
config problem - not that it wasn't possible.

Here's another post from someone who read it the same way:

http://www.experts-exchange.com/Operating_Systems/Linux/Q_20904277.html

At any rate, I don't really even need this functionality...I had just wanted
to test what increasing the scores for a few rules would do to suspected
spam on my email before I implemented it site-wide.

Jeff Graves, MCSA
Customer Support Engineer
Image Source, Inc.
10 Mill Street
Bellingham, MA 02019

508.966.5200 - Phone
508.966.5170 - Fax
jeff@image-src.com - Email
www.image-src.com

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Tuesday, September 28, 2004 8:45 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: user_prefs file


Exactly which comments and what wording would you prefer?

At 22:03 28/09/2004, you wrote:
>You should modify the config file comments as it is misleading. I read a
>bunch of posts from other sites with admins who misinterpeted the
>comments as well.
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Tuesday, September 28, 2004 12:51 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: user_prefs file
>
>
>This has been mentioned many times here. MailScanner always calls
>SpamAssassin as the same user. The real username to use would only be
>known
>at delivery time, which is long after MailScanner has got out of the
>way. I
>don't interfere with the delivery process at all as it is far too
>complicated for most users to be able to setup without lots of help :-)
>
>The things that people usually want to configure per-user are
>configurable
>via MailScanner instead. This includes the score thresholds and actions,
>and the white and black lists. And if you want to read these from an
>SQL,
>LDAP or other storage system, you can do all of that with simple Custom
>Functions.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Wed Sep 29 18:21:57 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:04 2006
Subject: How do I deal with {blocked content}?
Message-ID: <mailman.2792.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
JD wrote:

>I've recently been getting multiple {blocked content} messages that are
>valid messages. Mailscanner reports a script in the html message or doesn't
>report anything at all. What solutions are there to minimize {blocked
>content} to legitimate email?
>
>-JD
>
It depends on what content is being blocked...iframe tags, object tags,
script tags...

There are several different ways to go about it, you can allow the tag,
you can disarm the tag, you can do either for specific addresses, etc.
What do you want to do?

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From edu at ICARUS.COM.BR  Wed Sep 29 18:29:58 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:27:04 2006
Subject: Block Email
Message-ID: <mailman.2793.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi,

is it possible MailScanner block email with base in the
X-Mailer field of email header?

Tnx.

Ed

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 18:31:59 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: user_prefs file
Message-ID: <mailman.2794.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Yes, I see the problem now.
I have added this to the comment above the setting:
# NOTE: SpamAssassin is always called from MailScanner as the same user,
#       and that is the "Run As" user specified above. So you can only
#       have 1 set of "per-user" files, it's just that you might possibly
#       need to modify this location.
#       You should not normally need to set this at all.

At 18:21 29/09/2004, you wrote:
># The per-user files (bayes, auto-whitelist, user_prefs) are looked
># for here and in ~/.spamassassin/. Note the files are mutable.
># If this is unset then no extra places are searched for.
># If using Postfix, you probably want to set this as shown in the example
># line at the end of this comment, and do
>#      mkdir /var/spool/MailScanner/spamassassin
>#      chown postfix.postfix /var/spool/MailScanner/spamassassin
>#SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
>
>When I first read this, I thought that MailScanner would look for the
>user_prefs or whitelist files in my home directory and in another specified
>directory (wasn't really sure how this would be implemented but didn't need
>it anyhow). I don't know, the combination of "per-user" and
>"~/.spamassassin/" made me think I could set up per-user rules easily by
>putting user_prefs files in the users home directories. All I'm saying, is
>that before I posted I searched archives for user_prefs (which returned no
>relevant posts) and searched google a bit and it seemed like I had a simple
>config problem - not that it wasn't possible.
>
>Here's another post from someone who read it the same way:
>
>http://www.experts-exchange.com/Operating_Systems/Linux/Q_20904277.html
>
>At any rate, I don't really even need this functionality...I had just wanted
>to test what increasing the scores for a few rules would do to suspected
>spam on my email before I implemented it site-wide.
>
>-----Original Message-----
>Exactly which comments and what wording would you prefer?
>
>At 22:03 28/09/2004, you wrote:
> >You should modify the config file comments as it is misleading. I read a
> >bunch of posts from other sites with admins who misinterpeted the
> >comments as well.
> >
> >-----Original Message-----
> >
> >This has been mentioned many times here. MailScanner always calls
> >SpamAssassin as the same user. The real username to use would only be
> >known
> >at delivery time, which is long after MailScanner has got out of the
> >way. I
> >don't interfere with the delivery process at all as it is far too
> >complicated for most users to be able to setup without lots of help :-)
> >
> >The things that people usually want to configure per-user are
> >configurable
> >via MailScanner instead. This includes the score thresholds and actions,
> >and the white and black lists. And if you want to read these from an
> >SQL,
> >LDAP or other storage system, you can do all of that with simple Custom
> >Functions.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 18:34:13 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: How do I deal with {blocked content}?
Message-ID: <mailman.2795.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:21 29/09/2004, you wrote:
>JD wrote:
>
>>I've recently been getting multiple {blocked content} messages that are
>>valid messages. Mailscanner reports a script in the html message or doesn't
>>report anything at all. What solutions are there to minimize {blocked
>>content} to legitimate email?
>>
>>-JD
>It depends on what content is being blocked...iframe tags, object tags,
>script tags...
>
>There are several different ways to go about it, you can allow the tag,
>you can disarm the tag, you can do either for specific addresses, etc.
>What do you want to do?

A common thing to do with scripts in mail messages is to "disarm" them.
Read the MailScanner.conf setting for "Allow Script Tags".

I have changed the default supplied MailScanner.conf file so it is set to
"disarm" HTML script tags.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Wed Sep 29 18:36:23 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:04 2006
Subject: Block Email
Message-ID: <mailman.2796.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Ed Andre wrote:

>Hi,
>
>is it possible MailScanner block email with base in the
>X-Mailer field of email header?
>
>
You can create a custom SpamAssassin rule in spam.assassin.prefs.conf
with a high score:

header  JUNK_X_MAILER X-Mailer =~ /base/i
describe JUNK_X_MAILER X-Mailer header contains base
score JUNK_X_MAILER 10

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 18:37:35 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Block Email
Message-ID: <mailman.2797.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 18:29 29/09/2004, you wrote:
>is it possible MailScanner block email with base in the
>X-Mailer field of email header?

No. Why would you want to, out of curiosity?
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From marcel-ml at IRC-ADDICTS.DE  Wed Sep 29 18:37:38 2004
From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers)
Date: Thu Jan 12 21:27:04 2006
Subject: Antivir update Problems..
Message-ID: <mailman.2798.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi there,

[..]

>
> Try the attached antivir-autoupdate in place of the one you have in
> /usr/lib/MailScanner. It has a 5 minute timeout built into it.
>
changed the file..and tested a bit around..

it seems that the latest antivir is doing the problem..

downloaded the version from the antivir-website (antivir.de) and
uncompressed it.

The version available on the website is:

AntiVir / Linux Version 2.1.1-13

With this version an update just works fine.

But it updates also antivir itself..into version:

AntiVir / Linux Version 2.1.1-25


and with that, you will get those update-problems..

I already send an email to H+BEDV Datentechnik, maybe they will fix that.

Greetings

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From edu at ICARUS.COM.BR  Wed Sep 29 18:50:57 2004
From: edu at ICARUS.COM.BR (Ed Andre)
Date: Thu Jan 12 21:27:04 2006
Subject: Block Email
Message-ID: <mailman.2799.1137101224.24926.mailscanner@lists.mailscanner.info>

Some spam-sending software tags its mail with X-Mailer headers advertising
the software. It also sometimes tags mail with Precedence: junk or
Precedence: bulk headers.


X-Mailer:Delphi Mailing System
X-Mailer:GoldMine
X-Mailer:MailWorkZ

I wold like to block this.

Tnx.

Ed


> At 18:29 29/09/2004, you wrote:
>>is it possible MailScanner block email with base in the
>>X-Mailer field of email header?
>
> No. Why would you want to, out of curiosity?
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From ugob at CAMO-ROUTE.COM  Wed Sep 29 19:09:33 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:27:04 2006
Subject: how di I re-inject a quarantined message
Message-ID: <mailman.2800.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Robin M. wrote:
> I have a message that I need to re-inject to be sent out, what is the best
> way to do this.
>
> The mta is postfix

Have a look at the MAQ page (see url below).

>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From brent at MIRABITO.COM  Wed Sep 29 20:20:17 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2801.1137101224.24926.mailscanner@lists.mailscanner.info>

Thank you, That worked.

I assume that because I didn't have to change anything in the files that
their location (rules-dir vs. etc-dir) is also specific to whether they
are "rules" or "configuration" files?  Or was it that my original
"rules" file ended in ".conf"?

Thanks again,

Brent Strignano


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Wednesday, September 29, 2004 1:13 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Yet another rules question


At 18:02 29/09/2004, you wrote:
>Hello,
>
>I'm trying to follow the FAQ and specify a different filename rules 
>file for outgoing and incoming mail. Here is what I did so far.
>Copied the original 'filename.rules.conf' file to
>'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
>them in my rules directory.
>Created a new filename.rules.conf file that contains the following:
>From:           192.168.0
>%rules-dir%/outbound.filename.rules.conf
>FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf
>
>When I start MailScanner I get these errors in the maillog:
>
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on 
>line 1 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields

>with tab characters! Sep 29 12:11:03 mailscan MailScanner[3181]: 
>Possible syntax error on line 2 of 
>/etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields

>with tab characters!
>
>And the rules are not applied. I definitely used tabs to delimit the 
>fields of that file. If I change the setting for the filename rules 
>file in MailScanner.conf to use either the inbound or outbound file it 
>works with no syntax error.

What you should have done is this:
1. Copy original filenames.rules.conf file to
inbound.filename.rules.conf and outbound.filename.rules.conf (let's just
leave them in /etc/MailScanner for this example, they are conf files
more than rules files, sorry for the filenames I came up with, they
weren't a good choice). 2. Create a file %rules-dir%/filename.rules. In
it put these 2 lines:
From: 192.168.0 %etc-dir%/outbound.filename.rules.conf
FromOrTo: default %etc-dir%/inbound.filename.rules.conf
It doesn't matter what mix of spaces or tabs you use in real rules files
(which this is). 3. In MailScanner.conf, put this line: Filename Rules =
%rules-dir%/filename.rules

The files in which tab characters matter are filename.rules.conf and
filetype.rules.conf. From/To rules files (which are normally put in
%rules-dir%) don't mind what sort of white space you use.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support Buy the MailScanner book at
www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From brent at MIRABITO.COM  Wed Sep 29 20:20:17 2004
From: brent at MIRABITO.COM (Brent Strignano)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2802.1137101224.24926.mailscanner@lists.mailscanner.info>

Thank you, That worked.

I assume that because I didn't have to change anything in the files that
their location (rules-dir vs. etc-dir) is also specific to whether they
are "rules" or "configuration" files?  Or was it that my original
"rules" file ended in ".conf"?

Thanks again,

Brent Strignano


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Wednesday, September 29, 2004 1:13 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Yet another rules question


At 18:02 29/09/2004, you wrote:
>Hello,
>
>I'm trying to follow the FAQ and specify a different filename rules
>file for outgoing and incoming mail. Here is what I did so far.
>Copied the original 'filename.rules.conf' file to
>'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
>them in my rules directory.
>Created a new filename.rules.conf file that contains the following:
>From:           192.168.0
>%rules-dir%/outbound.filename.rules.conf
>FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf
>
>When I start MailScanner I get these errors in the maillog:
>
>Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
>line 1 of /etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields

>with tab characters! Sep 29 12:11:03 mailscan MailScanner[3181]:
>Possible syntax error on line 2 of
>/etc/MailScanner/rules/filename.rules.conf
>Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields

>with tab characters!
>
>And the rules are not applied. I definitely used tabs to delimit the
>fields of that file. If I change the setting for the filename rules
>file in MailScanner.conf to use either the inbound or outbound file it
>works with no syntax error.

What you should have done is this:
1. Copy original filenames.rules.conf file to
inbound.filename.rules.conf and outbound.filename.rules.conf (let's just
leave them in /etc/MailScanner for this example, they are conf files
more than rules files, sorry for the filenames I came up with, they
weren't a good choice). 2. Create a file %rules-dir%/filename.rules. In
it put these 2 lines:
From: 192.168.0 %etc-dir%/outbound.filename.rules.conf
FromOrTo: default %etc-dir%/inbound.filename.rules.conf
It doesn't matter what mix of spaces or tabs you use in real rules files
(which this is). 3. In MailScanner.conf, put this line: Filename Rules =
%rules-dir%/filename.rules

The files in which tab characters matter are filename.rules.conf and
filetype.rules.conf. From/To rules files (which are normally put in
%rules-dir%) don't mind what sort of white space you use.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support Buy the MailScanner book at
www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Wed Sep 29 20:32:15 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Yet another rules question
Message-ID: <mailman.2803.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Files can be anywhere. If a filename ends in .rule or .rules then it tends
to think they are rulesets. It is unfortunate that there are really 2
distinct sorts of rules in MailScanner, the From/To rulesets and the
allow/deny filename/filetype rules.

At 20:20 29/09/2004, you wrote:
>Thank you, That worked.
>
>I assume that because I didn't have to change anything in the files that
>their location (rules-dir vs. etc-dir) is also specific to whether they
>are "rules" or "configuration" files?  Or was it that my original
>"rules" file ended in ".conf"?
>
>Thanks again,
>
>Brent Strignano
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Wednesday, September 29, 2004 1:13 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Yet another rules question
>
>
>At 18:02 29/09/2004, you wrote:
> >Hello,
> >
> >I'm trying to follow the FAQ and specify a different filename rules
> >file for outgoing and incoming mail. Here is what I did so far.
> >Copied the original 'filename.rules.conf' file to
> >'inbound.filename.rules.conf' and 'outbound.filname.rules.conf' and put
> >them in my rules directory.
> >Created a new filename.rules.conf file that contains the following:
> >From:           192.168.0
> >%rules-dir%/outbound.filename.rules.conf
> >FromOrTo:       default         %rules-dir%/inbound.filename.rules.conf
> >
> >When I start MailScanner I get these errors in the maillog:
> >
> >Sep 29 12:11:03 mailscan MailScanner[3181]: Possible syntax error on
> >line 1 of /etc/MailScanner/rules/filename.rules.conf
> >Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>
> >with tab characters! Sep 29 12:11:03 mailscan MailScanner[3181]:
> >Possible syntax error on line 2 of
> >/etc/MailScanner/rules/filename.rules.conf
> >Sep 29 12:11:03 mailscan MailScanner[3181]: Remember to separate fields
>
> >with tab characters!
> >
> >And the rules are not applied. I definitely used tabs to delimit the
> >fields of that file. If I change the setting for the filename rules
> >file in MailScanner.conf to use either the inbound or outbound file it
> >works with no syntax error.
>
>What you should have done is this:
>1. Copy original filenames.rules.conf file to
>inbound.filename.rules.conf and outbound.filename.rules.conf (let's just
>leave them in /etc/MailScanner for this example, they are conf files
>more than rules files, sorry for the filenames I came up with, they
>weren't a good choice). 2. Create a file %rules-dir%/filename.rules. In
>it put these 2 lines:
>From: 192.168.0 %etc-dir%/outbound.filename.rules.conf
>FromOrTo: default %etc-dir%/inbound.filename.rules.conf
>It doesn't matter what mix of spaces or tabs you use in real rules files
>(which this is). 3. In MailScanner.conf, put this line: Filename Rules =
>%rules-dir%/filename.rules
>
>The files in which tab characters matter are filename.rules.conf and
>filetype.rules.conf. From/To rules files (which are normally put in
>%rules-dir%) don't mind what sort of white space you use.
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz MailScanner thanks
>transtec Computers for their support Buy the MailScanner book at
>www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
>mailscanner' in the body of the email. Before posting, read the MAQ
>(http://www.mailscanner.biz/maq/) and the archives
>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From james_gray at OCS.COM  Wed Sep 29 21:21:16 2004
From: james_gray at OCS.COM (James Gray)
Date: Thu Jan 12 21:27:04 2006
Subject: Perl libraries not being picked up
Message-ID: <mailman.2804.1137101224.24926.mailscanner@lists.mailscanner.info>

On Wed, 29 Sep 2004 06:52 pm, Julian Field wrote:
> At 06:03 29/09/2004, you wrote:
> >Hi All,
> >
> >My Debian Woody (+backports.org) install is having a problem with
> >CPAN-installed modules not being picked up by SpamAssassin 3.0.
> >
> >$perl -v:
>
> But which perl is that running? /usr/local/bin/perl or /usr/bin/perl? You
> appear to have 2 Perls installed, which will cause you endless trouble.

Thanks Julian, but I don't think I'm running two versions (heheh - been there,
done that! :P):
# which perl
/usr/bin/perl

# find / -name "perl" -type f
/usr/bin/perl
#

However, overnight I've noticed rule hits like this:
...RCVD_IN_BL_SPAMCOP_NET 1.22, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21,
URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46...

Are these the RBL's in SA 3.0??  If it's working, then that's fine, but 2
questions remain:
1. why isn't SA picking up the updated CPAN modules?
2. why is CPAN installing updated modules in /usr/local/lib/...?

Any takers??

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Wed Sep 29 21:55:11 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0 debugging, burned by Sys-Hostname-Long
Message-ID: <mailman.2805.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Gang,

I was doing some testing of SA 3.0 on the issue of URIBL, by doing:

spamassassin -D -p /etc/mail/spamassassin/local.cf --test < bad.msg

where bad.msg was from Rick Cooper's posting about this whole issue
of getting the URIBL stuff to work.  Anyway, the command above reset
my hostname on my Solaris box!!!  (I was running as root since MS does).

This bug is a manifestation of the bug in Sys-Hostname-Long-1.2,
whereby it changes your hostname to "-fqdn" as part of the "make test"
stuff during installation.  Beware that it bites in other ways!
(Julian, any fix from the maintainer?)

My test output of SA 3.0 shows that the URIBL stuff is being used
against the test message, but I shure don't see any syslogging of
its use from MailScanner.  <headscratch>

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Wed Sep 29 22:07:59 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2806.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I tried this, the email sails right thru to me, with no complaints
at all.  Conclusion?

Jeff Earickson
Colby College

On Wed, 29 Sep 2004, Mark Nienberg wrote:

> Date: Wed, 29 Sep 2004 09:53:33 -0700
> From: Mark Nienberg <mark@TIPPINGMAR.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: SA 3.0.0, what other local cf files?
>
> On 29 Sep 2004 at 13:59, Remco Barendse wrote:
>> I guess this means that SA is working correctly, dont know why the scores
>> aren't assingned to the mails.
>
> Simple test is to go to the following website, copy one of the recently reported
> website urls, paste it into a message and e-mail it to yourself.  (Being aware of any
> whitelisting you may have set up, etc).
>
> http://www.spamcop.net/w3m?action=inprogress&type=www
>
>
>
> --
> Mark W. Nienberg, SE
> Tipping Mar + associates
> 1906 Shattuck Ave
> Berkeley, CA 94704
> 510 549-1906 ext 236
> http://www.tippingmar.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From peter at UCGBOOK.COM  Wed Sep 29 22:29:32 2004
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2807.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Julian Field wrote:
> Of that lot, the only ones you need to keep are antidrug.cf and
> bogus-virus-warnings.cf, the others are all built in.

Isn't Matt Kettlers antidrug.cf supposed to be included into SA3 as well?

--
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkettler at EVI-INC.COM  Wed Sep 29 22:37:32 2004
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2808.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 05:29 PM 9/29/2004, Peter Bonivart wrote:
> > Of that lot, the only ones you need to keep are antidrug.cf and
> > bogus-virus-warnings.cf, the others are all built in.
>
>Isn't Matt Kettlers antidrug.cf supposed to be included into SA3 as well?

Yes, antidrug is built into SA 3.0.

I'm quite happy in general with the scores the rules got too. It's a little
odd that DRUGS_ERECTILE_OBFU scores low when net checks are enabled, but I
suspect a lot of that is due to the incredible power of the SURBL lists
causing overlap.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From wright at CYBERVALE.COM  Wed Sep 29 22:50:10 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2809.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hey Guys I've been battling with this one for a
while and have posted before with no replies, I still don't know where to
turn.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I've tried running the latest release of the
install-Clam-SA package by Julian but keep getting this error:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp; Starting "make" Stage<BR>make[1]: Entering
directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'<BR>/usr/bin/perl
/usr/lib/perl5/5.8.0/ExtUtils/xsubpp&nbsp; -typemap
/usr/lib/perl5/5.8.0/ExtUtils/typemap&nbsp;&nbsp; ClamAV.xs &gt; ClamAV.xsc
&amp;&amp; mv ClamAV.xsc ClamAV.c<BR>gcc -c&nbsp;
-I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/include -D_REENTRANT
-D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing
-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-I/usr/include/gdbm -O2 -march=i386 -mcpu=i686 -g&nbsp;&nbsp; -DVERSION=\"0.11\"
-DXS_VERSION=\"0.11\" -fPIC
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"&nbsp;&nbsp;
ClamAV.c<BR>Running Mkbootstrap for Mail::ClamAV ()<BR>chmod 644 ClamAV.bs<BR>rm
-f blib/arch/auto/Mail/ClamAV/ClamAV.so<BR>LD_RUN_PATH="/usr/lib" gcc&nbsp;
-shared -L/usr/local/lib ClamAV.o&nbsp; -o
blib/arch/auto/Mail/ClamAV/ClamAV.so&nbsp;&nbsp; -L/usr/lib -lz -lbz2 -lgmp
-lpthread -lclamav<BR>/usr/bin/ld: cannot find -lbz2<BR>collect2: ld returned 1
exit status<BR>make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error
1<BR>make[1]: Leaving directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>A problem was encountered while attempting to
compile and install your Inline<BR>C code. The command that failed
was:<BR>&nbsp; make</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>The build directory
was:<BR>/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>To debug the problem, cd to the build directory,
and inspect the output files.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;at
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 159<BR>BEGIN
failed--compilation aborted at
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line
447.<BR>Compilation failed in require.<BR>BEGIN failed--compilation
aborted.<BR>make: *** [ClamAV.inl] Error 2<BR>error: Bad exit status from
/var/tmp/rpm-tmp.29043 (%build)</FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=Arial size=2>
<DIV><BR>RPM build errors:<BR>&nbsp;&nbsp;&nbsp; Bad exit status from
/var/tmp/rpm-tmp.29043 (%build)</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>Missing file
/usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.<BR>Maybe it did
not build correctly?<BR>*<BR>* This Could Be A Problem. Press Ctrl-S
Now!!<BR></FONT></DIV><FONT face=Arial size=2>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV></FONT><FONT face=Arial size=2>I have clam already installed so I use the
--noclam flag</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&amp;L=mailscanner&amp;P=R66063&amp;I=-1">http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&amp;L=mailscanner&amp;P=R66063&amp;I=-1</A>&nbsp;does
not help.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I would greatly appreciate any
help</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From wright at CYBERVALE.COM  Wed Sep 29 22:50:10 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2810.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hey Guys I've been battling with this one for a 
while and have posted before with no replies, I still don't know where to 
turn.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I've tried running the latest release of the 
install-Clam-SA package by Julian but keep getting this error:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp; Starting "make" Stage<BR>make[1]: Entering 
directory 
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'<BR>/usr/bin/perl 
/usr/lib/perl5/5.8.0/ExtUtils/xsubpp&nbsp; -typemap 
/usr/lib/perl5/5.8.0/ExtUtils/typemap&nbsp;&nbsp; ClamAV.xs &gt; ClamAV.xsc 
&amp;&amp; mv ClamAV.xsc ClamAV.c<BR>gcc -c&nbsp; 
-I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/include -D_REENTRANT 
-D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing 
-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
-I/usr/include/gdbm -O2 -march=i386 -mcpu=i686 -g&nbsp;&nbsp; -DVERSION=\"0.11\" 
-DXS_VERSION=\"0.11\" -fPIC 
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"&nbsp;&nbsp; 
ClamAV.c<BR>Running Mkbootstrap for Mail::ClamAV ()<BR>chmod 644 ClamAV.bs<BR>rm 
-f blib/arch/auto/Mail/ClamAV/ClamAV.so<BR>LD_RUN_PATH="/usr/lib" gcc&nbsp; 
-shared -L/usr/local/lib ClamAV.o&nbsp; -o 
blib/arch/auto/Mail/ClamAV/ClamAV.so&nbsp;&nbsp; -L/usr/lib -lz -lbz2 -lgmp 
-lpthread -lclamav<BR>/usr/bin/ld: cannot find -lbz2<BR>collect2: ld returned 1 
exit status<BR>make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 
1<BR>make[1]: Leaving directory 
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>A problem was encountered while attempting to 
compile and install your Inline<BR>C code. The command that failed 
was:<BR>&nbsp; make</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>The build directory 
was:<BR>/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>To debug the problem, cd to the build directory, 
and inspect the output files.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp;at 
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 159<BR>BEGIN 
failed--compilation aborted at 
/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 
447.<BR>Compilation failed in require.<BR>BEGIN failed--compilation 
aborted.<BR>make: *** [ClamAV.inl] Error 2<BR>error: Bad exit status from 
/var/tmp/rpm-tmp.29043 (%build)</FONT></DIV>
<DIV>&nbsp;</DIV><FONT face=Arial size=2>
<DIV><BR>RPM build errors:<BR>&nbsp;&nbsp;&nbsp; Bad exit status from 
/var/tmp/rpm-tmp.29043 (%build)</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>Missing file 
/usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.<BR>Maybe it did 
not build correctly?<BR>*<BR>* This Could Be A Problem. Press Ctrl-S 
Now!!<BR></FONT></DIV><FONT face=Arial size=2>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV></FONT><FONT face=Arial size=2>I have clam already installed so I use the 
--noclam flag</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><A 
href="http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&amp;L=mailscanner&amp;P=R66063&amp;I=-1">http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&amp;L=mailscanner&amp;P=R66063&amp;I=-1</A>&nbsp;does 
not help.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I would greatly appreciate any 
help</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From wright at CYBERVALE.COM  Wed Sep 29 23:21:47 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2811.1137101224.24926.mailscanner@lists.mailscanner.info>

I've already got bzip2, can anyone provide more details as to my next step.
How do I check if I have the libraries and if not how do I install them.

(Forgive me for I have sinned, I have committed the crime of being a newbie)
thanks for your help


----- Original Message -----
From: "A. Eijkhoudt" <penguin@DHCP.NET>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Wednesday, September 29, 2004 6:52 PM
Subject: Re: Install-Clam error


> > LD_RUN_PATH="/usr/lib" gcc  -shared -L/usr/local/lib ClamAV.o  -o
blib/arch/auto/Mail/ClamAV/ClamAV.so   -L/usr/lib -lz -lbz2 -lgmp -lpthread
-lclamav
> > /usr/bin/ld: cannot find -lbz2
> > collect2: ld returned 1 exit status
> > make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1
> > make[1]: Leaving directory
`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>
> The cannot find -lbz2 error means you need to install bzip2, specifically
> its libraries.
>
> Good luck,
>
> A. Eijkhoudt
>
> --
> This message has been scanned for viruses and
> dangerous HTML content by Valethosting.
>
> Dit bericht is gecontroleerd op virussen en gevaarlijke
> HTML door Valethosting's MailScanner.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mark at TIPPINGMAR.COM  Wed Sep 29 23:52:19 2004
From: mark at TIPPINGMAR.COM (Mark Nienberg)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2812.1137101224.24926.mailscanner@lists.mailscanner.info>

On 29 Sep 2004 at 17:07, Jeff A. Earickson wrote:

> I tried this, the email sails right thru to me, with no complaints
> at all.  Conclusion?
>
> Jeff Earickson
> Colby College
>
> On Wed, 29 Sep 2004, Mark Nienberg wrote:
>
> > Date: Wed, 29 Sep 2004 09:53:33 -0700
> > From: Mark Nienberg <mark@TIPPINGMAR.COM>
> > Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: SA 3.0.0, what other local cf files?
> >
> > On 29 Sep 2004 at 13:59, Remco Barendse wrote:
> >> I guess this means that SA is working correctly, dont know why the scores
> >> aren't assingned to the mails.
> >
> > Simple test is to go to the following website, copy one of the recently reported
> > website urls, paste it into a message and e-mail it to yourself.  (Being aware of any
> > whitelisting you may have set up, etc).
> >
> > http://www.spamcop.net/w3m?action=inprogress&type=www

If you have MailScanner configured thus:

Always Include SpamAssassin Report = yes

and you view the headers of the message and you see a SpamAssassin score, but
you don't see a SURBL item listed in it, then I would say the SURBLs aen't working
for you.
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From penguin at DHCP.NET  Wed Sep 29 23:52:30 2004
From: penguin at DHCP.NET (A. Eijkhoudt)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2813.1137101224.24926.mailscanner@lists.mailscanner.info>

> LD_RUN_PATH="/usr/lib" gcc  -shared -L/usr/local/lib ClamAV.o  -o blib/arch/auto/Mail/ClamAV/ClamAV.so   -L/usr/lib -lz -lbz2 -lgmp -lpthread -lclamav
> /usr/bin/ld: cannot find -lbz2
> collect2: ld returned 1 exit status
> make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1
> make[1]: Leaving directory `/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'

The cannot find -lbz2 error means you need to install bzip2, specifically
its libraries.

Good luck,

A. Eijkhoudt

--
This message has been scanned for viruses and
dangerous HTML content by Valethosting.

Dit bericht is gecontroleerd op virussen en gevaarlijke
HTML door Valethosting's MailScanner.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From kevins at BMRB.CO.UK  Thu Sep 30 00:14:38 2004
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2814.1137101224.24926.mailscanner@lists.mailscanner.info>

On Wed, 2004-09-29 at 22:50, Terran Wright wrote:
> /usr/bin/ld: cannot find -lbz2

Install the bzip2-devel rpm.




BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From raymond at PROLOCATION.NET  Thu Sep 30 00:27:10 2004
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2815.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi!

> I've already got bzip2, can anyone provide more details as to my next step.
> How do I check if I have the libraries and if not how do I install them.

You need bzip2-libs (devel)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From wright at CYBERVALE.COM  Thu Sep 30 00:56:47 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:27:04 2006
Subject: Install-Clam error
Message-ID: <mailman.2816.1137101224.24926.mailscanner@lists.mailscanner.info>

> On Wed, 2004-09-29 at 22:50, Terran Wright wrote:
> > /usr/bin/ld: cannot find -lbz2
>
> Install the bzip2-devel rpm.

Ok Guys I've been chugging along, getting build errors and fixing them by
installing the specified RPMs, but here I get:

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.9403 (%build)



Missing file /usr/src/redhat/RPMS/noarch/perl-URI-1.31-1.noarch.rpm.
Maybe it did not build correctly?

I can't seem to find 1.31-1, I've only been able to find perl-URI-1.21-7 and
I have that installed.
Any help here?


Also do I need to be concerned about these:

1. Warning: prerequisite Digest::base 1.00 not found

2. error: Failed dependencies:
        perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1

3. error: Failed dependencies:
        perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1


BTW, perl v5.8.0 is okay right?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jrudd at UCSC.EDU  Thu Sep 30 01:10:36 2004
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0 debugging, burned by Sys-Hostname-Long
Message-ID: <mailman.2817.1137101224.24926.mailscanner@lists.mailscanner.info>

Jeff: this is a known issue brought up on the list on Sept 4th (the
message subject was: "non-GNU systems: serious bug in SA3 dependency").


List: I volunteered to tackle this, and then a) our mail servers had a
problem, b) we had students come back from summer break and introduce
another set of problems, and c) a family crisis happend.  So, I haven't
had a chance to actually address this yet.

Over on the spamassassin list, they're discussing it (message subject
is: "Solaris Gotcha - Re: Quick upgrade review from 2.4x -> 3.0"), and
someone there HAS contacted the author of the module in question.  So,
some headway is being made somewhere ... but not by me.

If someone else wants to take it over from me, I understand.  Just post
a message to the list here, so we all know who is doing it.  Otherwise,
I expect I'll be able to get to it next week.

Last, I'm sorry for the delay and the lack of communication.


John



"Jeff A. Earickson" wrote:
>
> Gang,
>
> I was doing some testing of SA 3.0 on the issue of URIBL, by doing:
>
> spamassassin -D -p /etc/mail/spamassassin/local.cf --test < bad.msg
>
> where bad.msg was from Rick Cooper's posting about this whole issue
> of getting the URIBL stuff to work.  Anyway, the command above reset
> my hostname on my Solaris box!!!  (I was running as root since MS does).
>
> This bug is a manifestation of the bug in Sys-Hostname-Long-1.2,
> whereby it changes your hostname to "-fqdn" as part of the "make test"
> stuff during installation.  Beware that it bites in other ways!
> (Julian, any fix from the maintainer?)
>
> My test output of SA 3.0 shows that the URIBL stuff is being used
> against the test message, but I shure don't see any syslogging of
> its use from MailScanner.  <headscratch>
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From satya at BAINSDIGITAL.COM  Thu Sep 30 06:27:54 2004
From: satya at BAINSDIGITAL.COM (SatyaDev Sharma)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2818.1137101224.24926.mailscanner@lists.mailscanner.info>

Hello,
I m using per user sql based spam filtering .... it should work nicely
....where u r missing can u tell me in detail so i can describe !!

-Satya

----- Original Message -----
From: "Edmond Yeoh" <shearmagic@GMAIL.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Sunday, September 26, 2004 12:56 PM
Subject: MailScanner+SpamAssassin SQL User Preferences


> Hi everyone,
>
> I would like to ask if anyone have managed to load user-based spam
> rules from a mysql database.
>
> I have did the following in the configuration file, but it does not work.
>
>   user_scores_dsn                       DBI:mysql:spam:localhost
>   user_scores_sql_username        spam
>   user_scores_sql_password        pass
>   user_scores_sql_table               userpref
>
> From my research so far, I found out that MailScanner's use of
> spamassassin does not use the spamc / spamd but calls the perl
> function library directly.
>
> Can anyone provide some hints on what can be done to load the user
> spam rules from a database? Any kind of help / comments would be
> greatly appreciated. Thanks!
>
> Edmond
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> -------------------------------------------------------------
> Scanned for viruses, spam and dangerous content by DefenderMX
> -------------------------------------------------------------
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From shearmagic at gmail.com  Thu Sep 30 06:49:39 2004
From: shearmagic at gmail.com (Edmond Yeoh)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2819.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi Satya,

How did you get it to work? My users are not on the local server and
the mail is routed to other email servers based on LDAP Routing. Are
you using the spamc / spamd daemons? I saw a post by you on Feb 20th
stating you were having the same problem. What did you do to solve
this issue? I am also not getting any error in log but its not reading
from mysql table :(

Thanks for your help.

Regards,
Edmond Yeoh

On Thu, 30 Sep 2004 10:57:54 +0530, SatyaDev Sharma
<satya@bainsdigital.com> wrote:
> Hello,
> I m using per user sql based spam filtering .... it should work nicely
> ....where u r missing can u tell me in detail so i can describe !!
>
> -Satya
>
>
>
> ----- Original Message -----
> From: "Edmond Yeoh" <shearmagic@GMAIL.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Sunday, September 26, 2004 12:56 PM
> Subject: MailScanner+SpamAssassin SQL User Preferences
>
> > Hi everyone,
> >
> > I would like to ask if anyone have managed to load user-based spam
> > rules from a mysql database.
> >
> > I have did the following in the configuration file, but it does not work.
> >
> >   user_scores_dsn                       DBI:mysql:spam:localhost
> >   user_scores_sql_username        spam
> >   user_scores_sql_password        pass
> >   user_scores_sql_table               userpref
> >
> > From my research so far, I found out that MailScanner's use of
> > spamassassin does not use the spamc / spamd but calls the perl
> > function library directly.
> >
> > Can anyone provide some hints on what can be done to load the user
> > spam rules from a database? Any kind of help / comments would be
> > greatly appreciated. Thanks!
> >
> > Edmond
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > -------------------------------------------------------------
> > Scanned for viruses, spam and dangerous content by DefenderMX
> > -------------------------------------------------------------
> >
> >
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From satya at BAINSDIGITAL.COM  Thu Sep 30 07:18:02 2004
From: satya at BAINSDIGITAL.COM (SatyaDev Sharma)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2820.1137101224.24926.mailscanner@lists.mailscanner.info>

Hello Edmond.

few points are there.....
if ur users are local then spac/spamd works well but if its a mail router
then u have to do some more titbits....!

u need to create a perl lib file for it,  that have functions about sql
pref.

1. create a file like sql_pref.pm
2. include it in CustomConfig.pm
3. define function names in MailScanner.conf
4. restart MS.

i m including a function below to get well how it works.


###################### Spam Score #######################################
sub InitGet_Spam_Score
{
  my $dbh = DBI->connect($dsn, $username, $password);
  my $sth = $dbh->prepare("SELECT * FROM spam_setting ORDER BY $to_mail");
  $sth->execute();
  my $count = 0;
  while (my $ref = $sth->fetchrow_hashref())
  {
        $list_hash_score{lc($ref->{'to_mail'})} = $ref->{'spam_score'};
        MailScanner::Log::InfoLog("SPAM score %s ->
%s",$ref->{'to_mail'},$ref->{'spam_score'});
        $count++;
  }
  $dbh->disconnect;
}
sub Get_Spam_Score
{
  my ($message) = @_;
  return 0 unless $message; # Sanity check the input
  my($from, @to, $to);
  $from       = $message->{from};
  @to         = @{$message->{to}};
  foreach $to (@to)
  {
    return $list_hash_score{lc($to)}  if $list_hash_score{lc($to)};
   }
   return $list_hash_score{(global_spam_setting)};
}

sub EndGet_Spam_Score
{
    ;
}
######################


- Satya !


----- Original Message -----
From: "Edmond Yeoh" <shearmagic@gmail.com>
To: "SatyaDev Sharma" <satya@bainsdigital.com>
Cc: <mailscanner@jiscmail.ac.uk>
Sent: Thursday, September 30, 2004 11:19 AM
Subject: Re: MailScanner+SpamAssassin SQL User Preferences


> Hi Satya,
>
> How did you get it to work? My users are not on the local server and
> the mail is routed to other email servers based on LDAP Routing. Are
> you using the spamc / spamd daemons? I saw a post by you on Feb 20th
> stating you were having the same problem. What did you do to solve
> this issue? I am also not getting any error in log but its not reading
> from mysql table :(
>
> Thanks for your help.
>
> Regards,
> Edmond Yeoh
>
> On Thu, 30 Sep 2004 10:57:54 +0530, SatyaDev Sharma
> <satya@bainsdigital.com> wrote:
> > Hello,
> > I m using per user sql based spam filtering .... it should work nicely
> > ....where u r missing can u tell me in detail so i can describe !!
> >
> > -Satya
> >
> >
> >
> > ----- Original Message -----
> > From: "Edmond Yeoh" <shearmagic@GMAIL.COM>
> > To: <MAILSCANNER@JISCMAIL.AC.UK>
> > Sent: Sunday, September 26, 2004 12:56 PM
> > Subject: MailScanner+SpamAssassin SQL User Preferences
> >
> > > Hi everyone,
> > >
> > > I would like to ask if anyone have managed to load user-based spam
> > > rules from a mysql database.
> > >
> > > I have did the following in the configuration file, but it does not
work.
> > >
> > >   user_scores_dsn                       DBI:mysql:spam:localhost
> > >   user_scores_sql_username        spam
> > >   user_scores_sql_password        pass
> > >   user_scores_sql_table               userpref
> > >
> > > From my research so far, I found out that MailScanner's use of
> > > spamassassin does not use the spamc / spamd but calls the perl
> > > function library directly.
> > >
> > > Can anyone provide some hints on what can be done to load the user
> > > spam rules from a database? Any kind of help / comments would be
> > > greatly appreciated. Thanks!
> > >
> > > Edmond

> > > -------------------------------------------------------------
> > > Scanned for viruses, spam and dangerous content by DefenderMX
> > > -------------------------------------------------------------
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at BARENDSE.TO  Thu Sep 30 08:45:37 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2821.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 29 Sep 2004, Jeff A. Earickson wrote:

> I tried this, the email sails right thru to me, with no complaints
> at all.  Conclusion?

You have the exact same problem as mine. SpamAssassin does SURBL lookup
correctly and as expected when run from the command line but scores
never turn up when going through MailScanner.

Could there be a problem/bug/typo in the way MailScanner invokes SpamAss?
Everything gets scored but URI. Maybe there is an old config file or shell
script that prevents URI from being invoked?

>
> Jeff Earickson
> Colby College
>
> On Wed, 29 Sep 2004, Mark Nienberg wrote:
>
>> Date: Wed, 29 Sep 2004 09:53:33 -0700
>> From: Mark Nienberg <mark@TIPPINGMAR.COM>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: SA 3.0.0, what other local cf files?
>>
>> On 29 Sep 2004 at 13:59, Remco Barendse wrote:
>>> I guess this means that SA is working correctly, dont know why the scores
>>> aren't assingned to the mails.
>>
>> Simple test is to go to the following website, copy one of the recently
>> reported
>> website urls, paste it into a message and e-mail it to yourself.  (Being
>> aware of any
>> whitelisting you may have set up, etc).
>>
>> http://www.spamcop.net/w3m?action=inprogress&type=www
>>
>>
>>
>> --
>> Mark W. Nienberg, SE
>> Tipping Mar + associates
>> 1906 Shattuck Ave
>> Berkeley, CA 94704
>> 510 549-1906 ext 236
>> http://www.tippingmar.com
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at BARENDSE.TO  Thu Sep 30 08:46:38 2004
From: mailscanner at BARENDSE.TO (Remco Barendse)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3.0.0, what other local cf files?
Message-ID: <mailman.2822.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
On Wed, 29 Sep 2004, Mark Nienberg wrote:

> On 29 Sep 2004 at 17:07, Jeff A. Earickson wrote:
>
>> I tried this, the email sails right thru to me, with no complaints
>> at all.  Conclusion?
>>
>> Jeff Earickson
>> Colby College
>>
>> On Wed, 29 Sep 2004, Mark Nienberg wrote:
>>
>>> Date: Wed, 29 Sep 2004 09:53:33 -0700
>>> From: Mark Nienberg <mark@TIPPINGMAR.COM>
>>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>>> To: MAILSCANNER@JISCMAIL.AC.UK
>>> Subject: Re: SA 3.0.0, what other local cf files?
>>>
>>> On 29 Sep 2004 at 13:59, Remco Barendse wrote:
>>>> I guess this means that SA is working correctly, dont know why the scores
>>>> aren't assingned to the mails.
>>>
>>> Simple test is to go to the following website, copy one of the recently reported
>>> website urls, paste it into a message and e-mail it to yourself.  (Being aware of any
>>> whitelisting you may have set up, etc).
>>>
>>> http://www.spamcop.net/w3m?action=inprogress&type=www
>
> If you have MailScanner configured thus:
>
> Always Include SpamAssassin Report = yes
>
> and you view the headers of the message and you see a SpamAssassin score, but
> you don't see a SURBL item listed in it, then I would say the SURBLs aen't working
> for you.

We figured as much, but why is it working from the cli and not when
invoked by MailScanner?



> --
> Mark W. Nienberg, SE
> Tipping Mar + associates
> 1906 Shattuck Ave
> Berkeley, CA 94704
> 510 549-1906 ext 236
> http://www.tippingmar.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mike.norton at JOBSITE.CO.UK  Thu Sep 30 08:49:22 2004
From: mike.norton at JOBSITE.CO.UK (Mike Norton)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3
Message-ID: <mailman.2823.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi,

I am currently running MailScanner-4.31.6-1 on our MailServers and I would like to upgrade to Spam Assassin 3.0 do I also need to upgrade the MailScanner installation to the latest release ? 

is there anything else I should look out for ?

Thanks

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mike.norton at JOBSITE.CO.UK  Thu Sep 30 08:49:22 2004
From: mike.norton at JOBSITE.CO.UK (Mike Norton)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3
Message-ID: <mailman.2824.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi,

I am currently running MailScanner-4.31.6-1 on our MailServers and I would like to upgrade to Spam Assassin 3.0 do I also need to upgrade the MailScanner installation to the latest release ?

is there anything else I should look out for ?

Thanks

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 08:55:02 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: SA 3
Message-ID: <mailman.2825.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 08:49 30/09/2004, you wrote:
>Hi,
>
>I am currently running MailScanner-4.31.6-1 on our MailServers and I would
>like to upgrade to Spam Assassin 3.0 do I also need to upgrade the
>MailScanner installation to the latest release ?

The bulk of the SpamAssassin 3 support was made in 4.30.3, so you should be
okay.

>is there anything else I should look out for ?

Read the SA3 upgrading instructions and make sure you do the sa-learn
--sync operation to upgrade your Bayes db.

Also, SA3 has quite a lot of dependencies, but I have a package built which
includes these in one easy-to-install package. It's listed in the "Other
Stuff" section at the bottom of the MailScanner downloads page.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From smilga at MIKROTIK.COM  Thu Sep 30 09:03:08 2004
From: smilga at MIKROTIK.COM (Martins Smilga)
Date: Thu Jan 12 21:27:04 2006
Subject: bayes_toks
Message-ID: <mailman.2826.1137101224.24926.mailscanner@lists.mailscanner.info>

Hello,

Can some explain me what meen under /var/lib/Mailscanner fails
bayes_toks.expire1111 ?
Can I remove it or I need to save them somewhere?
If they is expired why they are not removed automaticly?

Also question about /var/spool/MailScanner/archive. Can I set somewhere to
keep only current week and everything else is removed.


Thank you.

Best Regards
Martins Smilga

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lists at DVD-GOETSCH.DE  Thu Sep 30 09:46:21 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2827.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi there,

after I've been running MailScanner successfully since beginning of August,
strange things are happening since last Saturday.
Since then, MailScanner has started being killed from time to time (out of
memory) and thus begun starting inumerable processes making the system going
out of memory, the load climed dramatically (avg load > 16) and several
processes (i.e. apache, exim, shh, ...) exited and the system hung (log
excerpts see below).

Well this happend twice the last few days.
Has somebody a experienced similar beaviour or a glue what that might come
from?

I'm running MailScanner (4.32.5), with SpamAssassin (2.64), ClamAv-Module /
Bitdefender on a Debian box with exim (exact config below).

Any hints appreciated!
Thanks
.sebastian
.............
MailScanner --version
.............
This is Perl version 5.008004
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.02    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV


.............
syslog excerpts:
.............
Sep 28 17:21:59 lyra MailScanner[29549]: New Batch: Scanning 1 messages,
1286 bytes
Sep 28 17:22:22 lyra MailScanner[29549]: Spam Checks: Found 1 spam messages
Sep 28 17:22:22 lyra kernel: Out of Memory: Killed process 15648
(MailScanner).
Sep 28 17:22:24 lyra MailScanner[29549]: Virus and Content Scanning:
Starting
Sep 28 17:22:40 lyra MailScanner[29549]: Uninfected: Delivered 1 messages
Sep 28 17:22:40 lyra MailScanner[29549]: MailScanner child dying of old age
Sep 28 17:22:45 lyra MailScanner[15662]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 17:23:01 lyra /USR/SBIN/CRON[15664]: (mail) CMD (  if [ -x
/usr/lib/exim/exim3 -a -f /etc/exim/exim.conf ]; then /usr/lib/exim/exim3 -q
; fi)
Sep 28 17:24:17 lyra MailScanner[15662]: Using locktype = posix
Sep 28 17:24:17 lyra MailScanner[15662]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Sep 28 17:30:27 lyra MailScanner[15662]: New Batch: Scanning 1 messages,
5144 bytes
Sep 28 17:30:47 lyra kernel: Out of Memory: Killed process 16321
(MailScanner).
...
Sep 28 21:28:31 lyra kernel: Out of Memory: Killed process 26384
(MailScanner).
Sep 28 21:28:37 lyra MailScanner[26385]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:30:48 lyra kernel: Out of Memory: Killed process 26385
(MailScanner).
Sep 28 21:30:49 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:30:50 lyra MailScanner[26405]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:33:03 lyra kernel: Out of Memory: Killed process 26405
(MailScanner).
Sep 28 21:33:04 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:33:04 lyra MailScanner[26406]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:35:00 lyra kernel: Out of Memory: Killed process 26406
(MailScanner).
Sep 28 21:35:00 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:35:02 lyra MailScanner[26407]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:36:59 lyra kernel: Out of Memory: Killed process 26407
(MailScanner).
Sep 28 21:37:00 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:37:02 lyra MailScanner[26428]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lists at DVD-GOETSCH.DE  Thu Sep 30 09:46:21 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2828.1137101224.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi there,

after I've been running MailScanner successfully since beginning of August,
strange things are happening since last Saturday.
Since then, MailScanner has started being killed from time to time (out of
memory) and thus begun starting inumerable processes making the system going
out of memory, the load climed dramatically (avg load > 16) and several
processes (i.e. apache, exim, shh, ...) exited and the system hung (log
excerpts see below).

Well this happend twice the last few days.
Has somebody a experienced similar beaviour or a glue what that might come
from?

I'm running MailScanner (4.32.5), with SpamAssassin (2.64), ClamAv-Module /
Bitdefender on a Debian box with exim (exact config below).

Any hints appreciated!
Thanks
.sebastian
.............
MailScanner --version
.............
This is Perl version 5.008004
This is MailScanner version 4.32.5
Module versions are:
1.00    AnyDBM_File
1.12    Archive::Zip
1.02    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.72    File::Basename
2.07    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.27    HTML::Entities
3.36    HTML::Parser
2.28    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
5.403   MIME::Decoder
5.403   MIME::Decoder::UU
5.403   MIME::Head
5.406   MIME::Parser
5.411   MIME::Tools
0.09    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
Optional module versions are:
2.63    Mail::SpamAssassin
missing Net::LDAP
missing SAVI
0.11    Mail::ClamAV


.............
syslog excerpts:
.............
Sep 28 17:21:59 lyra MailScanner[29549]: New Batch: Scanning 1 messages,
1286 bytes
Sep 28 17:22:22 lyra MailScanner[29549]: Spam Checks: Found 1 spam messages
Sep 28 17:22:22 lyra kernel: Out of Memory: Killed process 15648
(MailScanner).
Sep 28 17:22:24 lyra MailScanner[29549]: Virus and Content Scanning:
Starting
Sep 28 17:22:40 lyra MailScanner[29549]: Uninfected: Delivered 1 messages
Sep 28 17:22:40 lyra MailScanner[29549]: MailScanner child dying of old age
Sep 28 17:22:45 lyra MailScanner[15662]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 17:23:01 lyra /USR/SBIN/CRON[15664]: (mail) CMD (  if [ -x
/usr/lib/exim/exim3 -a -f /etc/exim/exim.conf ]; then /usr/lib/exim/exim3 -q
; fi)
Sep 28 17:24:17 lyra MailScanner[15662]: Using locktype = posix
Sep 28 17:24:17 lyra MailScanner[15662]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Sep 28 17:30:27 lyra MailScanner[15662]: New Batch: Scanning 1 messages,
5144 bytes
Sep 28 17:30:47 lyra kernel: Out of Memory: Killed process 16321
(MailScanner).
...
Sep 28 21:28:31 lyra kernel: Out of Memory: Killed process 26384
(MailScanner).
Sep 28 21:28:37 lyra MailScanner[26385]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:30:48 lyra kernel: Out of Memory: Killed process 26385
(MailScanner).
Sep 28 21:30:49 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:30:50 lyra MailScanner[26405]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:33:03 lyra kernel: Out of Memory: Killed process 26405
(MailScanner).
Sep 28 21:33:04 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:33:04 lyra MailScanner[26406]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:35:00 lyra kernel: Out of Memory: Killed process 26406
(MailScanner).
Sep 28 21:35:00 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:35:02 lyra MailScanner[26407]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...
Sep 28 21:36:59 lyra kernel: Out of Memory: Killed process 26407
(MailScanner).
Sep 28 21:37:00 lyra mail: Process did not exit cleanly, returned 0 with
signal 9
Sep 28 21:37:02 lyra MailScanner[26428]: MailScanner E-Mail Virus Scanner
version 4.32.5 starting...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/X-VCARD (Name: "VTG - Sebastian Ruchti.vcf")  22 ]
    [ lines. ]
    [ Unable to print this part. ]


From mailscanner at ecs.soton.ac.uk  Thu Sep 30 09:53:09 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2829.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
How much RAM have you got?
How much swap space have you got?
What is your "Max Children" setting?
What is your "Virus Scanners" setting?

At 09:46 30/09/2004, you wrote:
>Hi there,
>
>after I've been running MailScanner successfully since beginning of August,
>strange things are happening since last Saturday.
>Since then, MailScanner has started being killed from time to time (out of
>memory) and thus begun starting inumerable processes making the system going
>out of memory, the load climed dramatically (avg load > 16) and several
>processes (i.e. apache, exim, shh, ...) exited and the system hung (log
>excerpts see below).
>
>Well this happend twice the last few days.
>Has somebody a experienced similar beaviour or a glue what that might come
>from?
>
>I'm running MailScanner (4.32.5), with SpamAssassin (2.64), ClamAv-Module /
>Bitdefender on a Debian box with exim (exact config below).

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 30 09:55:47 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2830.1137101224.24926.mailscanner@lists.mailscanner.info>

> Hi there,
>
> after I've been running MailScanner successfully since
> beginning of August, strange things are happening since last Saturday.
> Since then, MailScanner has started being killed from time to
> time (out of
> memory) and thus begun starting inumerable processes making
> the system going out of memory, the load climed dramatically
> (avg load > 16) and several processes (i.e. apache, exim,
> shh, ...) exited and the system hung (log excerpts see below).
>
> Well this happend twice the last few days.
> Has somebody a experienced similar beaviour or a glue what
> that might come from?
>
> I'm running MailScanner (4.32.5), with SpamAssassin (2.64),
> ClamAv-Module / Bitdefender on a Debian box with exim (exact
> config below).
>
Do you have any custom rulesets for SA?




Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lists at DVD-GOETSCH.DE  Thu Sep 30 10:14:37 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2831.1137101224.24926.mailscanner@lists.mailscanner.info>

> How much RAM have you got?
256 MB

> How much swap space have you got?
265 MB

> What is your "Max Children" setting?
1 - set so low because webserver etc. is also running on that box (about 200
Mails / Day)

> What is your "Virus Scanners" setting?
clamavmodule, bitdefender

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From massctrl at SKYNET.BE  Thu Sep 30 10:17:45 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:27:04 2006
Subject: Mark mail as spam for known destination and origin
Message-ID: <mailman.2832.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi all,

Is it possible to mark a mail as spam on the following conditions:

if a mail is from bla@domain.com and the destination is fubar@mydomain.com
then the mail is spam.

BUT

if a mail is from bla@domain.com and the destination is me@mydomain.com then
the mail isn't spam.

I thought of using the spam.blacklist.rules and write a rule like this:

From: bla@destination.com To:fubar@mydomain.com Yes

But that doesn't work out (you can't make combinations on 1 line)

I know this is rather a strange but there is a situation where two users on
the same domain both receive a certain mail.  User1 considers this as being
spam and user2 considers that mail as being ham.

Any suggestions?


Thanks in advance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From massctrl at SKYNET.BE  Thu Sep 30 10:17:45 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:27:04 2006
Subject: Mark mail as spam for known destination and origin
Message-ID: <mailman.2833.1137101224.24926.mailscanner@lists.mailscanner.info>

Hi all,

Is it possible to mark a mail as spam on the following conditions:

if a mail is from bla@domain.com and the destination is fubar@mydomain.com
then the mail is spam.

BUT

if a mail is from bla@domain.com and the destination is me@mydomain.com then
the mail isn't spam.

I thought of using the spam.blacklist.rules and write a rule like this:

From: bla@destination.com To:fubar@mydomain.com Yes

But that doesn't work out (you can't make combinations on 1 line)

I know this is rather a strange but there is a situation where two users on
the same domain both receive a certain mail.  User1 considers this as being
spam and user2 considers that mail as being ham.

Any suggestions?


Thanks in advance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From lists at DVD-GOETSCH.DE  Thu Sep 30 10:18:03 2004
From: lists at DVD-GOETSCH.DE (sebastian ruchti)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2834.1137101224.24926.mailscanner@lists.mailscanner.info>

> Do you have any custom rulesets for SA?
>
I'm using SURBL, antidrug & backhair

I'm NOT using bigevil.cf, however.

.sebastian

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 10:24:34 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2835.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
It's quite possible you literally ran out of memory. Try setting the
"Restart Every" time to about 30 minutes, that may well help as it will
clear up any Perl memory leaks more frequently.

At 10:14 30/09/2004, you wrote:
> > How much RAM have you got?
>256 MB
>
> > How much swap space have you got?
>265 MB
>
> > What is your "Max Children" setting?
>1 - set so low because webserver etc. is also running on that box (about 200
>Mails / Day)
>
> > What is your "Virus Scanners" setting?
>clamavmodule, bitdefender

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 10:25:03 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:04 2006
Subject: Mark mail as spam for known destination and origin
Message-ID: <mailman.2836.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 10:17 30/09/2004, you wrote:
>Hi all,
>
>Is it possible to mark a mail as spam on the following conditions:
>
>if a mail is from bla@domain.com and the destination is fubar@mydomain.com
>then the mail is spam.
>
>BUT
>
>if a mail is from bla@domain.com and the destination is me@mydomain.com then
>the mail isn't spam.
>
>I thought of using the spam.blacklist.rules and write a rule like this:
>
>From: bla@destination.com To:fubar@mydomain.com Yes
>
>But that doesn't work out (you can't make combinations on 1 line)

Yes you can, you forgot to put in the word "and" in the middle.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From satya at BAINSDIGITAL.COM  Thu Sep 30 11:08:40 2004
From: satya at BAINSDIGITAL.COM (SatyaDev Sharma)
Date: Thu Jan 12 21:27:04 2006
Subject: MCP - Per user based ?
Message-ID: <mailman.2837.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1264" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2>I want to use per-user based MCP rules so any end 
user can set their own rules for filtering...!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>currently ...mcp/*.cf files having example which 
set only globel settings...! </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>any idea about that ....if possible plz write a 
sample rule. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanx </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>-Satya !</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From satya at BAINSDIGITAL.COM  Thu Sep 30 11:08:40 2004
From: satya at BAINSDIGITAL.COM (SatyaDev Sharma)
Date: Thu Jan 12 21:27:04 2006
Subject: MCP - Per user based ?
Message-ID: <mailman.2838.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1264" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2>I want to use per-user based MCP rules so any end
user can set their own rules for filtering...!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>currently ...mcp/*.cf files having example which
set only globel settings...! </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>any idea about that ....if possible plz write a
sample rule. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanx </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>-Satya !</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 12:18:37 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: MCP - Per user based ?
Message-ID: <mailman.2839.1137101224.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
You can only have 1 set of MCP *.cf files, you can't vary this per user I'm
afraid.

At 11:08 30/09/2004, you wrote:
>Hello,
>I want to use per-user based MCP rules so any end user can set their own
>rules for filtering...!
>
>currently ...mcp/*.cf files having example which set only globel settings...!

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From satya at BAINSDIGITAL.COM  Thu Sep 30 12:41:12 2004
From: satya at BAINSDIGITAL.COM (SatyaDev Sharma)
Date: Thu Jan 12 21:27:05 2006
Subject: MCP - Per user based ?
Message-ID: <mailman.2840.1137101225.24926.mailscanner@lists.mailscanner.info>

Oh... ! basically one my user want to block mails which have "Market Report"
word in subject line. But all other marketing department want to deliver
that mails. same more cobinations are there. Simpaly, users want to block
mails based on subject and body individually.

 Then How I should handle that ??

Plz help !!

- SatyaDev

----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 30, 2004 4:48 PM
Subject: Re: MCP - Per user based ?


DefenderMX believes that the attachment to this message sent to you

    From: owner-mailscanner@jiscmail.ac.uk
 Subject: Re: MCP - Per user based ?

is Unsolicited Commercial Email (spam). Unless you are sure that this
message
is incorrectly thought to be spam, please delete this message without
opening
it. Opening spam messages might allow the spammer to verify your email
address.

If you believe that this message has been incorrectly marked as spam, please
forward this email to postmaster.




-------------------------------------------------------------
Scanned for viruses, spam and dangerous content by DefenderMX
-------------------------------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From massctrl at SKYNET.BE  Thu Sep 30 13:26:00 2004
From: massctrl at SKYNET.BE (J)
Date: Thu Jan 12 21:27:05 2006
Subject: Mark mail as spam for known destination and origin
Message-ID: <mailman.2841.1137101225.24926.mailscanner@lists.mailscanner.info>

Hi all,

Sorry if I posted this one twice, don't flame me to death ;-)


I want to be able to mark a mail as spam if the mail has the right
combination of sender and receiver.

Example:

If a mail comes from sender@fubar.com and arrives at blabla@mycompany.com
then it has to be recognized as being spam.
If a mail comes from sender@fubar.com and arrives at winer@mycompany.com
then it has to be recognized as being ham.

I though using the blacklist option and use a line like this:
From: sender@fubar.com To: blablabla@mycompany.com yes

But that's not working out (no combinations possible)

Anyone has some ideas?

Thanks in advance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris.jones at ATMOSENERGY.COM  Thu Sep 30 13:34:01 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2842.1137101225.24926.mailscanner@lists.mailscanner.info>

Do you have to put you CustomFunction in the Config.pm to get access to
the MailScanner::Log? Or can you put the function in the
MailScanner/MailScanner/CustomFunctions ?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of SatyaDev Sharma
Sent: Thursday, September 30, 2004 1:18 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner+SpamAssassin SQL User Preferences


Hello Edmond.

few points are there.....
if ur users are local then spac/spamd works well but if its a mail
router then u have to do some more titbits....!

u need to create a perl lib file for it,  that have functions about sql
pref.

1. create a file like sql_pref.pm
2. include it in CustomConfig.pm
3. define function names in MailScanner.conf
4. restart MS.

i m including a function below to get well how it works.


###################### Spam Score
#######################################
sub InitGet_Spam_Score
{
  my $dbh = DBI->connect($dsn, $username, $password);
  my $sth = $dbh->prepare("SELECT * FROM spam_setting ORDER BY
$to_mail");
  $sth->execute();
  my $count = 0;
  while (my $ref = $sth->fetchrow_hashref())
  {
        $list_hash_score{lc($ref->{'to_mail'})} = $ref->{'spam_score'};
        MailScanner::Log::InfoLog("SPAM score %s ->
%s",$ref->{'to_mail'},$ref->{'spam_score'});
        $count++;
  }
  $dbh->disconnect;
}
sub Get_Spam_Score
{
  my ($message) = @_;
  return 0 unless $message; # Sanity check the input
  my($from, @to, $to);
  $from       = $message->{from};
  @to         = @{$message->{to}};
  foreach $to (@to)
  {
    return $list_hash_score{lc($to)}  if $list_hash_score{lc($to)};
   }
   return $list_hash_score{(global_spam_setting)};
}

sub EndGet_Spam_Score
{
    ;
}
######################


- Satya !


----- Original Message -----
From: "Edmond Yeoh" <shearmagic@gmail.com>
To: "SatyaDev Sharma" <satya@bainsdigital.com>
Cc: <mailscanner@jiscmail.ac.uk>
Sent: Thursday, September 30, 2004 11:19 AM
Subject: Re: MailScanner+SpamAssassin SQL User Preferences


> Hi Satya,
>
> How did you get it to work? My users are not on the local server and 
> the mail is routed to other email servers based on LDAP Routing. Are 
> you using the spamc / spamd daemons? I saw a post by you on Feb 20th 
> stating you were having the same problem. What did you do to solve 
> this issue? I am also not getting any error in log but its not reading

> from mysql table :(
>
> Thanks for your help.
>
> Regards,
> Edmond Yeoh
>
> On Thu, 30 Sep 2004 10:57:54 +0530, SatyaDev Sharma 
> <satya@bainsdigital.com> wrote:
> > Hello,
> > I m using per user sql based spam filtering .... it should work 
> > nicely ....where u r missing can u tell me in detail so i can 
> > describe !!
> >
> > -Satya
> >
> >
> >
> > ----- Original Message -----
> > From: "Edmond Yeoh" <shearmagic@GMAIL.COM>
> > To: <MAILSCANNER@JISCMAIL.AC.UK>
> > Sent: Sunday, September 26, 2004 12:56 PM
> > Subject: MailScanner+SpamAssassin SQL User Preferences
> >
> > > Hi everyone,
> > >
> > > I would like to ask if anyone have managed to load user-based spam

> > > rules from a mysql database.
> > >
> > > I have did the following in the configuration file, but it does 
> > > not
work.
> > >
> > >   user_scores_dsn                       DBI:mysql:spam:localhost
> > >   user_scores_sql_username        spam
> > >   user_scores_sql_password        pass
> > >   user_scores_sql_table               userpref
> > >
> > > From my research so far, I found out that MailScanner's use of 
> > > spamassassin does not use the spamc / spamd but calls the perl 
> > > function library directly.
> > >
> > > Can anyone provide some hints on what can be done to load the user

> > > spam rules from a database? Any kind of help / comments would be 
> > > greatly appreciated. Thanks!
> > >
> > > Edmond

> > > -------------------------------------------------------------
> > > Scanned for viruses, spam and dangerous content by DefenderMX
> > > -------------------------------------------------------------
>

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From chris.jones at ATMOSENERGY.COM  Thu Sep 30 13:34:01 2004
From: chris.jones at ATMOSENERGY.COM (Jones, Chris)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2843.1137101225.24926.mailscanner@lists.mailscanner.info>

Do you have to put you CustomFunction in the Config.pm to get access to
the MailScanner::Log? Or can you put the function in the
MailScanner/MailScanner/CustomFunctions ?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of SatyaDev Sharma
Sent: Thursday, September 30, 2004 1:18 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner+SpamAssassin SQL User Preferences


Hello Edmond.

few points are there.....
if ur users are local then spac/spamd works well but if its a mail
router then u have to do some more titbits....!

u need to create a perl lib file for it,  that have functions about sql
pref.

1. create a file like sql_pref.pm
2. include it in CustomConfig.pm
3. define function names in MailScanner.conf
4. restart MS.

i m including a function below to get well how it works.


###################### Spam Score
#######################################
sub InitGet_Spam_Score
{
  my $dbh = DBI->connect($dsn, $username, $password);
  my $sth = $dbh->prepare("SELECT * FROM spam_setting ORDER BY
$to_mail");
  $sth->execute();
  my $count = 0;
  while (my $ref = $sth->fetchrow_hashref())
  {
        $list_hash_score{lc($ref->{'to_mail'})} = $ref->{'spam_score'};
        MailScanner::Log::InfoLog("SPAM score %s ->
%s",$ref->{'to_mail'},$ref->{'spam_score'});
        $count++;
  }
  $dbh->disconnect;
}
sub Get_Spam_Score
{
  my ($message) = @_;
  return 0 unless $message; # Sanity check the input
  my($from, @to, $to);
  $from       = $message->{from};
  @to         = @{$message->{to}};
  foreach $to (@to)
  {
    return $list_hash_score{lc($to)}  if $list_hash_score{lc($to)};
   }
   return $list_hash_score{(global_spam_setting)};
}

sub EndGet_Spam_Score
{
    ;
}
######################


- Satya !


----- Original Message -----
From: "Edmond Yeoh" <shearmagic@gmail.com>
To: "SatyaDev Sharma" <satya@bainsdigital.com>
Cc: <mailscanner@jiscmail.ac.uk>
Sent: Thursday, September 30, 2004 11:19 AM
Subject: Re: MailScanner+SpamAssassin SQL User Preferences


> Hi Satya,
>
> How did you get it to work? My users are not on the local server and
> the mail is routed to other email servers based on LDAP Routing. Are
> you using the spamc / spamd daemons? I saw a post by you on Feb 20th
> stating you were having the same problem. What did you do to solve
> this issue? I am also not getting any error in log but its not reading

> from mysql table :(
>
> Thanks for your help.
>
> Regards,
> Edmond Yeoh
>
> On Thu, 30 Sep 2004 10:57:54 +0530, SatyaDev Sharma
> <satya@bainsdigital.com> wrote:
> > Hello,
> > I m using per user sql based spam filtering .... it should work
> > nicely ....where u r missing can u tell me in detail so i can
> > describe !!
> >
> > -Satya
> >
> >
> >
> > ----- Original Message -----
> > From: "Edmond Yeoh" <shearmagic@GMAIL.COM>
> > To: <MAILSCANNER@JISCMAIL.AC.UK>
> > Sent: Sunday, September 26, 2004 12:56 PM
> > Subject: MailScanner+SpamAssassin SQL User Preferences
> >
> > > Hi everyone,
> > >
> > > I would like to ask if anyone have managed to load user-based spam

> > > rules from a mysql database.
> > >
> > > I have did the following in the configuration file, but it does
> > > not
work.
> > >
> > >   user_scores_dsn                       DBI:mysql:spam:localhost
> > >   user_scores_sql_username        spam
> > >   user_scores_sql_password        pass
> > >   user_scores_sql_table               userpref
> > >
> > > From my research so far, I found out that MailScanner's use of
> > > spamassassin does not use the spamc / spamd but calls the perl
> > > function library directly.
> > >
> > > Can anyone provide some hints on what can be done to load the user

> > > spam rules from a database? Any kind of help / comments would be
> > > greatly appreciated. Thanks!
> > >
> > > Edmond

> > > -------------------------------------------------------------
> > > Scanned for viruses, spam and dangerous content by DefenderMX
> > > -------------------------------------------------------------
>

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 13:44:24 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: Mark mail as spam for known destination and origin
Message-ID: <mailman.2844.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
From: sender@fubar.com and to: blablabla@mycompany.com yes
is what you need. You were *very* nearly there :-)

At 13:26 30/09/2004, you wrote:
>Hi all,
>
>Sorry if I posted this one twice, don't flame me to death ;-)
>
>
>I want to be able to mark a mail as spam if the mail has the right
>combination of sender and receiver.
>
>Example:
>
>If a mail comes from sender@fubar.com and arrives at blabla@mycompany.com
>then it has to be recognized as being spam.
>If a mail comes from sender@fubar.com and arrives at winer@mycompany.com
>then it has to be recognized as being ham.
>
>I though using the blacklist option and use a line like this:
>From: sender@fubar.com To: blablabla@mycompany.com yes

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 13:45:01 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner+SpamAssassin SQL User Preferences
Message-ID: <mailman.2845.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 13:34 30/09/2004, you wrote:
>Do you have to put you CustomFunction in the Config.pm to get access to
>the MailScanner::Log? Or can you put the function in the
>MailScanner/MailScanner/CustomFunctions ?

Put them in CustomFunctions.pm. That's the only file you should modify, any
others will get over-written the next time you upgrade.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jase at SENSIS.COM  Thu Sep 30 14:13:36 2004
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner being killed and restarted until sy stem hangs
Message-ID: <mailman.2846.1137101225.24926.mailscanner@lists.mailscanner.info>

Wasn't it around last Saturday when the Bitdefender update was causing
problems?  You may want to look at that, to see if it is causing your high
load.

Jase

Julian Field wrote:
> How much RAM have you got?
> How much swap space have you got?
> What is your "Max Children" setting?
> What is your "Virus Scanners" setting?
>
> At 09:46 30/09/2004, you wrote:
>> Hi there,
>>
>> after I've been running MailScanner successfully since beginning of
>> August, strange things are happening since last Saturday.
>> Since then, MailScanner has started being killed from time to time
>> (out of memory) and thus begun starting inumerable processes making
>> the system going out of memory, the load climed dramatically (avg
>> load > 16) and several processes (i.e. apache, exim, shh, ...)
>> exited and the system hung (log excerpts see below).
>>
>> Well this happend twice the last few days.
>> Has somebody a experienced similar beaviour or a glue what that
>> might come from?
>>
>> I'm running MailScanner (4.32.5), with SpamAssassin (2.64),
>> ClamAv-Module / Bitdefender on a Debian box with exim (exact config
>> below).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hywel at BURRIS.ORG.UK  Thu Sep 30 15:01:07 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2847.1137101225.24926.mailscanner@lists.mailscanner.info>

Hi All,

I have another filename/filetypes rules question; there's been a lot this
week! This has been on my mind for a while but only just had time to look at
it.

When I release mails using mailwatch I have a separate rule to allow the
specific filenames from 127.0.0.1
[root@mail-2 MailScanner]# cat rules/filename.rules
From:            comtec-europe.co.uk
/etc/MailScanner/filename.rules.comtec.conf
From:           127.0.0.1       /etc/MailScanner/allow.filename.rules.conf
FromOrTo:       default         /etc/MailScanner/filename.rules.conf

The allow.filename.rules.conf is configured to allow double extensions. All
spaces are tab characters.
[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
possible filename hiding"
allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
hiding                          Attempt to hide real filename extension

These rules have been specified in MailScanner.conf
[root@mail-2 MailScanner]# cat MailScanner.conf | grep "Filename Rules"
Filename Rules = %rules-dir%/filename.rules

As you can see from the following logs this is being released but the file
being blocked again.

[root@mail-2 MailScanner]# cat /var/log/maillog | grep i8UDFrCK016855
Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
from=<postmaster@comtec-europe.co.uk>, size=533615, class=0, nrcpts=1,
msgid=<200409301315.i8UDFrCK016855@mail-2.comtec-europe.co.uk>, proto=ESMTP,
daemon=MTA, relay=mail-2.comtec-europe.co.uk [127.0.0.1]
Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
to=<fred.bloggs@comtec-europe.co.uk>, delay=00:00:01, mailer=relay,
pri=30176, stat=queued
Sep 30 14:15:54 mail-2 MailScanner[16812]: Message i8UDFrCK016855 from
127.0.0.1 (postmaster@comtec-europe.co.uk) is whitelisted
Sep 30 14:15:58 mail-2 MailScanner[16812]: Filename Checks: Found possible
filename hiding (i8UDFrCK016855 CALCULATION.DCT.DOC)
Sep 30 14:15:58 mail-2 MailScanner[16812]: Saved entire message to
/var/spool/MailScanner/quarantine/20040930/i8UDFrCK016855
Sep 30 14:15:58 mail-2 MailScanner[16812]: Saved infected
"CALCULATION.DCT.DOC" to
/var/spool/MailScanner/quarantine/20040930/i8UDFrCK016855
Sep 30 14:15:59 mail-2 sendmail[16885]: i8UDFrCK016855:
to=<fred.bloggs@comtec-europe.co.uk>, delay=00:00:06, xdelay=00:00:01,
mailer=relay, pri=120176, relay=mailgate-2.newport...mtec-europe.co.uk.
[10.10.0.5], dsn=2.0.0, stat=Sent (
<200409301315.i8UDFrCK016855@mail-2.comtec-europe.co.uk> Queued mail for
delivery)

I used to have the following in allow.filetyperules.conf but this wasn't
working either:-
[root@mail-2 MailScanner]# cat filetype.rules.allowall.conf
allow   .*      -       -

Where have I gone wrong.Any help would be greatly appreciated.

Thanks

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From hywel at BURRIS.ORG.UK  Thu Sep 30 15:01:07 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2848.1137101225.24926.mailscanner@lists.mailscanner.info>

Hi All,

I have another filename/filetypes rules question; there's been a lot this
week! This has been on my mind for a while but only just had time to look at
it.

When I release mails using mailwatch I have a separate rule to allow the
specific filenames from 127.0.0.1
[root@mail-2 MailScanner]# cat rules/filename.rules
From:            comtec-europe.co.uk
/etc/MailScanner/filename.rules.comtec.conf
From:           127.0.0.1       /etc/MailScanner/allow.filename.rules.conf
FromOrTo:       default         /etc/MailScanner/filename.rules.conf

The allow.filename.rules.conf is configured to allow double extensions. All
spaces are tab characters.
[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
possible filename hiding"
allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
hiding                          Attempt to hide real filename extension

These rules have been specified in MailScanner.conf
[root@mail-2 MailScanner]# cat MailScanner.conf | grep "Filename Rules"
Filename Rules = %rules-dir%/filename.rules

As you can see from the following logs this is being released but the file
being blocked again.

[root@mail-2 MailScanner]# cat /var/log/maillog | grep i8UDFrCK016855
Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
from=<postmaster@comtec-europe.co.uk>, size=533615, class=0, nrcpts=1,
msgid=<200409301315.i8UDFrCK016855@mail-2.comtec-europe.co.uk>, proto=ESMTP,
daemon=MTA, relay=mail-2.comtec-europe.co.uk [127.0.0.1]
Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
to=<fred.bloggs@comtec-europe.co.uk>, delay=00:00:01, mailer=relay,
pri=30176, stat=queued
Sep 30 14:15:54 mail-2 MailScanner[16812]: Message i8UDFrCK016855 from
127.0.0.1 (postmaster@comtec-europe.co.uk) is whitelisted
Sep 30 14:15:58 mail-2 MailScanner[16812]: Filename Checks: Found possible
filename hiding (i8UDFrCK016855 CALCULATION.DCT.DOC)
Sep 30 14:15:58 mail-2 MailScanner[16812]: Saved entire message to
/var/spool/MailScanner/quarantine/20040930/i8UDFrCK016855
Sep 30 14:15:58 mail-2 MailScanner[16812]: Saved infected
"CALCULATION.DCT.DOC" to
/var/spool/MailScanner/quarantine/20040930/i8UDFrCK016855
Sep 30 14:15:59 mail-2 sendmail[16885]: i8UDFrCK016855:
to=<fred.bloggs@comtec-europe.co.uk>, delay=00:00:06, xdelay=00:00:01,
mailer=relay, pri=120176, relay=mailgate-2.newport...mtec-europe.co.uk.
[10.10.0.5], dsn=2.0.0, stat=Sent (
<200409301315.i8UDFrCK016855@mail-2.comtec-europe.co.uk> Queued mail for
delivery)

I used to have the following in allow.filetyperules.conf but this wasn't
working either:-
[root@mail-2 MailScanner]# cat filetype.rules.allowall.conf
allow   .*      -       -

Where have I gone wrong.Any help would be greatly appreciated.

Thanks

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From Steve.Swaney at FSL.COM  Thu Sep 30 15:01:25 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner being killed and restarted until system hangs
Message-ID: <mailman.2849.1137101225.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of sebastian ruchti
> Sent: Thursday, September 30, 2004 5:18 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner being killed and restarted until system hangs
>
> > Do you have any custom rulesets for SA?
> >
> I'm using SURBL, antidrug & backhair
>
> I'm NOT using bigevil.cf, however.
>
> .sebastian
>

Looks like you hit the bitdefender problem. Do you have many many bdc
processes running?

If so you're probably best off re-booting the system as they are very
persistent.

The Bitdefender update bug has been fixed so all should be well after the
re-boot.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From karl.kappel at SEGMUELLER.DE  Thu Sep 30 15:07:00 2004
From: karl.kappel at SEGMUELLER.DE (Karl Kappel)
Date: Thu Jan 12 21:27:05 2006
Subject: How to notify postmaster only for blocked attachments
Message-ID: <mailman.2850.1137101225.24926.mailscanner@lists.mailscanner.info>

Hello,
is there a way to send notices only to postmaster and only for blocked
attachments and not for virus.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dustin.baer at IHS.COM  Thu Sep 30 15:17:38 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2851.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hywel Burris wrote:

>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>possible filename hiding"
>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>hiding                          Attempt to hide real filename extension
>
>

It seems that you aren't reading allow.filename.rules.conf.  Do you have
MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hywel at BURRIS.ORG.UK  Thu Sep 30 15:31:51 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2852.1137101225.24926.mailscanner@lists.mailscanner.info>



>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Dustin Baer
>Sent: 30 September 2004 15:18
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Releasing blocked filetypes (again)
>
>Hywel Burris wrote:
>
>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>possible filename hiding"
>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>>hiding                          Attempt to hide real filename extension
>>
>>
>
>It seems that you aren't reading allow.filename.rules.conf.  Do you have
>MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?
>
>Dustin
>
>

Yes its pointing to
Filename Rules = %rules-dir%/filename.rules

Thanks

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From hywel at BURRIS.ORG.UK  Thu Sep 30 15:31:51 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2853.1137101225.24926.mailscanner@lists.mailscanner.info>



>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>Behalf Of Dustin Baer
>Sent: 30 September 2004 15:18
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Re: Releasing blocked filetypes (again)
>
>Hywel Burris wrote:
>
>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>possible filename hiding"
>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>>hiding                          Attempt to hide real filename extension
>>
>>
>
>It seems that you aren't reading allow.filename.rules.conf.  Do you have
>MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?
>
>Dustin
>
>

Yes its pointing to
Filename Rules = %rules-dir%/filename.rules

Thanks

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From dustin.baer at IHS.COM  Thu Sep 30 15:53:41 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2854.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hywel Burris wrote:

>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Dustin Baer
>>Sent: 30 September 2004 15:18
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Releasing blocked filetypes (again)
>>
>>Hywel Burris wrote:
>>
>>
>>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>>possible filename hiding"
>>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>>>hiding                          Attempt to hide real filename extension
>>>
>>t seems that you aren't reading allow.filename.rules.conf.  Do you have
>>MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?
>>
>>Dustin
>>
>Yes its pointing to
>Filename Rules = %rules-dir%/filename.rules
>
Try commenting that line entirely in allow.filename.rules.conf and send
the message through again. If it is quarantined for the same reason,
then allow.filename.rules.conf isn't being used.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From hywel at BURRIS.ORG.UK  Thu Sep 30 16:07:10 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2855.1137101225.24926.mailscanner@lists.mailscanner.info>



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dustin Baer
Sent: 30 September 2004 15:54
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Releasing blocked filetypes (again)

Hywel Burris wrote:

>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Dustin Baer
>>Sent: 30 September 2004 15:18
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Releasing blocked filetypes (again)
>>
>>Hywel Burris wrote:
>>
>>
>>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>>possible filename hiding"
>>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>>>hiding                          Attempt to hide real filename extension
>>>
>>t seems that you aren't reading allow.filename.rules.conf.  Do you have
>>MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?
>>
>>Dustin
>>
>Yes its pointing to
>Filename Rules = %rules-dir%/filename.rules
>
>Try commenting that line entirely in allow.filename.rules.conf and send
>the message through again. If it is quarantined for the same reason,
>then allow.filename.rules.conf isn't being used.
>
>Dustin
>

Now changed to
Filename Rules = /etc/MailScanner/rules/filename.rules

And still the same problem

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From dustin.baer at IHS.COM  Thu Sep 30 16:10:58 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2856.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
>>>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>>>possible filename hiding"
>>>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename hiding                          Attempt to hide real filename extension
>>>>

SORRY!  I meant comment the line in your allow.filename.rules.conf file!

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From michele at BLACKNIGHTSOLUTIONS.COM  Thu Sep 30 16:15:53 2004
From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:27:05 2006
Subject: SA 3
Message-ID: <mailman.2857.1137101225.24926.mailscanner@lists.mailscanner.info>

> I am currently running MailScanner-4.31.6-1 on our
> MailServers and I would like to upgrade to Spam Assassin 3.0
> do I also need to upgrade the MailScanner installation to the latest
> release ?

One of the more recent releases would be recommended, as Julian added
support for SA 3
>
> is there anything else I should look out for ?
>
Bayes etc.,


Mr Michele Neylon
Blacknight Internet Solutions Ltd
Hosting, co-location & domains
http://www.blacknight.ie/
Tel. +353 59 9137101

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hywel at BURRIS.ORG.UK  Thu Sep 30 16:22:46 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2858.1137101225.24926.mailscanner@lists.mailscanner.info>



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dustin Baer
Sent: 30 September 2004 16:11
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Releasing blocked filetypes (again)

>>>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>>>possible filename hiding"
>>>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
hiding                          Attempt to hide real filename extension
>>>>

SORRY!  I meant comment the line in your allow.filename.rules.conf file!

Dustin


Sorry that was me being stupid!!

Ok it looks like MailScanner isn't picking up the fact that its either
coming from 127.0.0.1 and redirecting to the new allow.filename.rules.conf
file or it can't see that file and using the default one.

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From craig at WESTPRESS.COM  Thu Sep 30 16:47:55 2004
From: craig at WESTPRESS.COM (Craig Daters)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2859.1137101225.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

filename.rules should be:

From:   127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
From:   192.168.        /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:       default /etc/MailScanner/filename.rules.allowall.conf

filename.rules.allowall.conf should be:

allow   .*      -       -

Each item is separated by tabs! There are no spaces. Not using tabs will
prevent this from working.

Also, my internal network is in the 192.168. range, substitute your
network IP here instead.

You will do the same procedure for the filetype.rules files. Then
restart MailScanner and everything should work. You might also download
the MailScanner manual PDF that can be founf at:

http://www.fsl.com/support/

Hope this helps,

Craig D.

Hywel Burris wrote:
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Dustin Baer
>>Sent: 30 September 2004 15:18
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Releasing blocked filetypes (again)
>>
>>Hywel Burris wrote:
>>
>>
>>>[root@mail-2 MailScanner]# cat allow.filename.rules.conf | grep "Found
>>>possible filename hiding"
>>>allow   \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$   Found possible filename
>>>hiding                          Attempt to hide real filename extension
>>>
>>>
>>
>>It seems that you aren't reading allow.filename.rules.conf.  Do you have
>>MailScanner.conf (Filename Rules =) pointing to rules/filename.rules?
>>
>>Dustin
>>
>>
>
>
> Yes its pointing to
> Filename Rules = %rules-dir%/filename.rules
>
> Thanks
>
> Hywel
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

--
Craig Daters (admin@westpress.com)
Systems Administrator

West Press Print Communications
1663 West Grant Rd.
Tucson, Arizona 85745
(520) 624-4939
(520) 624-2715 fax
www.westpress.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "craig.vcf")  14 lines. ]
    [ Unable to print this part. ]


From davidb at UNIQUEPHOTO.COM  Thu Sep 30 16:51:16 2004
From: davidb at UNIQUEPHOTO.COM (David Ballengee)
Date: Thu Jan 12 21:27:05 2006
Subject: where is correct place to put custom rule sets
Message-ID: <mailman.2860.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=953204815-30092004>I want to add some 
customer rules to SA that will apply to every user.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=953204815-30092004>should I put them 
in</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004>/etc/mail/spamassassin</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004>thanks</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=953204815-30092004></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>David Ballengee</FONT></DIV>
<DIV><FONT face=Arial size=2>IT Supervisor</FONT></DIV>
<DIV><FONT face=Arial size=2>Unique Photo</FONT></DIV>
<DIV><FONT face=Arial size=2>(973) 377-5555 x259</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From dustin.baer at IHS.COM  Thu Sep 30 17:24:46 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2861.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hywel Burris wrote:

>[root@mail-2 MailScanner]# cat rules/filename.rules
>From:            comtec-europe.co.uk
>/etc/MailScanner/filename.rules.comtec.conf
>From:           127.0.0.1       /etc/MailScanner/allow.filename.rules.conf
>FromOrTo:       default         /etc/MailScanner/filename.rules.conf
>
>
>

>Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
>from= [...] relay=mail-2.comtec-europe.co.uk [127.0.0.1]
>

Okay, here is another thought, since your relay is
"mail-2.comtec-europe.co.uk", it is hitting the first "From:" rule in
your rules/filename.rules, which of course will send it to
filename.rules.conf, rather than allow...

Try pointing comtec-europe.co.uk to allow.filename.rules.conf and see if
that makes a difference.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 17:26:27 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: Install-Clam error
Message-ID: <mailman.2862.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm sure this has already been answered. You need to install the bzip-devel
RPM.

At 22:50 29/09/2004, you wrote:
>Hey Guys I've been battling with this one for a while and have posted
>before with no replies, I still don't know where to turn.
>
>
>I've tried running the latest release of the install-Clam-SA package by
>Julian but keep getting this error:
>
>
>
>   Starting "make" Stage
>make[1]: Entering directory
>`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>/usr/bin/perl /usr/lib/perl5/5.8.0/ExtUtils/xsubpp  -typemap
>/usr/lib/perl5/5.8.0/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
>ClamAV.xsc ClamAV.c
>gcc -c  -I/usr/src/redhat/BUILD/Mail-ClamAV-0.11 -I/usr/include
>-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
>-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -march=i386 -mcpu=i686
>-g   -DVERSION=\"0.11\" -DXS_VERSION=\"0.11\" -fPIC
>"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE"   ClamAV.c
>Running Mkbootstrap for Mail::ClamAV ()
>chmod 644 ClamAV.bs
>rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so
>LD_RUN_PATH="/usr/lib" gcc  -shared -L/usr/local/lib ClamAV.o  -o
>blib/arch/auto/Mail/ClamAV/ClamAV.so   -L/usr/lib -lz -lbz2 -lgmp
>-lpthread -lclamav
>/usr/bin/ld: cannot find -lbz2
>collect2: ld returned 1 exit status
>make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1
>make[1]: Leaving directory
>`/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV'
>
>A problem was encountered while attempting to compile and install your Inline
>C code. The command that failed was:
>   make
>
>The build directory was:
>/usr/src/redhat/BUILD/Mail-ClamAV-0.11/_Inline/build/Mail/ClamAV
>
>To debug the problem, cd to the build directory, and inspect the output files.
>
>  at /usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 159
>BEGIN failed--compilation aborted at
>/usr/src/redhat/BUILD/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 447.
>Compilation failed in require.
>BEGIN failed--compilation aborted.
>make: *** [ClamAV.inl] Error 2
>error: Bad exit status from /var/tmp/rpm-tmp.29043 (%build)
>
>
>RPM build errors:
>     Bad exit status from /var/tmp/rpm-tmp.29043 (%build)
>
>
>
>Missing file /usr/src/redhat/RPMS/noarch/perl-Mail-ClamAV-0.11-1.noarch.rpm.
>Maybe it did not build correctly?
>*
>* This Could Be A Problem. Press Ctrl-S Now!!
>
>
>I have clam already installed so I use the --noclam flag
>
><http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&L=mailscanner&P=R66063&I=-1>http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0409&L=mailscanner&P=R66063&I=-1
>does not help.
>
>I would greatly appreciate any help
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>------------------------ MailScanner list ------------------------ To
>unsubscribe, email <jiscmail@jiscmail.ac.htm>jiscmail@jiscmail.ac.uk with
>the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ
>(<http://www.mailscanner.biz/maq/>http://www.mailscanner.biz/maq/)
>and the archives
>(<http://www.jiscmail.ac.uk/lists/mailscanner.html>http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 17:35:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: How to notify postmaster only for blocked attachments
Message-ID: <mailman.2863.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 15:07 30/09/2004, you wrote:
>Hello,
>is there a way to send notices only to postmaster and only for blocked
>attachments and not for virus.

No, I don't think it is. Write a filter on your postmaster account.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mlm at LOANPROCESSING.NET  Thu Sep 30 17:44:55 2004
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:27:05 2006
Subject: ClamAV 0.80r3 rpm?
Message-ID: <mailman.2864.1137101225.24926.mailscanner@lists.mailscanner.info>

Hi All,

Does anyone have a point to a ClamAV 0.80r3 rpm?

I've looked around and all I can find are r2 rpms.

TIA,

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From wright at CYBERVALE.COM  Thu Sep 30 17:46:53 2004
From: wright at CYBERVALE.COM (Terran Wright)
Date: Thu Jan 12 21:27:05 2006
Subject: Install-Clam error
Message-ID: <mailman.2865.1137101225.24926.mailscanner@lists.mailscanner.info>

> I'm sure this has already been answered. You need to install the
bzip-devel
> RPM.
>
>>blib/arch/auto/Mail/ClamAV/ClamAV.so   -L/usr/lib -lz -lbz2 -lgmp
>>-lpthread -lclamav
>>/usr/bin/ld: cannot find -lbz2
>>collect2: ld returned 1 exit status

Yes it has, Thanks guys.

But now this:

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.9403 (%build)



Missing file /usr/src/redhat/RPMS/noarch/perl-URI-1.31-1.noarch.rpm.
Maybe it did not build correctly?

I can't seem to find 1.31-1, I've only been able to find perl-URI-1.21-7 and
I have that installed.
Any help here?


Also do I need to be concerned about these:

1. Warning: prerequisite Digest::base 1.00 not found

2. error: Failed dependencies:
        perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1

3. error: Failed dependencies:
        perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1


BTW, perl v5.8.0 is still okay right (last I read it was)?


Sorry to be posting so much it's actually my first attempt at setting up MS
and I have been reading the FAQ and MAQ and googling too.  Maybe someone can
help me through offlist?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From mailscanner at LISTS.COM.AR  Thu Sep 30 18:10:00 2004
From: mailscanner at LISTS.COM.AR (Leonardo Helman)
Date: Thu Jan 12 21:27:05 2006
Subject: JPEG Virus
Message-ID: <mailman.2866.1137101225.24926.mailscanner@lists.mailscanner.info>

Only if you use clamav 0.80 rc3

On Wed, Sep 29, 2004 at 11:48:28AM -0400, Wess wrote:
>
>    Hey folks,
>    I just want to be very sure here...
>    I  am  running  the  latest mailscanner with clamav.  Will MS and Clam
>    pick up on this JPEG virus right away?
>    Thanks guys!
>    On Wed, 2004-09-29 at 11:00, William K. Hardeman wrote:
>
> --On Wednesday, September 29, 2004 09:36 -0500 Rick Cooper
> <rcooper@DWFORD.COM> wrote:
>
> >
> > It will cause problems for anyone using the ClamAV module, MS uses the
> > CL_ENCRYPTED flag which refers to CL_SCAN_ENCRYPTED. Just fix the alias
> > typo and add the old (unused) MIN_LENGTH and NUM_CHILDS defines and it
> > will compile and run fine
> >
>
> Figures they'd be used somewhere external. Due to the problems with
> compiling the module, I opted not to use the clamav-module scanner anyway,
> so I'm concerned about that scanner being broken (using clamav scanner,
> instead). But I certainly do appreciate you letting me know, so that I can
> get it fixed. Here's hoping the maintainer will actually get it updated
> pretty quickly.
>
> Will
>
> --
> ----------------------------------------------------------------------------
> William K. Hardeman
> wont-i@wkh.org
> [1]http://www.wkh.org
>
> The most exciting phrase to hear in science, the one that heralds new
> discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
>                 -- Isaac Asimov
>
> Always listen to experts. They'll tell you what can't be done and why. Then
> do it.
> --Robert A. Heinlein
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ ([2]http://www.mailscanner.biz/maq/) and
> the archives ([3]http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
>
> Wess Bechard
>
> Systems Administrator
>
> eliquidMEDIA
>
> International Inc.
>
>
> [4]wess@eliquid.com
>
> 519.973.1930 -1.800.561.7525
>
>
>
>    ------------------------  MailScanner list ------------------------ To
>    unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words:
>    'leave mailscanner' in the body of the email.
>    Before posting, read the MAQ ([6]http://www.mailscanner.biz/maq/)
>    and the archives
>    ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html).
>    ------------------------  MailScanner list ------------------------ To
>    unsubscribe, email [8]jiscmail@jiscmail.ac.uk with the words:
>    'leave mailscanner' in the body of the email.
>    Before posting, read the MAQ ([9]http://www.mailscanner.biz/maq/)
>    and the archives
>    ([10]http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> References
>
>    1. http://www.wkh.org/
>    2. http://www.mailscanner.biz/maq/
>    3. http://www.jiscmail.ac.uk/lists/mailscanner.html
>    4. mailto:wess@eliquid.com
>    5. file://localhost/tmp/jiscmail@jiscmail.ac.uk
>    6. http://www.mailscanner.biz/maq/
>    7. http://www.jiscmail.ac.uk/lists/mailscanner.html
>    8. file://localhost/tmp/jiscmail@jiscmail.ac.uk
>    9. http://www.mailscanner.biz/maq/
>   10. http://www.jiscmail.ac.uk/lists/mailscanner.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From campbell at cnpapers.com  Thu Sep 30 18:13:15 2004
From: campbell at cnpapers.com (Steve Campbell)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2867.1137101225.24926.mailscanner@lists.mailscanner.info>

I am receiving duplicate emails from this list. They are not being received
one after another, but hours or days apart. The only change I have made is
to upgrade ClamAV.

Anyone else seeing this or should I investigate further?

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From jaearick at COLBY.EDU  Thu Sep 30 18:31:30 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2868.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
yes, yes, I I am am seeing seeing this this too too...

I am also getting rejected postings to the mailscanner-announce list of
stuff from recent days, when I'm sure that I only posted to the main list.
Maybe the announce list got its mitts on some of the regular list email
and it got resent.

Jeff Earickson
Colby College

On Thu, 30 Sep 2004, Steve Campbell wrote:

> Date: Thu, 30 Sep 2004 13:13:15 -0400
> From: Steve Campbell <campbell@cnpapers.com>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Duplicate emails from list
>
> I am receiving duplicate emails from this list. They are not being received
> one after another, but hours or days apart. The only change I have made is
> to upgrade ClamAV.
>
> Anyone else seeing this or should I investigate further?
>
> Steve Campbell
> campbell@cnpapers.com
> Charleston Newspapers
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dustin.baer at IHS.COM  Thu Sep 30 18:34:12 2004
From: dustin.baer at IHS.COM (Dustin Baer)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2869.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve Campbell wrote:

>Anyone else seeing this
>
Yes.

Dustin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 18:34:55 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2870.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I have already blocked one user, and I think the latest duplicates are from
the same place. I have blocked his receipt of messages and new postings.
Hopefully it will quieten down soon.

At 18:13 30/09/2004, you wrote:
>I am receiving duplicate emails from this list. They are not being received
>one after another, but hours or days apart. The only change I have made is
>to upgrade ClamAV.
>
>Anyone else seeing this or should I investigate further?

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From prandal at HEREFORDSHIRE.GOV.UK  Thu Sep 30 18:46:02 2004
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:27:05 2006
Subject: JPEG Virus
Message-ID: <mailman.2871.1137101225.24926.mailscanner@lists.mailscanner.info>

Yes, the maintainers of Mail::ClamAV need to produce a new version which
will build against ClamAV 0.80.  The old version works fine.  I'd hazard
a guess that uninstalling ClamAV 0.80, installing 0.75, updating
Mail::ClamAV from CPAN, then uninstalling 0.75 and installing 0.80
should do the trick.

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Hywel Burris
> Sent: 29 September 2004 13:28
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Yes I had this error on my fedora-core-2 box.
>
>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
> Sent: 29 September 2004 12:22
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
> Has anyone seen any problems rebuilding Mail::ClamAV against
> the 0.80rc3 release? On the system I tried it, the
> CL_ENCRYPTED #define wasn't, so it wouldn't compile. And
> using the old one with 0.80rc3 was failing with lots of
> "ENCRYPTED" error reports and MailScanner said the virus
> scanner was failing.
>
> So I had to stop using the clamavmodule and use clamav instead.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support Buy
> the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From drew at THEMARSHALLS.CO.UK  Thu Sep 30 18:56:52 2004
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2872.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Tahoma">Thank goodness. I thought it was me
(Or the box) going mad. And yes you can put me in the several
duplicates pile <span class="moz-smiley-s3"><span> ;-) </span></span></font></font><br>
<br>
Julian Field wrote:
<blockquote
 cite="mid6.1.2.0.2.20040930183354.0dbcc0b0@imap.ecs.soton.ac.uk"
 type="cite">I have already blocked one user, and I think the latest
duplicates are from
  <br>
the same place. I have blocked his receipt of messages and new
postings.
  <br>
Hopefully it will quieten down soon.
  <br>
  <br>
At 18:13 30/09/2004, you wrote:
  <br>
  <blockquote type="cite">I am receiving duplicate emails from this
list. They are not being received
    <br>
one after another, but hours or days apart. The only change I have made
is
    <br>
to upgrade ClamAV.
    <br>
    <br>
Anyone else seeing this or should I investigate further?
    <br>
  </blockquote>
  <br>
--
  <br>
Julian Field
  <br>
<a class="moz-txt-link-abbreviated" href="http://www.MailScanner.info">www.MailScanner.info</a>
  <br>
Professional Support Services at <a class="moz-txt-link-abbreviated" href="http://www.MailScanner.biz">www.MailScanner.biz</a>
  <br>
MailScanner thanks transtec Computers for their support
  <br>
Buy the MailScanner book at <a class="moz-txt-link-abbreviated" href="http://www.MailScanner.info/store">www.MailScanner.info/store</a>
  <br>
  <br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
  <br>
  <br>
------------------------ MailScanner list ------------------------
  <br>
To unsubscribe, email <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a> with the words:
  <br>
'leave mailscanner' in the body of the email.
  <br>
Before posting, read the MAQ (<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>) and
  <br>
the archives (<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
  <br>
</blockquote>
</body>
<br />--
<br />In line with our <a href="http://www.themarshalls.co.uk/policy">policy</a>, this message has been scanned for
<br />viruses and dangerous content by
<a href="http://www.mailscanner.info/">MailScanner</a>, and is
<br />believed to be clean.
</html>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 18:57:58 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: Install-Clam error
Message-ID: <mailman.2873.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 17:46 30/09/2004, you wrote:
> > I'm sure this has already been answered. You need to install the
>bzip-devel
> > RPM.
> >
> >>blib/arch/auto/Mail/ClamAV/ClamAV.so   -L/usr/lib -lz -lbz2 -lgmp
> >>-lpthread -lclamav
> >>/usr/bin/ld: cannot find -lbz2
> >>collect2: ld returned 1 exit status
>
>Yes it has, Thanks guys.
>
>But now this:
>
>RPM build errors:
>     Bad exit status from /var/tmp/rpm-tmp.9403 (%build)
>
>
>
>Missing file /usr/src/redhat/RPMS/noarch/perl-URI-1.31-1.noarch.rpm.
>Maybe it did not build correctly?
>
>I can't seem to find 1.31-1, I've only been able to find perl-URI-1.21-7 and
>I have that installed.
>Any help here?

I expect 1.21-7 will do just fine.



>Also do I need to be concerned about these:
>
>1. Warning: prerequisite Digest::base 1.00 not found

That's odd, you probably have that installed already. If not, it's in the
package. Don't know why it's asking for a specific version though. Do a
--nodeps to avoid the error message :-)

>2. error: Failed dependencies:
>         perl(Win32::TieRegistry) is needed by perl-Sys-Hostname-Long-1.2-1
>
>3. error: Failed dependencies:
>         perl(Win32::Registry) is needed by perl-Net-DNS-0.48-1

You shouldn't need Win32 modules on a Unix system. Heaven only knows why
they are listed as dependencies.

>BTW, perl v5.8.0 is still okay right (last I read it was)?

Yes, should be fine.

>Sorry to be posting so much it's actually my first attempt at setting up MS
>and I have been reading the FAQ and MAQ and googling too.  Maybe someone can
>help me through offlist?

Have you bought the MailScanner book yet? Available at a very reasonable
price from www.mailscanner.info, and it helps support my bills to aid
future MailScanner development :-)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mkehler at WRHA.MB.CA  Thu Sep 30 19:03:15 2004
From: mkehler at WRHA.MB.CA (Matt Kehler)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2874.1137101225.24926.mailscanner@lists.mailscanner.info>

>> drew@THEMARSHALLS.CO.UK 09/30/04 12:56PM >>>
Thank goodness. I thought it was me (Or the box) going mad. And yes you
can put me in the several duplicates pile ;-)

Julian Field wrote:

> I have already blocked one user, and I think the latest duplicates are
> from
> the same place. I have blocked his receipt of messages and new postings.
> Hopefully it will quieten down soon.
>
> At 18:13 30/09/2004, you wrote:

I just got back to the office, and suspect these duplicates were from MY address? (Can someone confirm they came from mine?). We had major issues with our blackberry server that started at 12:04, and I think that it started resending emails that were sent on a certain day.

Then again..if I'm blocked from posting to the list...nobody will see this then will they? :)

thanks
Matt



This email and/or any documents in this transmission is intended for the
addressee(s) only and may contain legally privileged or confidential
information.  Any unauthorized use, disclosure, distribution, copying or
dissemination is strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the original.

Ce courriel et tout document dans cette transmission est destiné à la personne
ou aux personnes à qui il est adressé. Il peut contenir des informations
privilégiées ou confidentielles. Toute utilisation, divulgation, distribution,
copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas
le destinataire de ce message, veuillez en informer l'expéditeur immédiatement
et lui remettre l'original.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From joakim at CEFALK.COM  Thu Sep 30 19:06:18 2004
From: joakim at CEFALK.COM (Joakim Cefalk)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2875.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
I'm also getting duplicate emails from the list!

Steve Campbell wrote:

>I am receiving duplicate emails from this list. They are not being received
>one after another, but hours or days apart. The only change I have made is
>to upgrade ClamAV.
>
>Anyone else seeing this or should I investigate further?
>
>Steve Campbell
>campbell@cnpapers.com
>Charleston Newspapers
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>  
>


-- 
Meddelandet har kontrollerats mot virus samt skadligt 
innehåll av MailScanner och förmodas vara säkert.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From dean at SAHRA.ARIZONA.EDU  Thu Sep 30 19:08:16 2004
From: dean at SAHRA.ARIZONA.EDU (Dean Jones)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2876.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Hi,

I am having an odd problem and wanted to see if anyone else was having
it, or could possibly point me in the proper direction.

If i manually run a test email through
spamassassin -D --test < test.email.that.hits.surbl
the SURBL checks work just fine.
But when Mailscanner is running those checks don't activate.

MailScanner version 4.33.3, SA 3.0, perl 5.8.4

RBL checks are working fine as well as Bayes.
So Net::DNS isn't my problem...
MailScanner appears to be reading my local.cf files as well since i can
change options and the results appear (aside from SURBL options which do
nothing)

Any clues?
thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Thu Sep 30 19:12:10 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate emails from list
Message-ID: <mailman.2877.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Drew Marshall wrote:
| Thank goodness. I thought it was me (Or the box) going mad. And yes you
| can put me in the several duplicates pile ;-)
|

Deja Vu???
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBXEx6RADw9lziUqQRAsruAJ9rwKA5VYXJHCzi7GxMJ9XHq/1aSQCfYxQO
gU0B2yZntl7yc/NawK4HvsE=
=IDNw
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mlm at LOANPROCESSING.NET  Thu Sep 30 19:18:13 2004
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:27:05 2006
Subject: Quarantine Clean Up
Message-ID: <mailman.2878.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1458" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi All,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Are there any "best practices" regarding cleaning 
out the quarantine area?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I have stuff from April forward in there and feel 
the need to do some</FONT></DIV>
<DIV><FONT face=Arial size=2>house cleaning.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>God forbid don't let my wife hear 
that!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Mike</FONT></DIV></BODY></HTML>
------------------------ MailScanner list ------------------------
To unsubscribe, email <a href="jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
with the words:<br>
'leave mailscanner' in the body of the email.<br>
Before posting, read the MAQ (<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a>)<br>and
the archives (<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>).
</x-html>

From mailscanner at ecs.soton.ac.uk  Thu Sep 30 19:25:43 2004
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:27:05 2006
Subject: Quarantine Clean Up
Message-ID: <mailman.2879.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
At 19:18 30/09/2004, you wrote:
>Hi All,
>
>Are there any "best practices" regarding cleaning out the quarantine area?
>
>I have stuff from April forward in there and feel the need to do some
>house cleaning.

There is already a "clean.quarantine" script that I supply with
MailScanner. If you are using the RPM distributions, then you will find it
is already in your /etc/cron.daily directory. However, I ship it disabled.
If you edit it (it's just a text file) you will find a couple of obvious
definitions at the top. One disables the script, the other sets the
lifetime of the quarantine.

Set those 2 values appropriately, and you're away. Most people keep
quarantine for a month or so.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From mlm at LOANPROCESSING.NET  Thu Sep 30 19:30:11 2004
From: mlm at LOANPROCESSING.NET (Mike McMullen)
Date: Thu Jan 12 21:27:05 2006
Subject: Quarantine Clean Up
Message-ID: <mailman.2880.1137101225.24926.mailscanner@lists.mailscanner.info>

----- Original Message -----
From: "Julian Field" <mailscanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, September 30, 2004 11:25 AM
Subject: Re: Quarantine Clean Up


> At 19:18 30/09/2004, you wrote:
> >Hi All,
> >
> >Are there any "best practices" regarding cleaning out the quarantine area?
> >
> >I have stuff from April forward in there and feel the need to do some
> >house cleaning.
>
> There is already a "clean.quarantine" script that I supply with
> MailScanner. If you are using the RPM distributions, then you will find it
> is already in your /etc/cron.daily directory. However, I ship it disabled.
> If you edit it (it's just a text file) you will find a couple of obvious
> definitions at the top. One disables the script, the other sets the
> lifetime of the quarantine.
>
> Set those 2 values appropriately, and you're away. Most people keep
> quarantine for a month or so.
> --

Geesh! My wife is right. I AM an oaf sometimes. Definitely a bad
case of RTFM.

Thanks Julian!

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From hywel at BURRIS.ORG.UK  Thu Sep 30 19:40:59 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2881.1137101225.24926.mailscanner@lists.mailscanner.info>



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Craig Daters
> Sent: 30 September 2004 16:48
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Releasing blocked filetypes (again)
>
> filename.rules should be:
>
> From:   127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
> From:   192.168.        /etc/MailScanner/filename.rules.allowall.conf
> FromOrTo:       default /etc/MailScanner/filename.rules.allowall.conf
>
> filename.rules.allowall.conf should be:
>
> allow   .*      -       -
>
> Each item is separated by tabs! There are no spaces. Not using tabs will
> prevent this from working.
>
> Also, my internal network is in the 192.168. range, substitute your
> network IP here instead.
>
> You will do the same procedure for the filetype.rules files. Then
> restart MailScanner and everything should work. You might also download
> the MailScanner manual PDF that can be founf at:
>
> http://www.fsl.com/support/
>
> Hope this helps,
>
> Craig D.
>

Hi Craig

Thanks for the reply tabs everywhere :(

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From hywel at BURRIS.ORG.UK  Thu Sep 30 19:49:12 2004
From: hywel at BURRIS.ORG.UK (Hywel Burris)
Date: Thu Jan 12 21:27:05 2006
Subject: Releasing blocked filetypes (again)
Message-ID: <mailman.2882.1137101225.24926.mailscanner@lists.mailscanner.info>



> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dustin Baer
> Sent: 30 September 2004 17:25
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Releasing blocked filetypes (again)
>
> Hywel Burris wrote:
>
> >[root@mail-2 MailScanner]# cat rules/filename.rules
> >From:            comtec-europe.co.uk
> >/etc/MailScanner/filename.rules.comtec.conf
> >From:           127.0.0.1
> /etc/MailScanner/allow.filename.rules.conf
> >FromOrTo:       default         /etc/MailScanner/filename.rules.conf
> >
> >
> >
>
> >Sep 30 14:15:54 mail-2 sendmail[16855]: i8UDFrCK016855:
> >from= [...] relay=mail-2.comtec-europe.co.uk [127.0.0.1]
> >
>
> Okay, here is another thought, since your relay is
> "mail-2.comtec-europe.co.uk", it is hitting the first "From:" rule in
> your rules/filename.rules, which of course will send it to
> filename.rules.conf, rather than allow...
>
> Try pointing comtec-europe.co.uk to allow.filename.rules.conf and see if
> that makes a difference.
>
> Dustin


Thanks for your help Dustin that worked its obvious when you think about it
it's taking the first rule that it matches.

Cheers

Hywel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  4.1KB. ]
    [ Unable to print this part. ]


From Steve.Swaney at FSL.COM  Thu Sep 30 19:51:35 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2883.1137101225.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dean Jones
> Sent: Thursday, September 30, 2004 2:08 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailScanner + SA3 + SURBL not registering.
>
> Hi,
>
> I am having an odd problem and wanted to see if anyone else was having
> it, or could possibly point me in the proper direction.
>
> If i manually run a test email through
> spamassassin -D --test < test.email.that.hits.surbl
> the SURBL checks work just fine.
> But when Mailscanner is running those checks don't activate.
>
> MailScanner version 4.33.3, SA 3.0, perl 5.8.4
>
> RBL checks are working fine as well as Bayes.
> So Net::DNS isn't my problem...
> MailScanner appears to be reading my local.cf files as well since i can
> change options and the results appear (aside from SURBL options which do
> nothing)
>
> Any clues?
> thanks
>
Try running the command below as the user who is running MailScanner,
typically root or postfix:

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --test <
test.email.that.hits.surbl

Note that your path to spam.assassin.prefs.conf may vary.

Steve
Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Thu Sep 30 19:59:26 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2884.1137101225.24926.mailscanner@lists.mailscanner.info>

Hi

In syslog I get:

Sep 30 19:52:33 server01 MailScanner[12503]: New Batch: Scanning 2 messages,
13159 bytes
Sep 30 19:52:49 server01 MailScanner[12503]: Virus and Content Scanning:
Starting
Sep 30 19:52:52 server01 MailScanner[12503]: Uninfected: Delivered 2
messages
Sep 30 19:52:52 server01 MailScanner[13040]: Uninfected: Delivered 2
messages
Sep 30 19:54:16 server01 MailScanner[13040]: New Batch: Scanning 1 messages,
4665 bytes
Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
Starting
Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
messages
Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
messages

Does anybody know why the delievered line is always duplicated?

And how to switch it off?

Small problem I know :)

Regards

Alex

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Thu Sep 30 20:08:43 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2885.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex Pimperton wrote:

>Hi
>
>In syslog I get:
>
>Sep 30 19:52:33 server01 MailScanner[12503]: New Batch: Scanning 2 messages,
>13159 bytes
>Sep 30 19:52:49 server01 MailScanner[12503]: Virus and Content Scanning:
>Starting
>Sep 30 19:52:52 server01 MailScanner[12503]: Uninfected: Delivered 2
>messages
>Sep 30 19:52:52 server01 MailScanner[13040]: Uninfected: Delivered 2
>messages
>Sep 30 19:54:16 server01 MailScanner[13040]: New Batch: Scanning 1 messages,
>4665 bytes
>Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
>Starting
>Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
>messages
>Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
>messages
>
>Does anybody know why the delievered line is always duplicated?
>
>And how to switch it off?
>
>Small problem I know :)
>
>  
>

Alex,

Looks like you have 2 children that are synchronized...  the number 
between [ ... ] is the PID of the child.  As you can see, they are 
different, thus are coming from 2 different children.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From dean at SAHRA.ARIZONA.EDU  Thu Sep 30 20:15:54 2004
From: dean at SAHRA.ARIZONA.EDU (Dean Jones)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2886.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve Swaney wrote:
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>>Behalf Of Dean Jones
>>Sent: Thursday, September 30, 2004 2:08 PM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: MailScanner + SA3 + SURBL not registering.
>>
>>Hi,
>>
>>I am having an odd problem and wanted to see if anyone else was having
>>it, or could possibly point me in the proper direction.
>>
>>If i manually run a test email through
>>spamassassin -D --test < test.email.that.hits.surbl
>>the SURBL checks work just fine.
>>But when Mailscanner is running those checks don't activate.
>>
>>MailScanner version 4.33.3, SA 3.0, perl 5.8.4
>>
>>RBL checks are working fine as well as Bayes.
>>So Net::DNS isn't my problem...
>>MailScanner appears to be reading my local.cf files as well since i can
>>change options and the results appear (aside from SURBL options which do
>>nothing)
>>
>>Any clues?
>>thanks
>>
>
> Try running the command below as the user who is running MailScanner,
> typically root or postfix:
>
> spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --test <
> test.email.that.hits.surbl
>
> Note that your path to spam.assassin.prefs.conf may vary.
>
> Steve
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney@fsl.com
>

Doing the command that you suggested manages to make the SURBL checks work.

It almost as if there is a spamassassin option in MailScanner.conf that
turns it off.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From el.baby at gmail.com  Thu Sep 30 20:30:38 2004
From: el.baby at gmail.com (Mariano Absatz)
Date: Thu Jan 12 21:27:05 2006
Subject: ClamAV 0.80r3 rpm?
Message-ID: <mailman.2887.1137101225.24926.mailscanner@lists.mailscanner.info>

Are you using ClamAV or the ClamAV module?... in the later case you
DON'T want to upgrade until the final release... see what Julian
forwarded yesteday to this list at http://tinyurl.com/52jjf

On Thu, 30 Sep 2004 09:44:55 -0700, Mike McMullen
<mlm@loanprocessing.net> wrote:
> Hi All,
>
> Does anyone have a point to a ClamAV 0.80r3 rpm?
>
> I've looked around and all I can find are r2 rpms.
>

--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From alex at ERUS.CO.UK  Thu Sep 30 20:35:57 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2888.1137101225.24926.mailscanner@lists.mailscanner.info>

>4665 bytes
>Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
>Starting
>Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
>messages
>Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
>messages
>
>Does anybody know why the delievered line is always duplicated?
>
>And how to switch it off?
>
>Small problem I know :)
>
>
>

Alex,

Looks like you have 2 children that are synchronized...  the number
between [ ... ] is the PID of the child.  As you can see, they are
different, thus are coming from 2 different children.

Denis

Is this normal?

I have Max Children = 1 set in MailScanner.conf so how are several children
running?

Should I be doing something about it?

I'm running mailscanner on Debian Sid.

Regards

Alex

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Steve.Swaney at FSL.COM  Thu Sep 30 20:41:49 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2889.1137101225.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dean Jones
> Sent: Thursday, September 30, 2004 3:16 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner + SA3 + SURBL not registering.
>
> Steve Swaney wrote:
> >>-----Original Message-----
> >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> >>Behalf Of Dean Jones
> >>Sent: Thursday, September 30, 2004 2:08 PM
> >>To: MAILSCANNER@JISCMAIL.AC.UK
> >>Subject: MailScanner + SA3 + SURBL not registering.
> >>
> >>Hi,
> >>
> >>I am having an odd problem and wanted to see if anyone else was having
> >>it, or could possibly point me in the proper direction.
> >>
> >>If i manually run a test email through
> >>spamassassin -D --test < test.email.that.hits.surbl
> >>the SURBL checks work just fine.
> >>But when Mailscanner is running those checks don't activate.
> >>
> >>MailScanner version 4.33.3, SA 3.0, perl 5.8.4
> >>
> >>RBL checks are working fine as well as Bayes.
> >>So Net::DNS isn't my problem...
> >>MailScanner appears to be reading my local.cf files as well since i can
> >>change options and the results appear (aside from SURBL options which do
> >>nothing)
> >>
> >>Any clues?
> >>thanks
> >>
> >
> > Try running the command below as the user who is running MailScanner,
> > typically root or postfix:
> >
> > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --test <
> > test.email.that.hits.surbl
> >
> > Note that your path to spam.assassin.prefs.conf may vary.
> >
> > Steve
> > Steve Swaney
> > President
> > Fortress Systems Ltd.
> > www.fsl.com
> > steve.swaney@fsl.com
> >
>
> Doing the command that you suggested manages to make the SURBL checks
> work.
>
> It almost as if there is a spamassassin option in MailScanner.conf that
> turns it off.
>

There is a command in MailScanner that turns SpamAssassin off;

        Use SpamAssassin = yes

But if you have SpamAssassin turned on in MS and the test above works,
MailScanner should run the exactly as the test does. How are you sure thst
MS is not running the tests?

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dean at SAHRA.ARIZONA.EDU  Thu Sep 30 20:49:31 2004
From: dean at SAHRA.ARIZONA.EDU (Dean Jones)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2890.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Steve Swaney wrote:
 >>> SNIPPED <<<
>>
>>Doing the command that you suggested manages to make the SURBL checks
>>work.
>>
>>It almost as if there is a spamassassin option in MailScanner.conf that
>>turns it off.
>>
>
>
> There is a command in MailScanner that turns SpamAssassin off;
>
>         Use SpamAssassin = yes
>
> But if you have SpamAssassin turned on in MS and the test above works,
> MailScanner should run the exactly as the test does. How are you sure thst
> MS is not running the tests?
>

Use SpamAssassin is set to yes, and SA is doing other checks.

The only way i have to guess is just by the data SA drops into the logs.
It never hits on any URIBL_* scores running natively.

I can forward SURBL test emails through from outside addresses and they
don't get hit by the SURBL checks.

I'm at a loss :)
otherwise SA 3 is working great.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Thu Sep 30 21:35:06 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2891.1137101225.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Dean Jones
> Sent: Thursday, September 30, 2004 3:50 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner + SA3 + SURBL not registering.
>
> Steve Swaney wrote:
>  >>> SNIPPED <<<
> >>
> >>Doing the command that you suggested manages to make the SURBL checks
> >>work.
> >>
> >>It almost as if there is a spamassassin option in MailScanner.conf that
> >>turns it off.
> >>
> >
> >
> > There is a command in MailScanner that turns SpamAssassin off;
> >
> >         Use SpamAssassin = yes
> >
> > But if you have SpamAssassin turned on in MS and the test above works,
> > MailScanner should run the exactly as the test does. How are you sure
> thst
> > MS is not running the tests?
> >
>
> Use SpamAssassin is set to yes, and SA is doing other checks.
>
> The only way i have to guess is just by the data SA drops into the logs.
> It never hits on any URIBL_* scores running natively.
>
> I can forward SURBL test emails through from outside addresses and they
> don't get hit by the SURBL checks.
>
> I'm at a loss :)
> otherwise SA 3 is working great.
>

So am I. I have many systems setup this way and:

        grep URIBL_ /var/log/maillog

Shows tons of hits.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From vboulytchev at COINFOTECH.COM  Thu Sep 30 21:42:53 2004
From: vboulytchev at COINFOTECH.COM (Boulytchev, Vasiliy)
Date: Thu Jan 12 21:27:05 2006
Subject: Load Balancing + File Locking
Message-ID: <mailman.2892.1137101225.24926.mailscanner@lists.mailscanner.info>

Ladies and Gents,
        The loads on the mail server require us to start moving Mailscanner
with Spam and Virus filtering to other machines.  Questions:
        1.)     How does MS do the locking on files in the submitted
directory (after cgp2ms)?  If NFS3 is used to mount that shared folder on
say 3 servers designated to only scanning mail, how do we avoid run-ons?
        2.)     Idea: if the local procs keep track of locking, then we can
toss all that into mysql for example? :)))  Just thinking of ways to add
scalability.

Thanks,

Vasiliy Boulytchev
Colorado Information Technologies, Inc.
http://www.coinfotech.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2, Application/X-PKCS7-SIGNATURE  5.9KB. ]
    [ Unable to print this part. ]


From jaearick at COLBY.EDU  Thu Sep 30 21:44:00 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2893.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
if you are running Solaris, this is an issue with how you have
/etc/syslog.conf configured.  Solaris is really screwy about how
it works -- you have to read the manpage for syslog carefully.

Jeff Earickson
Colby College

On Thu, 30 Sep 2004, Alex Pimperton wrote:

> Date: Thu, 30 Sep 2004 19:59:26 +0100
> From: Alex Pimperton <alex@ERUS.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Duplicate syslog  entries
>
> Hi
>
> In syslog I get:
>
> Sep 30 19:52:33 server01 MailScanner[12503]: New Batch: Scanning 2 messages,
> 13159 bytes
> Sep 30 19:52:49 server01 MailScanner[12503]: Virus and Content Scanning:
> Starting
> Sep 30 19:52:52 server01 MailScanner[12503]: Uninfected: Delivered 2
> messages
> Sep 30 19:52:52 server01 MailScanner[13040]: Uninfected: Delivered 2
> messages
> Sep 30 19:54:16 server01 MailScanner[13040]: New Batch: Scanning 1 messages,
> 4665 bytes
> Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
> Starting
> Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
> messages
> Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
> messages
>
> Does anybody know why the delievered line is always duplicated?
>
> And how to switch it off?
>
> Small problem I know :)
>
> Regards
>
> Alex
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From jaearick at COLBY.EDU  Thu Sep 30 21:47:22 2004
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2894.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
This issue has been reported by myself and Ugo earlier this week
on the list.  I'm at a loss too.  When the next version of MS
comes out, I will upgrade and see if the problem remains.

Jeff Earickson
Colby College

On Thu, 30 Sep 2004, Dean Jones wrote:

> Date: Thu, 30 Sep 2004 12:49:31 -0700
> From: Dean Jones <dean@SAHRA.ARIZONA.EDU>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner + SA3 + SURBL not registering.
>
> Steve Swaney wrote:
>>>> SNIPPED <<<
>>>
>>> Doing the command that you suggested manages to make the SURBL checks
>>> work.
>>>
>>> It almost as if there is a spamassassin option in MailScanner.conf that
>>> turns it off.
>>>
>>
>>
>> There is a command in MailScanner that turns SpamAssassin off;
>>
>>         Use SpamAssassin = yes
>>
>> But if you have SpamAssassin turned on in MS and the test above works,
>> MailScanner should run the exactly as the test does. How are you sure thst
>> MS is not running the tests?
>>
>
> Use SpamAssassin is set to yes, and SA is doing other checks.
>
> The only way i have to guess is just by the data SA drops into the logs.
> It never hits on any URIBL_* scores running natively.
>
> I can forward SURBL test emails through from outside addresses and they
> don't get hit by the SURBL checks.
>
> I'm at a loss :)
> otherwise SA 3 is working great.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ugob at CAMO-ROUTE.COM  Thu Sep 30 21:50:32 2004
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:27:05 2006
Subject: Load Balancing + File Locking
Message-ID: <mailman.2895.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Boulytchev, Vasiliy wrote:

> Ladies and Gents,
>         The loads on the mail server require us to start moving Mailscanner
> with Spam and Virus filtering to other machines.  Questions:
>         1.)     How does MS do the locking on files in the submitted
> directory (after cgp2ms)?  If NFS3 is used to mount that shared folder on
> say 3 servers designated to only scanning mail, how do we avoid run-ons?
>         2.)     Idea: if the local procs keep track of locking, then we can
> toss all that into mysql for example? :)))  Just thinking of ways to add
> scalability.

Isn't it simpler to use MX records to do your load balancing?  Or a
hardware load balancer like coyotelinux sells?

>
> Thanks,
>
> Vasiliy Boulytchev
> Colorado Information Technologies, Inc.
> http://www.coinfotech.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Denis.Beauchemin at USHERBROOKE.CA  Thu Sep 30 21:55:58 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:27:05 2006
Subject: Load Balancing + File Locking
Message-ID: <mailman.2896.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Boulytchev, Vasiliy wrote:

>Ladies and Gents,
>        The loads on the mail server require us to start moving Mailscanner
>with Spam and Virus filtering to other machines.  Questions:
>        1.)     How does MS do the locking on files in the submitted
>directory (after cgp2ms)?  If NFS3 is used to mount that shared folder on
>say 3 servers designated to only scanning mail, how do we avoid run-ons?
>        2.)     Idea: if the local procs keep track of locking, then we can
>toss all that into mysql for example? :)))  Just thinking of ways to add
>scalability.
>
>  
>

Vasiliy,

We have 2 MS servers for incoming mail and they don't share any spool 
directory.  They are separate servers and the load balancing is done 
through the MX records.  Our 2 servers were not identical (one was about 
twice as fast as the other) and we had the following:
# host -t mx usherbrooke.ca
usherbrooke.ca mail is handled by 10 smtpe1.usherbrooke.ca.
usherbrooke.ca mail is handled by 10 smtpe2.usherbrooke.ca.
usherbrooke.ca mail is handled by 10 smtpe3.usherbrooke.ca.

Here smtpe1 and smtpe3 are the same machine (the fastest one) with 
different IP.  It received close to 2/3 of all mail.

I just replaced the slowest one (smtpe2) by a machine identical to the 
fastest one (smtpe1) so I asked our DNS guys to drop the smtpe3 name.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From alex at ERUS.CO.UK  Thu Sep 30 22:06:07 2004
From: alex at ERUS.CO.UK (Alex Pimperton)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2897.1137101225.24926.mailscanner@lists.mailscanner.info>

I'm running Debian unstable. Does this apply to Debian as well?

Alex

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jeff A. Earickson
Sent: 30 September 2004 21:44
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Duplicate syslog entries

if you are running Solaris, this is an issue with how you have
/etc/syslog.conf configured.  Solaris is really screwy about how
it works -- you have to read the manpage for syslog carefully.

Jeff Earickson
Colby College

On Thu, 30 Sep 2004, Alex Pimperton wrote:

> Date: Thu, 30 Sep 2004 19:59:26 +0100
> From: Alex Pimperton <alex@ERUS.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Duplicate syslog  entries
>
> Hi
>
> In syslog I get:
>
> Sep 30 19:52:33 server01 MailScanner[12503]: New Batch: Scanning 2
messages,
> 13159 bytes
> Sep 30 19:52:49 server01 MailScanner[12503]: Virus and Content Scanning:
> Starting
> Sep 30 19:52:52 server01 MailScanner[12503]: Uninfected: Delivered 2
> messages
> Sep 30 19:52:52 server01 MailScanner[13040]: Uninfected: Delivered 2
> messages
> Sep 30 19:54:16 server01 MailScanner[13040]: New Batch: Scanning 1
messages,
> 4665 bytes
> Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
> Starting
> Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
> messages
> Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
> messages
>
> Does anybody know why the delievered line is always duplicated?
>
> And how to switch it off?
>
> Small problem I know :)
>
> Regards
>
> Alex
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From Denis.Beauchemin at USHERBROOKE.CA  Thu Sep 30 22:06:11 2004
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:27:05 2006
Subject: Duplicate syslog  entries
Message-ID: <mailman.2898.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Alex Pimperton wrote:

>>4665 bytes
>>Sep 30 19:54:26 server01 MailScanner[13040]: Virus and Content Scanning:
>>Starting
>>Sep 30 19:54:31 server01 MailScanner[13040]: Uninfected: Delivered 1
>>messages
>>Sep 30 19:54:31 server01 MailScanner[13124]: Uninfected: Delivered 1
>>messages
>>
>>Does anybody know why the delievered line is always duplicated?
>>
>>And how to switch it off?
>>
>>Small problem I know :)
>>
>>
>>
>>    
>>
>
>Alex,
>
>Looks like you have 2 children that are synchronized...  the number
>between [ ... ] is the PID of the child.  As you can see, they are
>different, thus are coming from 2 different children.
>
>Denis
>
>Is this normal?
>
>I have Max Children = 1 set in MailScanner.conf so how are several children
>running?
>
>Should I be doing something about it?
>
>I'm running mailscanner on Debian Sid.
>
>  
>

Alex,

Are you sure you restarted MS after reducing the Max Children value?  If 
you did, I don't know what is going on.  I just analyzed my children PID 
in my maillog file and I have exactly 5 (my Max Children value).

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

</x-flowed>

From ssilva at SGVWATER.COM  Thu Sep 30 22:14:24 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2899.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Swaney wrote:
|>-----Original Message-----
|>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
|>Behalf Of Dean Jones
|>Sent: Thursday, September 30, 2004 3:50 PM
|>To: MAILSCANNER@JISCMAIL.AC.UK
|>Subject: Re: MailScanner + SA3 + SURBL not registering.
|>
|>Steve Swaney wrote:
|> >>> SNIPPED <<<
|>
|>>>Doing the command that you suggested manages to make the SURBL checks
|>>>work.
|>>>
|>>>It almost as if there is a spamassassin option in MailScanner.conf that
|>>>turns it off.
|>>>
|>>
|>>
|>>There is a command in MailScanner that turns SpamAssassin off;
|>>
|>>        Use SpamAssassin = yes
|>>
|>>But if you have SpamAssassin turned on in MS and the test above works,
|>>MailScanner should run the exactly as the test does. How are you sure
|>
|>thst
|>
|>>MS is not running the tests?
|>>
|>
|>Use SpamAssassin is set to yes, and SA is doing other checks.
|>
|>The only way i have to guess is just by the data SA drops into the logs.
|>It never hits on any URIBL_* scores running natively.
|>
|>I can forward SURBL test emails through from outside addresses and they
|>don't get hit by the SURBL checks.
|>
|>I'm at a loss :)
|>otherwise SA 3 is working great.
|>
|
|
| So am I. I have many systems setup this way and:
|
|         grep URIBL_ /var/log/maillog
|
With grep URIBL I get nothing, but with grep URI I get lots of hits.
I am using the spamassassin prefs from your site.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBXHcwRADw9lziUqQRAswlAJ9rBoGNe/K3Kqlea/srhHJ35yznsQCdFWyH
+3ZVfmFeSfX4Optc3KhFDO0=
=Cqdw
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From Steve.Swaney at FSL.COM  Thu Sep 30 22:34:38 2004
From: Steve.Swaney at FSL.COM (Steve Swaney)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2900.1137101225.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Scott Silva
> Sent: Thursday, September 30, 2004 5:14 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner + SA3 + SURBL not registering.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve Swaney wrote:
> |>-----Original Message-----
> |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> |>Behalf Of Dean Jones
> |>Sent: Thursday, September 30, 2004 3:50 PM
> |>To: MAILSCANNER@JISCMAIL.AC.UK
> |>Subject: Re: MailScanner + SA3 + SURBL not registering.
> |>
> |>Steve Swaney wrote:
> |> >>> SNIPPED <<<
> |>
> |>>>Doing the command that you suggested manages to make the SURBL checks
> |>>>work.
> |>>>
> |>>>It almost as if there is a spamassassin option in MailScanner.conf
> that
> |>>>turns it off.
> |>>>
> |>>
> |>>
> |>>There is a command in MailScanner that turns SpamAssassin off;
> |>>
> |>>        Use SpamAssassin = yes
> |>>
> |>>But if you have SpamAssassin turned on in MS and the test above works,
> |>>MailScanner should run the exactly as the test does. How are you sure
> |>
> |>thst
> |>
> |>>MS is not running the tests?
> |>>
> |>
> |>Use SpamAssassin is set to yes, and SA is doing other checks.
> |>
> |>The only way i have to guess is just by the data SA drops into the logs.
> |>It never hits on any URIBL_* scores running natively.
> |>
> |>I can forward SURBL test emails through from outside addresses and they
> |>don't get hit by the SURBL checks.
> |>
> |>I'm at a loss :)
> |>otherwise SA 3 is working great.
> |>
> |
> |
> | So am I. I have many systems setup this way and:
> |
> |         grep URIBL_ /var/log/maillog
> |
> With grep URIBL I get nothing, but with grep URI I get lots of hits.
> I am using the spamassassin prefs from your site.

Please send some (but NOT all :) of the log entries that are found with
"grep URI"

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney@fsl.com


> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBXHcwRADw9lziUqQRAswlAJ9rBoGNe/K3Kqlea/srhHJ35yznsQCdFWyH
> +3ZVfmFeSfX4Optc3KhFDO0=
> =Cqdw
> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

From dbird at SGHMS.AC.UK  Thu Sep 30 22:50:33 2004
From: dbird at SGHMS.AC.UK (Daniel Bird)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2901.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Jeff A. Earickson wrote:

> This issue has been reported by myself and Ugo earlier this week
> on the list.  I'm at a loss too.  When the next version of MS
> comes out, I will upgrade and see if the problem remains.
>
Just noticed I had a similar problem after upgrading to SA3, although
all my RBL checks failed to show up not just the SURBL ones.
Installation of a newer version of Net::DNS (v 0.48) has cured it...

Dan

> Jeff Earickson
> Colby College
>
> On Thu, 30 Sep 2004, Dean Jones wrote:
>
>> Date: Thu, 30 Sep 2004 12:49:31 -0700
>> From: Dean Jones <dean@SAHRA.ARIZONA.EDU>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: MailScanner + SA3 + SURBL not registering.
>>
>> Steve Swaney wrote:
>>
>>>>> SNIPPED <<<
>>>>
>>>>
>>>> Doing the command that you suggested manages to make the SURBL checks
>>>> work.
>>>>
>>>> It almost as if there is a spamassassin option in MailScanner.conf
>>>> that
>>>> turns it off.
>>>>
>>>
>>>
>>> There is a command in MailScanner that turns SpamAssassin off;
>>>
>>>         Use SpamAssassin = yes
>>>
>>> But if you have SpamAssassin turned on in MS and the test above works,
>>> MailScanner should run the exactly as the test does. How are you
>>> sure thst
>>> MS is not running the tests?
>>>
>>
>> Use SpamAssassin is set to yes, and SA is doing other checks.
>>
>> The only way i have to guess is just by the data SA drops into the logs.
>> It never hits on any URIBL_* scores running natively.
>>
>> I can forward SURBL test emails through from outside addresses and they
>> don't get hit by the SURBL checks.
>>
>> I'm at a loss :)
>> otherwise SA 3 is working great.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dean at SAHRA.ARIZONA.EDU  Thu Sep 30 22:56:26 2004
From: dean at SAHRA.ARIZONA.EDU (Dean Jones)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2902.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Daniel Bird wrote:
> Jeff A. Earickson wrote:
>
>> This issue has been reported by myself and Ugo earlier this week
>> on the list.  I'm at a loss too.  When the next version of MS
>> comes out, I will upgrade and see if the problem remains.
>>
> Just noticed I had a similar problem after upgrading to SA3, although
> all my RBL checks failed to show up not just the SURBL ones.
> Installation of a newer version of Net::DNS (v 0.48) has cured it...
>
> Dan

the Net::DNS install cured the SURBL as well as the RBL?

I had to upgrade my Net::DNS as well, but that only fixed my RBL checks...

i either need a pint or some aspirin!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dbird at SGHMS.AC.UK  Thu Sep 30 23:01:20 2004
From: dbird at SGHMS.AC.UK (Daniel Bird)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2903.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dean Jones wrote:

> Daniel Bird wrote:
>
>> Jeff A. Earickson wrote:
>>
>>> This issue has been reported by myself and Ugo earlier this week
>>> on the list.  I'm at a loss too.  When the next version of MS
>>> comes out, I will upgrade and see if the problem remains.
>>>
>> Just noticed I had a similar problem after upgrading to SA3, although
>> all my RBL checks failed to show up not just the SURBL ones.
>> Installation of a newer version of Net::DNS (v 0.48) has cured it...
>>
>> Dan
>
>
> the Net::DNS install cured the SURBL as well as the RBL?

Yep: sample output from logs after new Net::DNS install:

Sep 30 22:59:30 mailhub3 MailScanner[6506]: Message 1CD8wv-0001zh-4i
from 65.193.24.56 (westonjenkins_iq@jagadish.info) to sghms.ac.uk is
spam, SpamAssassin (score=26.611, required 5, autolearn=spam, BAYES_99
4.00, DRUGS_ERECTILE 3.00, MSGID_DOLLARS 2.66, RCVD_IN_BL_SPAMCOP_NET
1.22, RCVD_IN_DSBL 3.81, SUBJECT_DRUG_GAP_C 1.32, SUBJECT_DRUG_GAP_VIA
0.25, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00,
URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46)

>
> I had to upgrade my Net::DNS as well, but that only fixed my RBL
> checks...
>
> i either need a pint or some aspirin!

A pint might to the trick! ;-)

>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dbird at SGHMS.AC.UK  Thu Sep 30 23:24:14 2004
From: dbird at SGHMS.AC.UK (Daniel Bird)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2904.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Dean Jones wrote:

> Daniel Bird wrote:
>
>> Jeff A. Earickson wrote:
>>
>>> This issue has been reported by myself and Ugo earlier this week
>>> on the list.  I'm at a loss too.  When the next version of MS
>>> comes out, I will upgrade and see if the problem remains.
>>>
>> Just noticed I had a similar problem after upgrading to SA3, although
>> all my RBL checks failed to show up not just the SURBL ones.
>> Installation of a newer version of Net::DNS (v 0.48) has cured it...
>>
>> Dan
>
>
> the Net::DNS install cured the SURBL as well as the RBL?
>
> I had to upgrade my Net::DNS as well, but that only fixed my RBL
> checks...
>
> i either need a pint or some aspirin!

Just a thought, what do you see if you set the follwing in
MailScanner.conf ?

Debug = yes
Debug SpamAssassin = yes

Anyhting like this? :

debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
and
debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x989052c)

?


>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From ssilva at SGVWATER.COM  Thu Sep 30 23:28:32 2004
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2905.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

snip ...
| | So am I. I have many systems setup this way and:
| |
| |         grep URIBL_ /var/log/maillog
| |
| With grep URIBL I get nothing, but with grep URI I get lots of hits.
| I am using the spamassassin prefs from your site.
|
|
|> Please send some (but NOT all :) of the log entries that are found with
|> "grep URI"

Just 3 log entries, and I see SC_URI, WS_URI etc...
Same thing or not??

Sep 30 05:41:14 mail MailScanner[15471]: Message i8UCekSJ017238 from
82.75.56.101 (pittsti@osn.de) to company1.com is spam, SpamAssassin
(score=17.45, required 3, AB_URI_RBL 5.00, HTML_70_80 0.10,
HTML_IMAGE_ONLY_02 2.24, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.10,
OB_URI_RBL 4.00, SC_URI_RBL 3.00, WS_URI_RBL 3.00)

Sep 30 05:47:35 mail MailScanner[15799]: Message i8UCkgSJ017347 from
61.174.142.171 (ocxx11qlxu@wmn.net) to company2.com is spam,
SpamAssassin (score=20.288, required 3, autolearn=spam, HTML_30_40 0.81,
HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00, J_CHICKENPOX_22 0.60,
J_CHICKENPOX_41 0.60, J_CHICKENPOX_42 0.60, J_CHICKENPOX_62 0.60,
MIME_BOUND_DD_DIGITS 4.23, OB_URI_RBL 4.00, RCVD_IN_DSBL 1.10,
RCVD_IN_NJABL_DUL 1.58, RCVD_IN_SORBS_DUL 0.07, SC_URI_RBL 3.00,
WS_URI_RBL 3.00)

Sep 30 06:58:38 mail MailScanner[17388]: Message i8UDvPSJ019387 from
218.72.16.142 (jnhbct@hotmail.com) to company2.com is spam, SpamAssassin
(score=28.27, required 3, autolearn=spam, AB_URI_RBL 5.00,
J_CHICKENPOX_33 0.60, MIME_BOUND_DD_DIGITS 4.23, MSGID_FROM_MTA_HEADER
0.76, OB_URI_RBL 4.00, RCVD_DOUBLE_IP_SPAM 3.91, RCVD_IN_NJABL_DUL 1.58,
RCVD_IN_SORBS_DUL 0.07, SC_URI_RBL 3.00, WHY_PAY_MORE 2.12, WS_URI_RBL
3.00)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBXIiPRADw9lziUqQRAlTuAJ9wJ7sbglrvxxPoWdC+NZXM58VRfACdHIE/
6espp0RdbYgScZt4ZNBT2Dc=
=HpxE
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dean at SAHRA.ARIZONA.EDU  Thu Sep 30 23:40:27 2004
From: dean at SAHRA.ARIZONA.EDU (Dean Jones)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2906.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Daniel Bird wrote:
> Dean Jones wrote:
>
>> Daniel Bird wrote:
>>
>>> Jeff A. Earickson wrote:
>>>
>>>> This issue has been reported by myself and Ugo earlier this week
>>>> on the list.  I'm at a loss too.  When the next version of MS
>>>> comes out, I will upgrade and see if the problem remains.
>>>>
>>> Just noticed I had a similar problem after upgrading to SA3, although
>>> all my RBL checks failed to show up not just the SURBL ones.
>>> Installation of a newer version of Net::DNS (v 0.48) has cured it...
>>>
>>> Dan
>>
>>
>>
>> the Net::DNS install cured the SURBL as well as the RBL?
>>
>> I had to upgrade my Net::DNS as well, but that only fixed my RBL
>> checks...
>>
>> i either need a pint or some aspirin!
>
>
> Just a thought, what do you see if you set the follwing in
> MailScanner.conf ?
>
> Debug = yes
> Debug SpamAssassin = yes
>
> Anyhting like this? :
>
> debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
> debug: config: read file /etc/mail/spamassassin/init.pre
> and
> debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf
> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> debug: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x989052c)
>

Well i re-installed Net::DNS from scratch (killed all Net::DNS related
stuff) and the SURBL checks have started.
I'm still scratching my head though, but hey it's working.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

From dbird at SGHMS.AC.UK  Thu Sep 30 23:53:59 2004
From: dbird at SGHMS.AC.UK (Daniel Bird)
Date: Thu Jan 12 21:27:05 2006
Subject: MailScanner + SA3 + SURBL not registering.
Message-ID: <mailman.2907.1137101225.24926.mailscanner@lists.mailscanner.info>

<x-flowed>
Scott Silva wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> snip ...
> | | So am I. I have many systems setup this way and:
> | |
> | |         grep URIBL_ /var/log/maillog
> | |
> | With grep URIBL I get nothing, but with grep URI I get lots of hits.
> | I am using the spamassassin prefs from your site.
> |
> |
> |> Please send some (but NOT all :) of the log entries that are found
> with
> |> "grep URI"
>
> Just 3 log entries, and I see SC_URI, WS_URI etc...
> Same thing or not??

Yes, sort of, but that looks like you have the SURBL tests defined
somewhere in the SA config files as per the 2.6x way. The new names for
them are URIBL_xx_SURBL.
Check your /etc/mail/spamassassin (or even your spam.assassin.prefs.conf
file ) directory for any rules with those names and remove them. Then
make sure you have the latest Net::DNS module installed and the line:

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

is uncommented in  /etc/mail/spamassassin/init.pre (that's the default btw)

Dan

>
> Sep 30 05:41:14 mail MailScanner[15471]: Message i8UCekSJ017238 from
> 82.75.56.101 (pittsti@osn.de) to company1.com is spam, SpamAssassin
> (score=17.45, required 3, AB_URI_RBL 5.00, HTML_70_80 0.10,
> HTML_IMAGE_ONLY_02 2.24, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.10,
> OB_URI_RBL 4.00, SC_URI_RBL 3.00, WS_URI_RBL 3.00)
>
> Sep 30 05:47:35 mail MailScanner[15799]: Message i8UCkgSJ017347 from
> 61.174.142.171 (ocxx11qlxu@wmn.net) to company2.com is spam,
> SpamAssassin (score=20.288, required 3, autolearn=spam, HTML_30_40 0.81,
> HTML_FONT_BIG 0.10, HTML_MESSAGE 0.00, J_CHICKENPOX_22 0.60,
> J_CHICKENPOX_41 0.60, J_CHICKENPOX_42 0.60, J_CHICKENPOX_62 0.60,
> MIME_BOUND_DD_DIGITS 4.23, OB_URI_RBL 4.00, RCVD_IN_DSBL 1.10,
> RCVD_IN_NJABL_DUL 1.58, RCVD_IN_SORBS_DUL 0.07, SC_URI_RBL 3.00,
> WS_URI_RBL 3.00)
>
> Sep 30 06:58:38 mail MailScanner[17388]: Message i8UDvPSJ019387 from
> 218.72.16.142 (jnhbct@hotmail.com) to company2.com is spam, SpamAssassin
> (score=28.27, required 3, autolearn=spam, AB_URI_RBL 5.00,
> J_CHICKENPOX_33 0.60, MIME_BOUND_DD_DIGITS 4.23, MSGID_FROM_MTA_HEADER
> 0.76, OB_URI_RBL 4.00, RCVD_DOUBLE_IP_SPAM 3.91, RCVD_IN_NJABL_DUL 1.58,
> RCVD_IN_SORBS_DUL 0.07, SC_URI_RBL 3.00, WHY_PAY_MORE 2.12, WS_URI_RBL
> 3.00)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBXIiPRADw9lziUqQRAlTuAJ9wJ7sbglrvxxPoWdC+NZXM58VRfACdHIE/
> 6espp0RdbYgScZt4ZNBT2Dc=
> =HpxE
> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>