AWL Still

Dave Duffner - NWCWEB.com webalizer at NWCWEB.COM
Wed Feb 9 15:41:42 GMT 2005 

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Matt Kettler
> Sent: Tuesday, February 08, 2005 6:46 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: AWL Still
>
>
> At 02:32 PM 2/8/2005, Dave Duffner - NWCWEB.com wrote:
> >X-Spam-Report:
> >         *  0.7 BIZ_TLD URI: Contains a URL in the BIZ
> top-level domain
> >         *   43 AWL AWL: Auto-whitelist adjustment
> >X-Spam-Status: Yes, hits=43.5 required=4.0 tests=AWL,BIZ_TLD
> autolearn=no
> >         version=2.60
> >
> >         I note that any .biz traffic seems to have this issue, this
> >time it came up with a 43 AWL adjustment out of the blue?
>
> The two rules are 100% unrelated...
>
> BIZ_TLD looks for URL's containing .biz as the TLD of their link.
>
> The AWL has nothing to do with URLs at all, so the match
> between the two is not significant.
>
> Looks like you might want to run check-whitelist (from the SA
> tarball, tools directory) and see what the AWL entries look
> like... Sounds like GTUBE hangover, something that 2.6 is
> subject to, but 3.0 is not.

        Gotcha, will check that out and see what it has to say...

> >I'll check the local.cf and make sure it's not
> >a factor in this, otherwise I'm lost as to why AWL's still
> functioning.
>
> Since you're talking 2.6, don't look at local.cf..
> use_auto_whitelist is a SA 3.0 thing..

        Actually I checked everywhere to ensure either these
switches are off or 0 or non-existant.  Can't find a single
point where they would still be turned on.  Also restarted
all services after any changes as a normal policy, even a
server reboot here and there just because.  So any changes
should have taken/been imported to eliminate AWL.  And we
see other changes that indicate it should have worked and
is working, which is the strange part.

> Also, don't you use MailScanner? Those headers look like they
> were generated by a direct call to SA, not one made via MailScanner.

        Well we have MS/SA/ClamAV but on an Ensim Pro/RH Fedora Core 1
box.  The Enism integration requires MS, but if you turn on the
SA feature within it, it double-scans everything.  So it's
using MS to scope/scan it first, then hands off anything it
deems acceptable to SA to then process.  But it's MS calling
it up to be used in the handoff, so the pref's conf file
settings override any SA direct settings.  But we did scope
those SA conf & cf files, anything and everything should be
killed for AWL?


--
Message scanned by MailScanner, and is believed to be clean.
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list