Mailwatch question

Steen, Glenn Glenn.Steen at AP1.SE
Fri Jan 7 09:15:19 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

otherinfected == non-content, non-virus... Iframes etc that MS
detects by itself.
nameinfected is what Matt is after... In the MW report interface
called "contained an Unacceptable Attachment".

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Bill Huff
> Sent: den 6 januari 2005 19:19
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Mailwatch question
> 
> 
> I am pretty sure that nameinfected means that a rule in 
> filename.rules hit and 
> otherinfected means that a rule in filetype.rules hit.
> 
> --
> Bill
> 
> 
> Matt Kehler wrote:
> > Thanks Bill.  I'll try to add 'nameinfected' (I believe 
> thats what the 
> > blocked is) to the daily and monthly reports.   When it 
> comes to stuff 
> > like this I"m lost, so I may be emailing you soon enough :)
> >  
> > thanks!
> > Matt
> > 
> >  >>> bhuff at COLLTECH.COM 01/06/05 09:02AM >>>
> > Matt, mailwatch does indeed capture the difference, however 
> there is not a
> > 'provided' interface to view it.  It is all in the DB 
> however, and a custom
> > report is trivial to create based on the way that the mailwatch 
> > reporting system
> > is designed.
> > 
> > In your mailwatch database is a table called maillog.  In 
> the maillog table
> > there are columns to track if a given message is spam, if 
> it is high 
> > scoring
> > spam, if it is virus infected or if it was name or content infected.
> > 
> > Here is a 'describe' of the columns that I am referring 
> too.  You can 
> > see that
> > you have a very full set of information that is being 
> tracked.  It would be
> > trivial to create a report like you are asking for, the 
> data is all there.
> > 
> > If you would like some help, contact me off list and I will 
> give you a hand.
> > 
> > --
> > Bill
> > 
> > | isspam          | tinyint(1)    | YES  |     | 0       |       |
> > | ishighspam      | tinyint(1)    | YES  |     | 0       |       |
> > | issaspam        | tinyint(1)    | YES  |     | 0       |       |
> > | isrblspam       | tinyint(1)    | YES  |     | 0       |       |
> > | spamwhitelisted | tinyint(1)    | YES  |     | 0       |       |
> > | spamblacklisted | tinyint(1)    | YES  |     | 0       |       |
> > | sascore         | decimal(7,2)  | YES  |     | 0.00    |       |
> > | spamreport      | text          | YES  |     | NULL    |       |
> > | virusinfected   | tinyint(1)    | YES  |     | 0       |       |
> > | nameinfected    | tinyint(1)    | YES  |     | 0       |       |
> > | otherinfected   | tinyint(1)    | YES  |     | 0       |       |
> > 
> > 
> > Matt Kehler wrote:
> >  > Thanks Glenn.  I know they are a different color, and I 
> know they show
> >  > at the top right when looking at the current (daily) 
> stats.  But what
> >  > I"m looking for is 'in the month of December, XXXX 
> emails were blocked
> >  > due to file attachment'.   Better yet, since we service 
> multiple domain
> >  > names, add '  .....blocked due to file attachment when 
> destined for
> >  > abc123.com '
> >  > 
> >  > I assume I will have to do my own custom report for 
> that?  Even when
> >  > filtering for December; it will show emails/spam/virus 
> per day, per
> >  > month, etc..but it doesn't seem that blocked are 
> included.  Unless I'm
> >  > crazy (which very well could be :)
> >  > 
> >  > Matt
> >  >
> >  >  >>> Glenn.Steen at AP1.SE 01/05/05 05:10PM >>>
> >  > As replied on theother list.... Red for blocked content, 
> pink for spam
> >  > (darker for High Scoring)... You'll note the 
> difference:-). As I said,
> >  > even a severely colorblind person like me have no 
> problem with that:-).
> >  >
> >  > If you like to have reports on each type, you'll just 
> have to select a
> >  > relevant subset of limits. Again, it's pretty straightforward.
> >  >
> >  > -- Glenn
> >  >
> >  >
> >  > -----Original Message-----
> >  > From:   MailScanner mailing list on behalf of Matt Kehler
> >  > Sent:   on 2005-01-05 20:04
> >  > To:     MAILSCANNER at JISCMAIL.AC.UK
> >  > Cc:  
> >  > Subject:        Mailwatch question
> >  > I know its a MailWatch question, but it seems as though 
> theres a lot
> >  > more MW users on this list than the actual MW list 
> itself...so... :)
> >  >
> >  >
> >  >
> >  > If you have MS configured to block emails based on 
> extension (such as
> >  > ..pif's for example), do those blocked emails show in 
> the MailWatch
> >  > 'spam' statistics, or do they not show at all?   Is 
> there a way to
> >  > differentiate the emails blocked due to file extension 
> from the emails
> >  > blocked due to spam?  Our management wants to know how 
> much MailScanner
> >  > is blocking due to 'itself' (ie, spam heuristics, virus 
> scanning, etc)
> >  > as opposed to stuff that we manually configure  (ie, the 
> file extensions
> >  > that we block regardless of infection or spam)
> >  >
> >  >
> >  >
> >  > thx
> >  >
> >  > Matt
> >  >
> >  >
> >  >
> >  >
> >  > This email and/or any documents in this transmission is 
> intended for the
> >  > addressee(s) only and may contain legally privileged or 
> confidential
> >  > information.  Any unauthorized use, disclosure, 
> distribution, copying or
> >  > dissemination is strictly prohibited.  If you receive this 
> > transmission in
> >  > error, please notify the sender immediately and return 
> the original.
> >  >
> >  > Ce courriel et tout document dans cette transmission est 
> destiné à la
> >  > personne
> >  > ou aux personnes à qui il est adressé. Il peut contenir 
> des informations
> >  > privilégiées ou confidentielles. Toute utilisation, divulgation,
> >  > distribution,
> >  > copie, ou diffusion non autorisée est strictement 
> défendue. Si vous
> >  > n'êtes pas
> >  > le destinataire de ce message, veuillez en informer l'expéditeur
> >  > immédiatement
> >  > et lui remettre l'original.
> >  >
> >  > ------------------------ MailScanner list 
> ------------------------
> >  > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >  > 'leave mailscanner' in the body of the email.
> >  > Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and
> >  > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >  >
> >  > Support MailScanner development - buy the book off the website!
> >  >
> >  > ------------------------ MailScanner list 
> ------------------------
> >  > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
> >  > 'leave mailscanner' in the body of the email.
> >  > Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and
> >  > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >  >
> >  > Support MailScanner development - buy the book off the website!
> >  > This email and/or any documents in this transmission is 
> intended for the
> >  > addressee(s) only and may contain legally privileged or 
> confidential
> >  > information. Any unauthorized use, disclosure, 
> distribution, copying or
> >  > dissemination is strictly prohibited. If you receive 
> this transmission
> >  > in error, please notify the sender immediately and 
> return the original.
> >  > Ce courriel et tout document dans cette transmission est 
> destiné à la
> >  > personne ou aux personnes à qui il est adressé. Il peut 
> contenir des
> >  > informations privilégiées ou confidentielles. Toute utilisation,
> >  > divulgation, distribution, copie, ou diffusion non autorisée est
> >  > strictement défendue. Si vous n'êtes pas le destinataire 
> de ce message,
> >  > veuillez en informer l'expéditeur immédiatement et lui remettre
> >  > l'original. ------------------------ MailScanner list
> >  > ------------------------
> >  > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
> >  > 'leave mailscanner' in the body of the email.
> >  > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> >  > and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >  >
> >  > *Support MailScanner development - buy the book off the website!*
> > 
> > -- 
> >       _____
> >      / ___/___       | Bill Huff, CISSP - Director of Technology
> >     / /__  __/       | Voice: (512) 263-0770 x 262
> >    / /__/ /          |   Fax: (512) 263-8921
> >    \___/ /ollective  |  Cell: (512) 630-5424
> >        \/echnologies | --[ http://www.colltech.com 
> > <http://www.colltech.com/> ] --
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > This email and/or any documents in this transmission is 
> intended for the 
> > addressee(s) only and may contain legally privileged or 
> confidential 
> > information. Any unauthorized use, disclosure, 
> distribution, copying or 
> > dissemination is strictly prohibited. If you receive this 
> transmission 
> > in error, please notify the sender immediately and return 
> the original. 
> > Ce courriel et tout document dans cette transmission est 
> destiné à la 
> > personne ou aux personnes à qui il est adressé. Il peut 
> contenir des 
> > informations privilégiées ou confidentielles. Toute utilisation, 
> > divulgation, distribution, copie, ou diffusion non autorisée est 
> > strictement défendue. Si vous n'êtes pas le destinataire de 
> ce message, 
> > veuillez en informer l'expéditeur immédiatement et lui remettre 
> > l'original. ------------------------ MailScanner list 
> > ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > *Support MailScanner development - buy the book off the website!*
> 
> -- 
>       _____
>      / ___/___       | Bill Huff, CISSP - Director of Technology
>     / /__  __/       | Voice: (512) 263-0770 x 262
>    / /__/ /          |   Fax: (512) 263-8921
>    \___/ /ollective  |  Cell: (512) 630-5424
>        \/echnologies | --[ http://www.colltech.com ] --
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list