Mailwatch question
Steen, Glenn
Glenn.Steen at AP1.SE
Fri Jan 7 09:15:19 GMT 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
otherinfected == non-content, non-virus... Iframes etc that MS
detects by itself.
nameinfected is what Matt is after... In the MW report interface
called "contained an Unacceptable Attachment".
-- Glenn
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Bill Huff
> Sent: den 6 januari 2005 19:19
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Mailwatch question
>
>
> I am pretty sure that nameinfected means that a rule in
> filename.rules hit and
> otherinfected means that a rule in filetype.rules hit.
>
> --
> Bill
>
>
> Matt Kehler wrote:
> > Thanks Bill. I'll try to add 'nameinfected' (I believe
> thats what the
> > blocked is) to the daily and monthly reports. When it
> comes to stuff
> > like this I"m lost, so I may be emailing you soon enough :)
> >
> > thanks!
> > Matt
> >
> > >>> bhuff at COLLTECH.COM 01/06/05 09:02AM >>>
> > Matt, mailwatch does indeed capture the difference, however
> there is not a
> > 'provided' interface to view it. It is all in the DB
> however, and a custom
> > report is trivial to create based on the way that the mailwatch
> > reporting system
> > is designed.
> >
> > In your mailwatch database is a table called maillog. In
> the maillog table
> > there are columns to track if a given message is spam, if
> it is high
> > scoring
> > spam, if it is virus infected or if it was name or content infected.
> >
> > Here is a 'describe' of the columns that I am referring
> too. You can
> > see that
> > you have a very full set of information that is being
> tracked. It would be
> > trivial to create a report like you are asking for, the
> data is all there.
> >
> > If you would like some help, contact me off list and I will
> give you a hand.
> >
> > --
> > Bill
> >
> > | isspam | tinyint(1) | YES | | 0 | |
> > | ishighspam | tinyint(1) | YES | | 0 | |
> > | issaspam | tinyint(1) | YES | | 0 | |
> > | isrblspam | tinyint(1) | YES | | 0 | |
> > | spamwhitelisted | tinyint(1) | YES | | 0 | |
> > | spamblacklisted | tinyint(1) | YES | | 0 | |
> > | sascore | decimal(7,2) | YES | | 0.00 | |
> > | spamreport | text | YES | | NULL | |
> > | virusinfected | tinyint(1) | YES | | 0 | |
> > | nameinfected | tinyint(1) | YES | | 0 | |
> > | otherinfected | tinyint(1) | YES | | 0 | |
> >
> >
> > Matt Kehler wrote:
> > > Thanks Glenn. I know they are a different color, and I
> know they show
> > > at the top right when looking at the current (daily)
> stats. But what
> > > I"m looking for is 'in the month of December, XXXX
> emails were blocked
> > > due to file attachment'. Better yet, since we service
> multiple domain
> > > names, add ' .....blocked due to file attachment when
> destined for
> > > abc123.com '
> > >
> > > I assume I will have to do my own custom report for
> that? Even when
> > > filtering for December; it will show emails/spam/virus
> per day, per
> > > month, etc..but it doesn't seem that blocked are
> included. Unless I'm
> > > crazy (which very well could be :)
> > >
> > > Matt
> > >
> > > >>> Glenn.Steen at AP1.SE 01/05/05 05:10PM >>>
> > > As replied on theother list.... Red for blocked content,
> pink for spam
> > > (darker for High Scoring)... You'll note the
> difference:-). As I said,
> > > even a severely colorblind person like me have no
> problem with that:-).
> > >
> > > If you like to have reports on each type, you'll just
> have to select a
> > > relevant subset of limits. Again, it's pretty straightforward.
> > >
> > > -- Glenn
> > >
> > >
> > > -----Original Message-----
> > > From: MailScanner mailing list on behalf of Matt Kehler
> > > Sent: on 2005-01-05 20:04
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Cc:
> > > Subject: Mailwatch question
> > > I know its a MailWatch question, but it seems as though
> theres a lot
> > > more MW users on this list than the actual MW list
> itself...so... :)
> > >
> > >
> > >
> > > If you have MS configured to block emails based on
> extension (such as
> > > ..pif's for example), do those blocked emails show in
> the MailWatch
> > > 'spam' statistics, or do they not show at all? Is
> there a way to
> > > differentiate the emails blocked due to file extension
> from the emails
> > > blocked due to spam? Our management wants to know how
> much MailScanner
> > > is blocking due to 'itself' (ie, spam heuristics, virus
> scanning, etc)
> > > as opposed to stuff that we manually configure (ie, the
> file extensions
> > > that we block regardless of infection or spam)
> > >
> > >
> > >
> > > thx
> > >
> > > Matt
> > >
> > >
> > >
> > >
> > > This email and/or any documents in this transmission is
> intended for the
> > > addressee(s) only and may contain legally privileged or
> confidential
> > > information. Any unauthorized use, disclosure,
> distribution, copying or
> > > dissemination is strictly prohibited. If you receive this
> > transmission in
> > > error, please notify the sender immediately and return
> the original.
> > >
> > > Ce courriel et tout document dans cette transmission est
> destiné à la
> > > personne
> > > ou aux personnes à qui il est adressé. Il peut contenir
> des informations
> > > privilégiées ou confidentielles. Toute utilisation, divulgation,
> > > distribution,
> > > copie, ou diffusion non autorisée est strictement
> défendue. Si vous
> > > n'êtes pas
> > > le destinataire de ce message, veuillez en informer l'expéditeur
> > > immédiatement
> > > et lui remettre l'original.
> > >
> > > ------------------------ MailScanner list
> ------------------------
> > > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> > > ------------------------ MailScanner list
> ------------------------
> > > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> > > This email and/or any documents in this transmission is
> intended for the
> > > addressee(s) only and may contain legally privileged or
> confidential
> > > information. Any unauthorized use, disclosure,
> distribution, copying or
> > > dissemination is strictly prohibited. If you receive
> this transmission
> > > in error, please notify the sender immediately and
> return the original.
> > > Ce courriel et tout document dans cette transmission est
> destiné à la
> > > personne ou aux personnes à qui il est adressé. Il peut
> contenir des
> > > informations privilégiées ou confidentielles. Toute utilisation,
> > > divulgation, distribution, copie, ou diffusion non autorisée est
> > > strictement défendue. Si vous n'êtes pas le destinataire
> de ce message,
> > > veuillez en informer l'expéditeur immédiatement et lui remettre
> > > l'original. ------------------------ MailScanner list
> > > ------------------------
> > > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> > > and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > *Support MailScanner development - buy the book off the website!*
> >
> > --
> > _____
> > / ___/___ | Bill Huff, CISSP - Director of Technology
> > / /__ __/ | Voice: (512) 263-0770 x 262
> > / /__/ / | Fax: (512) 263-8921
> > \___/ /ollective | Cell: (512) 630-5424
> > \/echnologies | --[ http://www.colltech.com
> > <http://www.colltech.com/> ] --
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> > This email and/or any documents in this transmission is
> intended for the
> > addressee(s) only and may contain legally privileged or
> confidential
> > information. Any unauthorized use, disclosure,
> distribution, copying or
> > dissemination is strictly prohibited. If you receive this
> transmission
> > in error, please notify the sender immediately and return
> the original.
> > Ce courriel et tout document dans cette transmission est
> destiné à la
> > personne ou aux personnes à qui il est adressé. Il peut
> contenir des
> > informations privilégiées ou confidentielles. Toute utilisation,
> > divulgation, distribution, copie, ou diffusion non autorisée est
> > strictement défendue. Si vous n'êtes pas le destinataire de
> ce message,
> > veuillez en informer l'expéditeur immédiatement et lui remettre
> > l'original. ------------------------ MailScanner list
> > ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > *Support MailScanner development - buy the book off the website!*
>
> --
> _____
> / ___/___ | Bill Huff, CISSP - Director of Technology
> / /__ __/ | Voice: (512) 263-0770 x 262
> / /__/ / | Fax: (512) 263-8921
> \___/ /ollective | Cell: (512) 630-5424
> \/echnologies | --[ http://www.colltech.com ] --
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list