From taz at TAZ-MANIA.COM Wed Jun 1 01:22:09 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know I will probably get flamed for this (although this seems to be a much better group about those sort of things that most of the lists I have been on). I have a couple of feature requests and I will explain why I want them as well. A third Spam level Currently I don't actually block (delete) any mail regardless of how high the Spam rating is, but would like to. Currently I use the two Spam levels as "might be Spam" and "most like is Spam" and I mark the subject differently. The first I mark with [Spam?] and the high level I mark as [**Spam**] and most of my customers filter these differently. The low level is set at a score of 3 and the high level with a score of 7. However I would like a third that I could set fairly high (say a score of 25) and set if for actual delete. I would have said a delete level except that I would want to be able to set if it mark and forward to me during some fine tuning so being able to use just a third level is best. Multiple sets of Blacklists Currently I have MailScanner set to mark any email that is on any of the blacklists as high level Spam and not to scan it with Spam Assassin if it's already on a blacklist. However some Blacklists are more trustworthy than others. I have my own DNSBL with 450,000 addresses I have collected with my honey pot and of course I find mine very reliable, there's a virus blacklist and there're others... While some of them are not so accurate or don't have a good way for fixed servers to get off of them. I would like to have one set of blacklists that I can set to work where you can assign what Spam level is set if the email is found on one or more of the blacklists and one set to actually delete if listed. Also an API that allows me to write my own filter system that is called by MailScanner similar to the way SpamAssassin is where I can examine all the information in the email and come back with a score. In MailScanner it would have the ability to define my module and where in the list of modules (anti-virus, SA, etc...) it's used and if it gets a high value whether or not to continue with the rest of the modules. Thanks for listening -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From max at KIPNESS.COM Wed Jun 1 07:46:24 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:51 2006 Subject: Spam messages processesed several times! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I have the latest version of MailScanner and Spamassassin. Everything was running fine until this morning. The only modifications I can think of that were done, were the addition/installation of Razor2 and Pyzor, in addition to DCC that I was already running. Well, this morning I started noticing that there was always 150 ^Ö 300 messages waiting to be processed. This with a new server with dual Pentium 4 3Ghz processors. Normally I process around 8000 to 10000 spam messages a day, but when grepping maillog with the count parameter, I got 57,000! Well it seems that each spam message is being processed several times, some as many as 83 times. The log will show message XXXXX from IP xxxx is spam^Å.actions are store^Å.and then it will start the process for the same message over and over again, or around 60 -80 times. Anybody ever heard of this? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 08:20:33 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:51 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Few have responded that it is ok to have a high load average. However, if I can tune it well and good. hence I am still responding to few emails. # uptime 12:47:07 up 9 days, 1:11, 4 users, load average: 5.60, 5.36, 4.82 > > > Use # vmstat 2 and show us a few lines (abort with ctrl-C) > # vmstat 2 procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 6 1 1 250776 76424 81608 52148 2 8 33 48 34 49 41 9 50 4 0 0 250776 81848 81608 52252 0 0 0 36 137 90 79 21 0 3 0 1 250776 62960 81628 57144 0 0 0 3414 182 198 55 20 25 3 0 0 250776 68504 81628 61968 0 0 0 72 152 134 85 15 0 4 0 0 250776 72220 81644 52384 0 0 0 94 183 175 90 10 0 2 1 1 250776 74884 81660 52348 0 0 0 468 203 263 63 18 19 0 2 1 250776 85172 81660 51900 0 0 0 698 230 368 37 13 50 4 0 0 250776 60812 81676 51764 0 0 0 534 222 299 60 18 22 > > He meant the sar reports. In redhat, see the /var/log/sa/sar* reports. > Sorry 'sar' reports are long.. # sar Linux 2.4.20-8 (blr.indiainfo.com) 06/01/2005 12:00:00 AM CPU %user %nice %system %idle 12:10:00 AM all 44.27 0.00 8.05 47.68 12:20:00 AM all 41.78 0.00 7.91 50.31 12:30:00 AM all 33.36 0.00 6.75 59.88 12:40:00 AM all 36.25 0.00 7.68 56.07 12:50:00 AM all 27.85 0.00 5.50 66.66 01:00:00 AM all 21.97 0.00 4.59 73.44 01:10:00 AM all 21.29 0.00 4.56 74.15 01:20:00 AM all 23.50 0.00 5.07 71.43 01:30:00 AM all 37.07 0.00 8.09 54.84 01:40:00 AM all 30.92 0.00 6.52 62.56 01:50:01 AM all 30.89 0.00 6.65 62.46 02:00:00 AM all 24.33 0.00 5.38 70.29 02:10:00 AM all 18.49 0.00 4.02 77.49 02:20:00 AM all 11.42 0.00 2.70 85.88 02:30:00 AM all 24.87 0.00 5.30 69.83 02:40:00 AM all 23.29 0.00 4.91 71.80 02:50:01 AM all 21.60 0.00 4.65 73.75 03:00:01 AM all 20.81 0.00 4.30 74.89 03:10:01 AM all 29.00 0.00 6.95 64.04 03:20:00 AM all 22.61 0.00 5.10 72.29 03:30:01 AM all 25.95 0.00 5.46 68.59 03:40:00 AM all 24.88 0.00 5.19 69.93 03:50:00 AM all 20.33 0.00 4.30 75.37 04:00:01 AM all 24.42 0.00 5.49 70.09 04:10:00 AM all 34.99 0.62 7.06 57.33 04:20:01 AM all 41.36 0.00 6.97 51.66 04:30:00 AM all 33.78 0.00 6.89 59.33 04:40:00 AM all 16.21 0.00 3.19 80.60 04:50:01 AM all 28.65 0.00 6.03 65.32 05:00:02 AM all 26.84 0.00 6.08 67.08 05:10:00 AM all 36.24 0.00 7.92 55.85 05:10:00 AM CPU %user %nice %system %idle 05:20:00 AM all 34.42 0.00 7.57 58.00 05:30:00 AM all 18.30 0.00 3.73 77.97 05:40:00 AM all 43.64 0.00 29.20 27.16 05:50:00 AM all 24.83 0.00 5.33 69.84 06:00:00 AM all 37.96 0.00 8.08 53.96 06:10:01 AM all 24.40 0.00 5.18 70.42 06:20:00 AM all 24.40 0.00 5.10 70.50 06:30:00 AM all 13.58 0.00 2.95 83.47 06:40:00 AM all 26.78 0.00 5.87 67.35 06:50:00 AM all 17.74 0.00 3.84 78.42 07:00:00 AM all 29.28 0.00 6.41 64.31 07:10:00 AM all 25.47 0.00 5.68 68.85 07:20:00 AM all 25.85 0.00 5.60 68.55 07:30:00 AM all 23.74 0.00 5.15 71.10 07:40:00 AM all 30.75 0.00 6.95 62.30 07:50:00 AM all 25.09 0.00 5.30 69.61 08:00:00 AM all 29.71 0.00 6.40 63.89 08:10:00 AM all 33.93 0.00 7.31 58.76 08:20:04 AM all 30.77 0.00 6.63 62.60 08:30:00 AM all 44.02 0.00 8.73 47.25 08:40:00 AM all 28.61 0.00 5.86 65.53 08:50:02 AM all 68.04 0.00 15.31 16.64 09:00:01 AM all 42.14 0.00 9.23 48.64 09:10:00 AM all 38.86 0.00 8.50 52.64 09:20:00 AM all 37.91 0.00 8.49 53.60 09:30:01 AM all 35.33 0.00 7.03 57.64 09:40:00 AM all 49.49 0.00 9.77 40.74 09:50:05 AM all 50.47 0.00 11.33 38.20 10:00:02 AM all 74.45 0.00 14.26 11.29 10:10:00 AM all 55.51 0.00 13.32 31.17 10:20:00 AM all 43.54 0.00 9.70 46.75 10:20:00 AM CPU %user %nice %system %idle 10:30:04 AM all 58.38 0.00 12.74 28.88 10:40:00 AM all 65.95 0.00 14.47 19.58 10:50:06 AM all 60.78 0.00 13.73 25.49 11:00:01 AM all 59.00 0.00 13.81 27.20 11:10:02 AM all 68.89 0.00 15.40 15.70 11:20:03 AM all 68.24 0.00 15.42 16.33 11:30:02 AM all 54.82 0.00 12.43 32.76 11:40:02 AM all 68.41 0.00 15.97 15.62 11:50:00 AM all 71.70 0.00 17.67 10.63 12:00:03 PM all 71.93 0.00 15.30 12.77 12:10:00 PM all 59.47 0.00 13.42 27.11 12:20:04 PM all 69.99 0.00 16.62 13.39 12:30:00 PM all 68.04 0.00 15.51 16.45 12:40:03 PM all 66.36 0.00 15.39 18.26 Average: all 37.63 0.01 8.43 53.92 -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Wed Jun 1 08:21:16 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:29:51 2006 Subject: sa-learn Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, i'm trying to train the bayes with spam and ham. The spam was successful, but the ham showed some errors (i think) : [root@alpha mail]# sa-learn --showdots --mbox --spam spam ........................................................................................ Learned from 87 message(s) (88 message(s) examined). [root@alpha mail]# sa-learn --showdots --mbox --ham archive .....Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .........................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. ..................................................................................................................................................................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .....................................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .......................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. ................................................................................... Learned from 508 message(s) (527 message(s) examined). [root@alpha mail]# anybody has seen these errors before ? Thanks ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 08:32:49 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Once again, we get the "Please contact the authors" message : May 31 23:00:57 MailScanner[4885]: ISR-form-v1.0/ May 31 23:00:57 MailScanner[4885]: ProcessClamAVOutput: unrecognised line "ISR-form-v1.0/". Please contact the authors! We are using MS 4-41-3. Does this mean we should go to the latest release ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 08:55:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Huh? Message-ID: Fixed. I comment in the file that I forgot to remove. On 31 May 2005, at 23:14, Kevin Miller wrote: > Implemented phishing detection and it works a treat but > whitelisting wasn't > working. Reread the comments in the .conf file and lines 12-13 say > I can > use wildcards, while 19-20 say I can't. What's up w/that? > > I removed the wildcards from my entries but won't know if it worked > until I > get a new newsletter, probably next week... > > > #12 You can also use wildcards, so you can list *.bank.com instead of > #13 listing multiple web servers individually. Use with care. > #14 > ... > #18 > #19 Note: Do not add any form of wildcard, regular expression or > anything > #20 other than a fully qualified hostname to this file. It > won't work. > #21 > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:07:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: On 1 Jun 2005, at 01:22, Dennis Willson wrote: > I know I will probably get flamed for this (although this seems to > be a much better group about those sort of things that most of the > lists I have been on). > > I have a couple of feature requests and I will explain why I want > them as well. > > A third Spam level > Currently I don't actually block (delete) any mail regardless > of how high the Spam rating is, but would like to. Currently I use > the two Spam levels as "might be Spam" and "most like is Spam" and > I mark the subject differently. The first I mark with [Spam?] and > the high level I mark as [**Spam**] and most of my customers filter > these differently. The low level is set at a score of 3 and the > high level with a score of 7. However I would like a third that I > could set fairly high (say a score of 25) and set if for actual > delete. I would have said a delete level except that I would want > to be able to set if it mark and forward to me during some fine > tuning so being able to use just a third level is best. However many levels I provide, people always ask for another one :-) This is pretty easy to implement with a Custom Function. > Multiple sets of Blacklists > Currently I have MailScanner set to mark any email that is on > any of the blacklists as high level Spam and not to scan it with > Spam Assassin if it's already on a blacklist. However some > Blacklists are more trustworthy than others. I have my own DNSBL > with 450,000 addresses I have collected with my honey pot and of > course I find mine very reliable, there's a virus blacklist and > there're others... While some of them are not so accurate or don't > have a good way for fixed servers to get off of them. I would like > to have one set of blacklists that I can set to work where you can > assign what Spam level is set if the email is found on one or more > of the blacklists and one set to actually delete if listed. If you effectively want to score blacklists, then do it in SpamAssassin, that provides a system to do all this. > Also an API that allows me to write my own filter system that is > called by MailScanner similar to the way SpamAssassin is where I > can examine all the information in the email and come back with a > score. In MailScanner it would have the ability to define my module > and where in the list of modules (anti-virus, SA, etc...) it's used > and if it gets a high value whether or not to continue with the > rest of the modules. There is a generic virus scanner module, but not a generic spam scanner module. I will take a look at this one. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:09:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Spam messages processesed several times! Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What version of MailScanner are you running? Sorry, you already answered that. Also please put MailScanner into debug mode and run check_mailscanner. That should tell you why it is dying. On 1 Jun 2005, at 07:46, Max Kipness wrote: > Hello, > > > > I have the latest version of MailScanner and Spamassassin. > > > > Everything was running fine until this morning. The only > modifications I > can think of that were done, were the addition/installation of > Razor2 and > Pyzor, in addition to DCC that I was already running. > > > > Well, this morning I started noticing that there was always 150 ^Ö 300 > messages waiting to be processed. This with a new server with dual > Pentium > 4 3Ghz processors. Normally I process around 8000 to 10000 spam > messages a > day, but when grepping maillog with the count parameter, I got 57,000! > Well it seems that each spam message is being processed several times, > some as many as 83 times. The log will show message XXXXX from IP > xxxx is > spam^Å.actions are store^Å.and then it will start the process for the > same > message over and over again, or around 60 -80 times. > > > > Anybody ever heard of this? > > > > Thanks, > > Max > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:10:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: No, you can probably safely ignore the warnings. I would be interested to see the message though, so I can fix the parser. On 1 Jun 2005, at 08:32, Nestor Burma wrote: > Hello, > > Once again, we get the "Please contact the authors" > message : > > May 31 23:00:57 MailScanner[4885]: ISR-form-v1.0/ > May 31 23:00:57 MailScanner[4885]: > ProcessClamAVOutput: unrecognised line > "ISR-form-v1.0/". Please contact the authors! > > We are using MS 4-41-3. Does this mean we should go to > the latest release ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 09:10:07 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi, MailScanner-4.41.3 I have got the following error twice in my logs. May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , MIME::Parser: can't flush: No space left on device at /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, line 24. I understand that it is telling me that the device it is trying to flush to is too full. What I can't work out is which device as the partition that is /var has at least 3Gb free space at the moment. Is this trying to flush to a temp file on /tmp? As I could understand that getting too full. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I haven't lost my mind...I sold it on eBay!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jun 1 09:12:19 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: > > > There is a generic virus scanner module, but not a generic spam scanner > module. I will take a look at this one. > Maybe make it generic enough so that I can plugin DSPAM and CRM114 right there? :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu donna ni munega itakutemo soba ni iru no zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCnW3jPMoaMn4kKR4RA6D4AJoDs507DV5YshufQ7c5e5tNC66kjACeKWlG 67ynlaDFN29HYMtsSyip6VI= =8vku -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:21:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: cd /var/spool/MailScanner/incoming df -k . df -i . On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > Hi, > > MailScanner-4.41.3 > > I have got the following error twice in my logs. > > May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot > parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and > , MIME::Parser: can't flush: No space left on device at > /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > line 24. > > I understand that it is telling me that the device it is trying to > flush to is too full. What I can't work out is which device as the > partition that is /var has at least 3Gb free space at the moment. > > Is this trying to flush to a temp file on /tmp? As I could > understand that getting too full. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "I haven't lost my mind...I sold it on eBay!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 09:18:21 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner/SpamAssassin timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, --- No Name a écrit : > The problem crops up after the MS initiated SA bayes > database > rebuild. As long as the bayes_auto_expire feature is > enabled in SA > configuration and disabled in MS there isn't any > problem. If I > disable auto expiring in SA (bayes_auto_expire 0) > and enable it in MS > (Rebuild Bayes Every = 28800) I get some SA > timeouts, but only from > the MS process which did the bayes database rebuild > and only for some > batches. If I TERM this process the timeout problem > is gone. The > problem also disappears after the periodically > restart of this > process, but if I do not kill the suspicious MS > process it disables > SA network checks and later SA local checks and I > get some spam > unchecked through. The other MS processes do not > show any problem > during these timeouts. Just for the record, we have drawn the same conclusion to explain our "SpamAssassin : Erreur de temporisation" (meaning timeout, french speaking around here) problems. Only the bayes-rebuilder process seems to suffer from them. Any way out to solve this problem (we have temporarily configured out bayes rebuilding by MS, but would like to get it back whenever possible). Tia, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 09:21:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:51 2006 Subject: System load is very high because of MailScanner Message-ID: BG Mahesh wrote: > Few have responded that it is ok to have a high load average. > However, if I can tune it well and good. hence I am still responding > to few emails. > (snipped stats that show a somewhat high load... But the sar and vmstat show nothing special) > > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ Count the processes in state D (non-interruptible wait state). I'm sure you'll see that it is this that is "artificially pushing the load upward" (each will add 1 to the load average). Unless you see large MS batches (in the maillog), your system seems to be chugging along nicely. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:21:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Steve getting a lot of mytob.cp here - ClamAV not picking up the zip files for some reason, but Sophos is catching them fine. Something to look this morning as to why clamav is not detecting the zip varient.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stephen Swaney wrote: > We're seeing two systems in the UK getting hammered by the Worm.Zafi.B > virus. All of the infections are from the same system so it's not too hard > to block. > > The symptom is that there are so many viruses being detected that mail > starts quickly backing up on the infected system. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 09:19:33 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, --- Julian Field a écrit: > No, you can probably safely ignore the warnings. I > would be interested to see the message though, so I > can fix the parser. Which message ? The one from ClamAv ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jun 1 09:28:20 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Hi! > getting a lot of mytob.cp here - ClamAV not picking up the zip files for some > reason, but Sophos is catching them fine. > > Something to look this morning as to why clamav is not detecting the zip > varient.. So submit the ones its not picking up at virustotal.com :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 09:37:48 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi Julian, Thanks for the response. I have already checked that, which is how I know that there is ~3Gb free space there at the moment. I guess it would be possible for enough email to arrive at one time to fill that partition, but I have never seen it happen before now. But now that you have confirmed that is defintely the area that was full during that processing run, I can keep an eye on it and look into throwing some more disk at it. Thanks. > cd /var/spool/MailScanner/incoming > df -k . > df -i . > > On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > > > Hi, > > > > MailScanner-4.41.3 > > > > I have got the following error twice in my logs. > > > > May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot > > parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header > > and , MIME::Parser: can't flush: No space left on device at > > /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > > line 24. > > > > I understand that it is telling me that the device it is trying to > > flush to is too full. What I can't work out is which device as the > > partition that is /var has at least 3Gb free space at the moment. > > > > Is this trying to flush to a temp file on /tmp? As I could > > understand that getting too full. > > > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "I haven't lost my mind...I sold it on eBay!" > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:44:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Anthony not enough inodes left???? that will have the same effect.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anthony Peacock wrote: > Hi Julian, > > Thanks for the response. I have already checked that, which is how I > know that there is ~3Gb free space there at the moment. > > I guess it would be possible for enough email to arrive at one time > to fill that partition, but I have never seen it happen before now. > > But now that you have confirmed that is defintely the area that was > full during that processing run, I can keep an eye on it and look > into throwing some more disk at it. > > Thanks. > > > >>cd /var/spool/MailScanner/incoming >>df -k . >>df -i . >> >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: >> >> >>>Hi, >>> >>>MailScanner-4.41.3 >>> >>>I have got the following error twice in my logs. >>> >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot >>>parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header >>>and , MIME::Parser: can't flush: No space left on device at >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, >>> line 24. >>> >>>I understand that it is telling me that the device it is trying to >>>flush to is too full. What I can't work out is which device as the >>>partition that is /var has at least 3Gb free space at the moment. >>> >>>Is this trying to flush to a temp file on /tmp? As I could >>>understand that getting too full. >>> >>> >>>-- >>>Anthony Peacock >>>CHIME, Royal Free & University College Medical School >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>"I haven't lost my mind...I sold it on eBay!" >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the Wiki >>>(http://wiki.mailscanner.info/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:43:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Raymond I have - to the clamav.net's submission page... checked first with command line it wasn't picking up t he zip varient, even using the external unzip facility. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > >> getting a lot of mytob.cp here - ClamAV not picking up the zip files >> for some reason, but Sophos is catching them fine. >> >> Something to look this morning as to why clamav is not detecting the >> zip varient.. > > > So submit the ones its not picking up at virustotal.com :) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:59:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Raymond hmm no Sophos on that check site. Anyway only 4 of the 18 AV engines on that site found something... (etrust-vet, fortinet, Nod-32, Norman). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > >> getting a lot of mytob.cp here - ClamAV not picking up the zip files >> for some reason, but Sophos is catching them fine. >> >> Something to look this morning as to why clamav is not detecting the >> zip varient.. > > > So submit the ones its not picking up at virustotal.com :) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 10:00:55 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi all, Thanks for the info. This must have been a transient problem overnight as the partition seems fine now. For info: # cd /var/spool/MailScanner/incoming # df -F ufs -o i . Filesystem iused ifree %iused Mounted on /dev/dsk/c0t0d0s1 7066 494054 1% /var # # df -k . Filesystem kbytes used avail capacity Mounted on /dev/dsk/c0t0d0s1 4032196 954531 3037344 24% /var It doesn't look to me like last night was a particularly busy night. But now that you have confirmed that the resource problem was on that partition, it becomes a sysadmin job for me to keep an eye on and provide more resource for this area. Thankyou to everyone for your help. > Anthony > > not enough inodes left???? that will have the same effect.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anthony Peacock wrote: > > Hi Julian, > > > > Thanks for the response. I have already checked that, which is how > > I know that there is ~3Gb free space there at the moment. > > > > I guess it would be possible for enough email to arrive at one time > > to fill that partition, but I have never seen it happen before now. > > > > But now that you have confirmed that is defintely the area that was > > full during that processing run, I can keep an eye on it and look > > into throwing some more disk at it. > > > > Thanks. > > > > > > > >>cd /var/spool/MailScanner/incoming > >>df -k . > >>df -i . > >> > >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > >> > >> > >>>Hi, > >>> > >>>MailScanner-4.41.3 > >>> > >>>I have got the following error twice in my logs. > >>> > >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: > >>>Cannot parse > >>>/var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , > >>>MIME::Parser: can't flush: No space left on device at > >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > >>> line 24. > >>> > >>>I understand that it is telling me that the device it is trying to > >>>flush to is too full. What I can't work out is which device as the > >>>partition that is /var has at least 3Gb free space at the moment. > >>> > >>>Is this trying to flush to a temp file on /tmp? As I could > >>>understand that getting too full. > >>> > >>> > >>>-- > >>>Anthony Peacock > >>>CHIME, Royal Free & University College Medical School > >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > >>>"I haven't lost my mind...I sold it on eBay!" > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. Before posting, read > >>>the Wiki (http://wiki.mailscanner.info/) and the archives > >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > >>mailscanner' in the body of the email. Before posting, read the Wiki > >>(http://wiki.mailscanner.info/) and the archives > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed Jun 1 10:02:11 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, he means the original message (which barfed the parser). I had the same thing for some time. Updated my unzip (tar / unrar etc ...) and the problem went away. bye, Chris ----- Original Message ----- From: "Nestor Burma" To: Sent: Wednesday, June 01, 2005 10:19 AM Subject: Re: Need to upgrade MailScanner ? Hi Julian, --- Julian Field a écrit: > No, you can probably safely ignore the warnings. I > would be interested to see the message though, so I > can fix the parser. Which message ? The one from ClamAv ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 10:08:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable release of MailScanner. The major new features this month are - Panda support completely rewritten (thanks to Rick Cooper!). - New options to tag Subject: line of HTML mail that has been disarmed. - Can now set the number of "Spam Lists" that are hit before the message is treated as spam. - Now passes the testvirus.org "null MIME-boundary" test. You can download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory"   setting contains any links. It also corrects the path (but not in the   MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from   this version if you want Sophos to work (both the sophos and sophossavi   scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU   tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl   point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not   ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest   releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now   provide the ability to alter the Subject: line if any HTML tags in the   body of the message were disarmed (by having their "Allow .... Tags" set   to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how   many Spam Lists a message must appear in before it is considered to be   spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. - Reversed spam and disarm tags to leave spam tag at start of Subject:. * Fixes* - Fixed problem that could cause harmless header files to be left in the   temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of   zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they   check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using   virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. - Fixed typo in upgrade_MailScanner_conf. - Made significant changes to child worker process management and re-spawning,   to try to avoid problems reported by a few users with MailScanner "slowly   stopping working" over the space of several hours. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 10:31:58 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, --- Christiaan den Besten a écrit: > No, he means the original message (which barfed the > parser). I had the same thing for some time. Updated > my unzip (tar / unrar etc > ...) and the problem went away. Oh... Silly me. I'm sending it to Julian off-list (I guess it's not really interesting for anyone else). -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 10:31:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Jules Installed - running, no immedidate issues.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been disarmed. > - Can now set the number of "Spam Lists" that are hit before the message > is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info > . > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from > this version if you want Sophos to work (both the sophos and sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in the > body of the message were disarmed (by having their "Allow .... Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned mail when > using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management and > re-spawning, > to try to avoid problems reported by a few users with MailScanner "slowly > stopping working" over the space of several hours. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Wed Jun 1 10:08:15 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: > > A third Spam level > > Currently I don't actually block (delete) any mail > regardless of I would > > have said a delete level except that I would want to be > able to set if > > it mark and forward to me during some fine tuning so being > able to use > > just a third level is best. > > However many levels I provide, people always ask for another > one :-) This is pretty easy to implement with a Custom Function. > Can I add to this? :) I'd really like to have multiple MCP matches. You mention using A custom function, and if you could point me in the right direction I would happily go and see what I can see. TIA R --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 11:01:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: On 1 Jun 2005, at 10:08, Gray, Richard wrote: >>> A third Spam level >>> Currently I don't actually block (delete) any mail >>> >> regardless of >> > I would > >>> have said a delete level except that I would want to be >>> >> able to set if >> >>> it mark and forward to me during some fine tuning so being >>> >> able to use >> >>> just a third level is best. >>> >> >> However many levels I provide, people always ask for another >> one :-) This is pretty easy to implement with a Custom Function. >> >> > > > Can I add to this? :) > > I'd really like to have multiple MCP matches. You mention using > A custom function, and if you could point me in the right direction > I would happily go and see what I can see. What do you mean? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Wed Jun 1 11:11:42 2005 From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 11:31 AM MailScanner mailing list wrote: > Jules > > Installed - running, no immedidate issues.. Same here. Moreover I just released the 4.42.9 port of FreeBSD. Should be available tomorrow. Jules I will send you an updated set of man pages off channel. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Wed Jun 1 11:02:55 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:29:51 2006 Subject: Changelog Date Message-ID: I see that the date for version 4.42.9 is a month behind.   Thanx for the great product   Christo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:16:44 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 10:12 AM MailScanner mailing list wrote: > Maybe make it generic enough so that I can plugin DSPAM and CRM114 > right there? :) Nice one. Should Julian not have anything more important to do during the next month I would like to second that wish! :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Wed Jun 1 11:20:09 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not sure if it should be considered a bug or now, but I thought I'd try upgrade_MailScanner_conf for a change rather than making the manual inpection, and noticed that it changed my local %variables% like %ss-report-dir% to %ssreportdir% - this meant that any of the rules files that referred to my original version would no longer work, and also that the use of these variables within the configuration file itself were unmodified, too! C:> This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:33:03 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mittwoch, 1. Juni 2005 2:22 Dennis Willson wrote: > I know I will probably get flamed for this Go away!!! Just kidding. Why should you be flamed? > (although this seems to be > a much better group about those sort of things that most of the lists > I have been on). We are doing our best. > A third Spam level As Julian pointed out you could do this via a custom function. I would suggest to raise your thresholds though and stick with two scores. Once you tune your SpamAssassin a bit you will see _very_ few false positives. In our setup low score is at 6 and high score at 15. We barely have any low scoring spam comming through and I do not even remember a high scoring spam being a false positive. > Multiple sets of Blacklists >     Currently I have MailScanner set to mark any email that is on any > of the blacklists as high level Spam and not to scan it with Spam > Assassin if it's already on a blacklist. Is your throughput that high you cannot afford to run SpamAssassin on all mails? Are you using those DNSBLs for tagging only or do you plan on deleting mail based on them? If so, let the MTA do this. Regards, JP > Also an API that allows me to write my own filter system that is > called by MailScanner similar to the way SpamAssassin is where I can > examine all the information in the email and come back with a score. > In MailScanner it would have the ability to define my module and > where in the list of modules (anti-virus, SA, etc...) it's used and > if it gets a high value whether or not to continue with the rest of > the modules. I agree with this one since it would make DSPAM plugins possible. But consider this: SpamAssassin says the mail is spam with score 6. Your filter systems says the mail is no spam. BTW: Is your filter system going to use scores or just say spam/nospam? How should MailScanner treat the mail? As spam? As ham? Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "diveflag.gif" Image/GIF 868bytes. ] [ Unable to print this part. ] From Jan-Peter.Koopmann at seceidos.de Wed Jun 1 11:36:59 2005 From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 10:10 AM MailScanner mailing list wrote: > No, you can probably safely ignore the warnings. I would be > interested to see the message though, so I can fix the parser. Let me add this one: 2005-06-01T12:34:35+0200 dns mail.info MailScanner MailScanner[61251]: Virus Scanning: McAfee found 2 infections 2005-06-01T12:34:35+0200 dns mail.info MailScanner MailScanner[61251]: UNRAR 3.40 freeware Copyright (c) 1993-2004 Alexander Roshal 2005-06-01T12:34:35+0200 dns mail.warning MailScanner MailScanner[61251]: ProcessClamAVOutput: unrecognised line \"UNRAR 3.40 freeware Copyright (c) 1993-2004 Alexander Roshal\". Please contact the authors! Obviously unrar changed its output. I am using a clamav-wrapper with external unrar. Regards, JP From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 11:39:59 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi all, This does look like a resource limitation for my machine, but I thought people might like to know some further information that I have found out. At exactly the same time that I got the original errors from MIME::Parser, I got the following as well... May 31 21:30:10 inetsrv-1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded So it does look like that part of the code uses /tmp, which is part of swap on this system, and fairly small. It looks like I might need to increase the space available to /tmp. # df -k /tmp Filesystem kbytes used avail capacity Mounted on swap 292984 392 292592 1% /tmp > Hi all, > > Thanks for the info. This must have been a transient problem > overnight as the partition seems fine now. > > For info: > > # cd /var/spool/MailScanner/incoming > # df -F ufs -o i . > Filesystem iused ifree %iused Mounted on > /dev/dsk/c0t0d0s1 7066 494054 1% /var > # > # df -k . > Filesystem kbytes used avail capacity Mounted on > /dev/dsk/c0t0d0s1 4032196 954531 3037344 24% /var > > It doesn't look to me like last night was a particularly busy night. > > But now that you have confirmed that the resource problem was on that > partition, it becomes a sysadmin job for me to keep an eye on and > provide more resource for this area. > > Thankyou to everyone for your help. > > > > Anthony > > > > not enough inodes left???? that will have the same effect.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Anthony Peacock wrote: > > > Hi Julian, > > > > > > Thanks for the response. I have already checked that, which is > > > how I know that there is ~3Gb free space there at the moment. > > > > > > I guess it would be possible for enough email to arrive at one > > > time to fill that partition, but I have never seen it happen > > > before now. > > > > > > But now that you have confirmed that is defintely the area that > > > was full during that processing run, I can keep an eye on it and > > > look into throwing some more disk at it. > > > > > > Thanks. > > > > > > > > > > > >>cd /var/spool/MailScanner/incoming > > >>df -k . > > >>df -i . > > >> > > >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > > >> > > >> > > >>>Hi, > > >>> > > >>>MailScanner-4.41.3 > > >>> > > >>>I have got the following error twice in my logs. > > >>> > > >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: > > >>>Cannot parse > > >>>/var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , > > >>>MIME::Parser: can't flush: No space left on device at > > >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > > >>> line 24. > > >>> > > >>>I understand that it is telling me that the device it is trying > > >>>to flush to is too full. What I can't work out is which device > > >>>as the partition that is /var has at least 3Gb free space at the > > >>>moment. > > >>> > > >>>Is this trying to flush to a temp file on /tmp? As I could > > >>>understand that getting too full. > > >>> > > >>> > > >>>-- > > >>>Anthony Peacock > > >>>CHIME, Royal Free & University College Medical School > > >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > >>>"I haven't lost my mind...I sold it on eBay!" > > >>> > > >>>------------------------ MailScanner list > > >>>------------------------ To unsubscribe, email > > >>>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in > > >>>the body of the email. Before posting, read the Wiki > > >>>(http://wiki.mailscanner.info/) and the archives > > >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>> > > >>>Support MailScanner development - buy the book off the website! > > >>> > > >>> > > >> > > >>-- > > >>Julian Field > > >>www.MailScanner.info > > >>Buy the MailScanner book at www.MailScanner.info/store > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> > > >>------------------------ MailScanner list ------------------------ > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>'leave mailscanner' in the body of the email. Before posting, read > > >>the Wiki (http://wiki.mailscanner.info/) and the archives > > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> > > >>Support MailScanner development - buy the book off the website! > > >> > > > > > > > > > > > > > ******************************************************************** > > ** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please > > notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ******************************************************************** > > ** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > All sweeping generalisations are false. > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:50:58 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks JP. Nice quick respons on keeping the FreeBSD port up to date. :-) Adri. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: 4.42.9 released > > > On Wednesday, June 01, 2005 11:31 AM MailScanner mailing list wrote: > > > Jules > > > > Installed - running, no immedidate issues.. > > Same here. Moreover I just released the 4.42.9 port of > FreeBSD. Should be available tomorrow. Jules I will send you > an updated set of man pages off channel. > > Regards, > JP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:52:49 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 12:51 PM MailScanner mailing list wrote: > Thanks JP. > > Nice quick respons on keeping the FreeBSD port up to date. :-) It took me weeks the last times so I figured this might be a way to make up for it! :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:52:05 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Feature Requests > > > On Wednesday, June 01, 2005 10:12 AM MailScanner mailing list wrote: > > > Maybe make it generic enough so that I can plugin DSPAM and CRM114 > > right there? :) > > Nice one. Should Julian not have anything more important to > do during the next month I would like to second that wish! :-) > > Regards, > JP May I give it the third approval? Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:56:12 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: 4.42.9 released > > > On Wednesday, June 01, 2005 12:51 PM MailScanner mailing list wrote: > > > Thanks JP. > > > > Nice quick respons on keeping the FreeBSD port up to date. :-) > > It took me weeks the last times so I figured this might be a > way to make up for it! :-) Much appreciated, since I prefer to wait for the new MailScanner port to become available and use portupgrade to do everything automagically.. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jun 1 12:18:52 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:52 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Hi! > hmm no Sophos on that check site. > > Anyway only 4 of the 18 AV engines on that site found something... > (etrust-vet, fortinet, Nod-32, Norman). >> >> So submit the ones its not picking up at virustotal.com :) Virus total submits them by the ones that didnt fint it, so i guess clam will pick it up asap. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 12:19:35 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:52 2006 Subject: FreeBSD port Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Much appreciated, since I prefer to wait for the new > MailScanner port to become available and use portupgrade to > do everything automagically.. BTW: I changed the port so that all archivers supported by clamav are now mandatory and automatically installed. Moreover clamav-wrapper is patched accordingly. Therefore a make renew-wrapper will give you that support now automatically. I just hope most people agree.. :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 12:24:20 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: FreeBSD port Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 13:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: FreeBSD port > > > > Much appreciated, since I prefer to wait for the new > > MailScanner port to become available and use portupgrade to > > do everything automagically.. > > BTW: I changed the port so that all archivers supported by > clamav are now mandatory and automatically installed. > Moreover clamav-wrapper is patched accordingly. Therefore a > > make renew-wrapper > > will give you that support now automatically. I just hope > most people agree.. :-) > > Regards, > JP JP, Thanks... I'll check for the port availability tomorrow and do a renew-wrapper manually afterwards. I'm currently using clamav-module, so it'll probably not do anything for me. I'll let you know if I detect any problems. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Wed Jun 1 12:54:52 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: I cleaned up my perl-installation today, but where's still the old Problem after 4 hours the mailscanner children dying of old age after receiving a last mail. New childs are created, but doesn't seem to be recognized by the Mailscanner correctly. Does the 4.42.9-version includes some changes to this behavior from 4.42.8 ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 12:55:50 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The following line never gets updated when I use upgrade_MailScanner_conf command MailScanner Version Number = 4.36.1 I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value ----- Original Message ----- From: "Julian Field" To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: 4.42.9 released Date: Wed, 1 Jun 2005 10:08:19 +0100 > > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been disarmed. > - Can now set the number of "Spam Lists" that are hit before the > message is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from > this version if you want Sophos to work (both the sophos and sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in the > body of the message were disarmed (by having their "Allow .... Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned mail when using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management and > re- spawning, > to try to avoid problems reported by a few users with MailScanner "slowly > stopping working" over the space of several hours. > > -- Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 14:25:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Definite bug.Please try the attached version of upgrade_MailScanner_conf and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Application/OCTET-STREAM (Name: ] [ "upgrade_MailScanner_conf") 8.6KB. ] [ Unable to print this part. ] [ Part 2.3: "Attached Text" ] [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1 Jun 2005, at 11:20, Chuck Foster wrote: Not sure if it should be considered a bug or now, but I thought I'd try upgrade_MailScanner_conf for a change rather than making the manual inpection, and noticed that it changed my local %variables% like %ss-report-dir% to %ssreportdir% - this meant that any of the rules files that referred to my original version would no longer work, and also that the use of these variables within the configuration file itself were unmodified, too!   --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 14:29:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: On 1 Jun 2005, at 12:54, Dirk Rieger wrote: > I cleaned up my perl-installation today, but where's still the old > Problem > after 4 hours the mailscanner children dying of old age after > receiving a > last mail. > New childs are created, but doesn't seem to be recognized by the > Mailscanner > correctly. > > Does the 4.42.9-version includes some changes to this behavior from > 4.42.8 ? Can't remember. Please confirm the problem still exists with 4.42.9. Though I still cannot recreate it, so don't hold your breath waiting for a fix. Sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 14:19:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > BG Mahesh wrote: > >>Few have responded that it is ok to have a high load average. >>However, if I can tune it well and good. hence I am still responding >>to few emails. >> > > (snipped stats that show a somewhat high load... But the sar and vmstat > show nothing special) > >> >>-- >>B.G. Mahesh >>bg.mahesh@indiainfo.com >>http://www.indiainfo.com/ > > > Count the processes in state D (non-interruptible wait state). I'm > sure you'll see that it is this that is "artificially pushing the load > upward" (each will add 1 to the load average). > > Unless you see large MS batches (in the maillog), your system seems to > be chugging along nicely. > Ugo draws the same conclusion. How many child process do you have configured? > -- Glenn > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Jun 1 14:35:44 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:52 2006 Subject: (exim) retry timeout exceeded - config problem? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [sent to the exim list as well - thought someone here might be able to help] Here is my situation. Using exim 4.34 built from freebsd-ports to do antivirus/antispam scanning (via MailScanner, of course :)) and sending all scanned mail to back-end mailhub via smart_route (manualroute). Anyway, this all works great when the mailhub that the mail is routed to is up and working. However, if that machine refuses connections on port 25 for whatever reason (or is just down completely), messages are not being queued up for the proper amount of time and are timing out immediately. My retry config (from configure_outgoing): # Domain Error Retries # ------ ----- ------- * * F,2d,1s; F,4d,6h I call exim two ways: /usr/local/sbin/exim -C /usr/local/etc/exim/configure_incoming -bd (exim-4.34-0) (for incoming messages) and: /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing -qff (exim-4.34-0) (to process the queue) Example from the mainlog: 2005-05-31 15:10:09 1DdD3x-0004pr-KN <= susanc@yahoo.com H=(yahoo.com) [207.104.211.110] P=esmtp S=17709 id=3246B18F59C6184EA13492A2E14783697BE220@tunxch01 2005-05-31 15:10:39 1DdD3x-0004pr-KN 68.91.137.174 [68.91.137.174]: Connection refused 2005-05-31 15:10:39 1DdD3x-0004pr-KN == tina.russell@mydomain.com R=customer_route T=remote_smtp defer (61): Connection refused 2005-05-31 15:10:39 1DdD3x-0004pr-KN ** tina.russell@mydomain.com: retry timeout exceeded 2005-05-31 15:10:39 1DdD4R-0004zk-A5 <= <> R=1DdD3x-0004pr-KN U=mailnull P=local S=18816 2005-05-31 15:10:39 1DdD3x-0004pr-KN Completed Any advice would be appreciated. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Wed Jun 1 14:45:58 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Are you running razor2 and postfix? if that is the case you are having the same problem i had, mine was that razor2 put it's log file into one of the postfix queues. Solution, set: logfile = /var/log/razor-agent.log in the razor config file. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 1. juni 2005 15:29 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail On 1 Jun 2005, at 12:54, Dirk Rieger wrote: > I cleaned up my perl-installation today, but where's still the old > Problem > after 4 hours the mailscanner children dying of old age after > receiving a > last mail. > New childs are created, but doesn't seem to be recognized by the > Mailscanner > correctly. > > Does the 4.42.9-version includes some changes to this behavior from > 4.42.8 ? Can't remember. Please confirm the problem still exists with 4.42.9. Though I still cannot recreate it, so don't hold your breath waiting for a fix. Sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 14:53:11 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 2:25:27 PM +0100 Julian Field wrote: > Definite bug. > Please try the attached version of upgrade_MailScanner_conf and let me > know how you get on. When I try this version I get this message : [root@hemlock etc]# ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > ./MailScanner.conf.new : bad interpreter: No such file or directorybin/perl The old one works fine. Just FYI. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 14:59:57 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: Julian Have installed 4.42.9 but the fix you announced for the "Delete" MCP action is not working. Test messages are being caught by MCP and are not delivered according to the logs but there is no explicit MCP "Delete" action record being logged. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 01 June 2005 10:08 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: 4.42.9 released I have just released the latest stable release of MailScanner. The major new features this month are - Panda support completely rewritten (thanks to Rick Cooper!). - New options to tag Subject: line of HTML mail that has been disarmed. - Can now set the number of "Spam Lists" that are hit before the message is treated as spam. - Now passes the testvirus.org "null MIME-boundary" test. You can download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now provide the ability to alter the Subject: line if any HTML tags in the body of the message were disarmed (by having their "Allow .... Tags" set to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how many Spam Lists a message must appear in before it is considered to be spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. - Reversed spam and disarm tags to leave spam tag at start of Subject:. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. - Fixed typo in upgrade_MailScanner_conf. - Made significant changes to child worker process management and re-spawning, to try to avoid problems reported by a few users with MailScanner "slowly stopping working" over the space of several hours. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:05:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: And if you just run upgrade_MailScanner_conf with no command-line parameters at all? On my system, it prints the usage, as it should. And post the output of head upgrade_MailScanner_conf as well. Sounds like either my or your email app has done something screwy. On 1 Jun 2005, at 14:53, Michael H. Martel wrote: > --On June 1, 2005 2:25:27 PM +0100 Julian Field > wrote: > > >> Definite bug. >> Please try the attached version of upgrade_MailScanner_conf and >> let me >> know how you get on. >> > > When I try this version I get this message : > > [root@hemlock etc]# ../bin/upgrade_MailScanner_conf /opt/ > MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > ./ > MailScanner.conf.new > : bad interpreter: No such file or directorybin/perl > > > The old one works fine. Just FYI. > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:09:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: According to the code, it should work for MCP but not for spam. This is weird. What are your MCP actions? And your Spam actions? On 1 Jun 2005, at 14:59, Quentin Campbell wrote: > Julian > > Have installed 4.42.9 but the fix you announced for the "Delete" MCP > action is not working. > > Test messages are being caught by MCP and are not delivered > according to > the logs but there is no explicit MCP "Delete" action record being > logged. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > > > > ________________________________ > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 01 June 2005 10:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner ANNOUNCE: 4.42.9 released > > > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been > disarmed. > - Can now set the number of "Spam Lists" that are hit before the > message is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work > Directory" > setting contains any links. It also corrects the path (but not > in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the > sophos-autoupdate from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for > gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and > /usr/bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and > are not > ignored. > - Panda support completely reimplemented a lot better by Rick > Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to > latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject > Text" now > provide the ability to alter the Subject: line if any HTML > tags in the > body of the message were disarmed (by having their "Allow .... > Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to > set how > many Spam Lists a message must appear in before it is > considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of > Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be > left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P > occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip > files. > - Fixed problem with "Delete" MCP action not being logged in > syslog. > - Fixed problem with the "null MIME boundary" vulnerability > test. > - Added check to upgrade_MailScanner_conf and > upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned > mail when using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh > scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management > and re-spawning, > to try to avoid problems reported by a few users with > MailScanner "slowly > stopping working" over the space of several hours. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 15:10:39 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Ugo draws the same conclusion. How many child process do you have > configured? > # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 I guess I have to change it to 10 and see how things work as we have a dual processor -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:16:25 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 3:05:50 PM +0100 Julian Field wrote: > And if you just run upgrade_MailScanner_conf with no command-line > parameters at all? > On my system, it prints the usage, as it should. > > And post the output of > head upgrade_MailScanner_conf > as well. > Sounds like either my or your email app has done something screwy. [root@hemlock bin]# ./upgrade_MailScanner_conf : bad interpreter: No such file or directoryerl [root@hemlock bin]# head upgrade_MailScanner_conf #!/usr/bin/perl # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # # $Id: upgrade_MailScanner_conf,v 1.1.2.16 2005/05/30 11:38:01 jkf Exp $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Wed Jun 1 15:18:25 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: thx for your hint - I'll try this if the 4hour bug still occures with the 4.42.9-version... - ruffly in 2 hours ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:18:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 2:25:27 PM +0100 Julian Field > wrote: > >> Definite bug. >> Please try the attached version of upgrade_MailScanner_conf and let >> me know how you get on. > > When I try this version I get this message : > > [root@hemlock etc]# ../bin/upgrade_MailScanner_conf > /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > > ./MailScanner.conf.new >> bad interpreter: No such file or directorybin/perl > > > The old one works fine. Just FYI. > > > > Michael Check that you don't have CR/LF wrong in the file. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:20:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 3:05:50 PM +0100 Julian Field > wrote: > >> And if you just run upgrade_MailScanner_conf with no command-line >> parameters at all? On my system, it prints the usage, as it should. >> >> And post the output of >> head upgrade_MailScanner_conf >> as well. >> Sounds like either my or your email app has done something screwy. > > [root@hemlock bin]# ./upgrade_MailScanner_conf >> bad interpreter: No such file or directoryerl > > [root@hemlock bin]# head upgrade_MailScanner_conf > #!/usr/bin/perl > > # > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > # $Id: upgrade_MailScanner_conf,v 1.1.2.16 2005/05/30 11:38:01 jkf > Exp $ # > # This program is free software; you can redistribute it and/or > modify # it under the terms of the GNU General Public License as > published by > > > > > > Michael Pipe the head command into od or hexdump... I'm sure you'll see an extra ^M (CR) character on the end of each line;-). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:21:47 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 3:05:50 PM +0100 Julian Field wrote: > Sounds like either my or your email app has done something screwy. Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS line breaks. Changing those to Unix line breaks works. We'll assume it was something that I did to the file. Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:22:41 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" wrote: > Pipe the head command into od or hexdump... I'm sure you'll see an extra > ^M (CR) character on the end of each line;-). How right you are. Now I wonder who put those there. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:28:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: On 1 Jun 2005, at 15:22, Michael H. Martel wrote: > --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" > wrote: > > >> Pipe the head command into od or hexdump... I'm sure you'll see an >> extra >> ^M (CR) character on the end of each line;-). >> > > How right you are. Now I wonder who put those there. Now I remember why I always gzip text files before mailing them to you all. Sorry about that, a corrected version is attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Wed Jun 1 15:24:27 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: It probably will die, if you have not removed the log file created by razor2 in the postfix queue "hold" i think it was. Med vennlig hilsen / Regards John Berntsen Omegadata AS Leangbukta 31 1392 Vettre Mobil 99 43 07 79 Telefon 66 76 61 00 Faks 66 76 61 01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dirk Rieger Sent: 1. juni 2005 16:18 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail thx for your hint - I'll try this if the 4hour bug still occures with the 4.42.9-version... - ruffly in 2 hours ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:25:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: BG Mahesh wrote: >> Ugo draws the same conclusion. How many child process do you have >> configured? >> > > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > I guess I have to change it to 10 and see how things work as we have > a dual processor > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ Might be a good idea, yes.... But your system isn't exactly "struggling under the load", now is it? Or do you have "large-ish" batches? If not, you perhaps shouldn't bust your guts to "solve the problem", since it really isn't there. Does the system ... "feel responsive"? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:27:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" > wrote: > >> Pipe the head command into od or hexdump... I'm sure you'll see an >> extra ^M (CR) character on the end of each line;-). > > How right you are. Now I wonder who put those there. > > > > Michael Probably the MUA, or copy'n'paste thing...? :-) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Wed Jun 1 15:28:44 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yup, that worked much better! The only other aesthetic observation I had from its output is that my empty strings have now all got an extra space on the end of them, which wasn't present in the distribution MailScanner.conf as well as my original either. Eg. Run As User= is now Rus As User= Oh, and the spacing for the options were blatted as well, but that isn't so important :-) C:> -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 01 June 2005 14:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner ANNOUNCE: 4.42.9 released Definite bug. Please try the attached version of upgrade_MailScanner_conf and let me know how you get on. ? On 1 Jun 2005, at 11:20, Chuck Foster wrote: > Not sure if it should be considered a bug or now, but I thought I'd > try upgrade_MailScanner_conf for a change rather than making the > manual inpection, and noticed that it changed my local %variables% > like %ss-report-dir% to %ssreportdir% - this meant that any of the > rules files that referred to my original version would no longer > work, and also that the use of these variables within the > configuration file itself were unmodified, too! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 15:21:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>Ugo draws the same conclusion. How many child process do you have >>configured? >> > > > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > I guess I have to change it to 10 and see how things work as we have a dual processor You can try it out, it might help or not though, depending on many factors. As other said, the message delay is the only factor that's always a good indication. Is this a dedicated MailScanner machine? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 15:50:13 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: Julian The Spam and MCP actions are shown below. I have interpolated parts of the contents of the two spam "Actions" rules file between the "cut here" lines. The logged MCP scores are all >= 10. Spam Actions = %rules-dir%/Spam_Actions.rules ------------ cut here To: *@unn.ac.uk deliver To: *@northumbria.ac.uk deliver To: *@qeliz.ac.uk deliver attachment To: *@stmarys-sfc.ac.uk deliver attachment To: cccc.dddd@newdur.ac.uk deliver attachment To: *@newdur.ac.uk deliver striphtml To: /aaaa.bbbb\@(ncl|newcastle)\.ac\.uk$/ deliver ## DO NOT EDIT BELOW THIS LINE - CHANGES WILL BE LOST To: xxxx.yyyy@ncl.ac.uk delete To: xxxx.yyyy@newcastle.ac.uk delete [hundreds of addresses of the above form] To: *@* deliver attachment ------------ cut here High Scoring Spam Actions = %rules-dir%/High_Scoring_Spam_Actions.rules ------------ cut here [similar records to contents of Spam_Actions.rules] ------------ cut here Non Spam Actions = deliver MCP Checks = yes First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = delete Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?!} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 01 June 2005 15:09 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed > >According to the code, it should work for MCP but not for spam. >This is weird. > >What are your MCP actions? And your Spam actions? > >On 1 Jun 2005, at 14:59, Quentin Campbell wrote: > >> Julian >> >> Have installed 4.42.9 but the fix you announced for the "Delete" MCP >> action is not working. >> >> Test messages are being caught by MCP and are not delivered >> according to >> the logs but there is no explicit MCP "Delete" action record being >> logged. >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> >---------------------------------------------------------------------- >> -- >> "Any opinion expressed above is mine. The University can get >its own." >> >> >> >> >> ________________________________ >> >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 10:08 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: MailScanner ANNOUNCE: 4.42.9 released >> >> >> I have just released the latest stable release of MailScanner. >> >> The major new features this month are >> >> - Panda support completely rewritten (thanks to Rick Cooper!). >> - New options to tag Subject: line of HTML mail that has been >> disarmed. >> - Can now set the number of "Spam Lists" that are hit before the >> message is treated as spam. >> - Now passes the testvirus.org "null MIME-boundary" test. >> >> You can download as usual from www.mailscanner.info. >> >> The full Change Log is this: >> >> * New Features and Improvements * >> - Now automatically detects and warns if the "Incoming Work >> Directory" >> setting contains any links. It also corrects the path (but not >> in the >> MailScanner.conf file) and continues to work properly. >> - Added support for Sophos 3.93.2. You must use the >> sophos-autoupdate from >> this version if you want Sophos to work (both the sophos and >> sophossavi >> scanner settings). >> - Tar and RPM distribution installation scripts now look for >> gtar if GNU >> tar was not found, and is happy if /usr/local/bin/perl and >> /usr/bin/perl >> point to the same place. >> - SophosSAVI errors are detected as if they were viruses, and >> are not >> ignored. >> - Panda support completely reimplemented a lot better by Rick >> Cooper. >> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >> latest >> releases. >> - New options "Disarmed Modify Subject" and "Disarmed Subject >> Text" now >> provide the ability to alter the Subject: line if any HTML >> tags in the >> body of the message were disarmed (by having their "Allow .... >> Tags" set >> to "disarm". This is switched on by default. >> - New option "Spam Lists To Be Spam" now provides the ability to >> set how >> many Spam Lists a message must appear in before it is >> considered to be >> spam. The default is 1 as that mimics the previous behaviour. >> - Improved output of SuSE MailScanner init.d script. >> - Reversed spam and disarm tags to leave spam tag at start of >> Subject:. >> >> * Fixes* >> - Fixed problem that could cause harmless header files to be >> left in the >> temporary working directories when using Postfix. >> - Fixed problem where attachment size checks were made on the >> contents of >> zip files and not just the zip files themselves. >> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >> occasionally. >> - No longer import missing whine method from MIME-tools. >> - Fixed problems with incomplete reporting of viruses in zip >> files. >> - Fixed problem with "Delete" MCP action not being logged in >> syslog. >> - Fixed problem with the "null MIME boundary" vulnerability >> test. >> - Added check to upgrade_MailScanner_conf and >> upgrade_langages_conf so they >> check to ensure all input files have content before starting. >> - Fixed bug where clean header was being applied to unscanned >> mail when using >> virus scanning rulesets. >> - Fixed wrong build number for 1 Perl module in install.sh >> scripts. >> - Fixed typo in upgrade_MailScanner_conf. >> - Made significant changes to child worker process management >> and re-spawning, >> to try to avoid problems reported by a few users with >> MailScanner "slowly >> stopping working" over the space of several hours. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 16:23:38 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > > > > # As a rough guide, try 5 children per CPU. But read the notes above. > > Max Children = 5 > > > > I guess I have to change it to 10 and see how things work as we > > have a dual processor > > You can try it out, it might help or not though, depending on many > factors. As other said, the message delay is the only factor that's > always a good indication. > > Is this a dedicated MailScanner machine? > Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 16:24:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: On 1 Jun 2005, at 15:50, Quentin Campbell wrote: > Julian > > The Spam and MCP actions are shown below. I have interpolated parts of > the contents of the two spam "Actions" rules file between the "cut > here" > lines. > > The logged MCP scores are all >= 10. > > > Spam Actions = %rules-dir%/Spam_Actions.rules > ------------ cut here > To: *@unn.ac.uk deliver > To: *@northumbria.ac.uk deliver > To: *@qeliz.ac.uk deliver > attachment > To: *@stmarys-sfc.ac.uk deliver > attachment > To: cccc.dddd@newdur.ac.uk deliver > attachment > To: *@newdur.ac.uk deliver > striphtml > To: /aaaa.bbbb\@(ncl|newcastle)\.ac\.uk$/ deliver > ## DO NOT EDIT BELOW THIS LINE - CHANGES WILL BE LOST > To: xxxx.yyyy@ncl.ac.uk delete > To: xxxx.yyyy@newcastle.ac.uk delete > [hundreds of addresses of the above form] You can shortcut this by using To: /etc/MailScanner/newcastle.addresses delete and then put the newcastle addresses, 1 per line into the newcastle.addresses file. That should make maintenance rather easier. > To: *@* deliver attachment > ------------ cut here > High Scoring Spam Actions = %rules-dir%/ > High_Scoring_Spam_Actions.rules > ------------ cut here > [similar records to contents of Spam_Actions.rules] > ------------ cut here > Non Spam Actions = deliver > > MCP Checks = yes > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = delete Your High-scoring MCP threshold is 10, but what are the scores of the MCP rules you are using? Are they 10 or above, or below? I haven't yet seen evidence that the High-scoring MCP threshold is actually reached. > Bounce MCP As Attachment = no > > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?!} > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = yes > Detailed MCP Report = yes > Include Scores In MCP Report = yes > Log MCP = yes > > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 15:09 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed >> >> According to the code, it should work for MCP but not for spam. >> This is weird. >> >> What are your MCP actions? And your Spam actions? >> >> On 1 Jun 2005, at 14:59, Quentin Campbell wrote: >> >> >>> Julian >>> >>> Have installed 4.42.9 but the fix you announced for the "Delete" MCP >>> action is not working. >>> >>> Test messages are being caught by MCP and are not delivered >>> according to >>> the logs but there is no explicit MCP "Delete" action record being >>> logged. >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> >>> >> --------------------------------------------------------------------- >> - >> >>> -- >>> "Any opinion expressed above is mine. The University can get >>> >> its own." >> >>> >>> >>> >>> >>> ________________________________ >>> >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 01 June 2005 10:08 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: MailScanner ANNOUNCE: 4.42.9 released >>> >>> >>> I have just released the latest stable release of MailScanner. >>> >>> The major new features this month are >>> >>> - Panda support completely rewritten (thanks to Rick Cooper!). >>> - New options to tag Subject: line of HTML mail that has been >>> disarmed. >>> - Can now set the number of "Spam Lists" that are hit before the >>> message is treated as spam. >>> - Now passes the testvirus.org "null MIME-boundary" test. >>> >>> You can download as usual from www.mailscanner.info. >>> >>> The full Change Log is this: >>> >>> * New Features and Improvements * >>> - Now automatically detects and warns if the "Incoming Work >>> Directory" >>> setting contains any links. It also corrects the path (but not >>> in the >>> MailScanner.conf file) and continues to work properly. >>> - Added support for Sophos 3.93.2. You must use the >>> sophos-autoupdate from >>> this version if you want Sophos to work (both the sophos and >>> sophossavi >>> scanner settings). >>> - Tar and RPM distribution installation scripts now look for >>> gtar if GNU >>> tar was not found, and is happy if /usr/local/bin/perl and >>> /usr/bin/perl >>> point to the same place. >>> - SophosSAVI errors are detected as if they were viruses, and >>> are not >>> ignored. >>> - Panda support completely reimplemented a lot better by Rick >>> Cooper. >>> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >>> latest >>> releases. >>> - New options "Disarmed Modify Subject" and "Disarmed Subject >>> Text" now >>> provide the ability to alter the Subject: line if any HTML >>> tags in the >>> body of the message were disarmed (by having their "Allow .... >>> Tags" set >>> to "disarm". This is switched on by default. >>> - New option "Spam Lists To Be Spam" now provides the ability to >>> set how >>> many Spam Lists a message must appear in before it is >>> considered to be >>> spam. The default is 1 as that mimics the previous behaviour. >>> - Improved output of SuSE MailScanner init.d script. >>> - Reversed spam and disarm tags to leave spam tag at start of >>> Subject:. >>> >>> * Fixes* >>> - Fixed problem that could cause harmless header files to be >>> left in the >>> temporary working directories when using Postfix. >>> - Fixed problem where attachment size checks were made on the >>> contents of >>> zip files and not just the zip files themselves. >>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>> occasionally. >>> - No longer import missing whine method from MIME-tools. >>> - Fixed problems with incomplete reporting of viruses in zip >>> files. >>> - Fixed problem with "Delete" MCP action not being logged in >>> syslog. >>> - Fixed problem with the "null MIME boundary" vulnerability >>> test. >>> - Added check to upgrade_MailScanner_conf and >>> upgrade_langages_conf so they >>> check to ensure all input files have content before starting. >>> - Fixed bug where clean header was being applied to unscanned >>> mail when using >>> virus scanning rulesets. >>> - Fixed wrong build number for 1 Perl module in install.sh >>> scripts. >>> - Fixed typo in upgrade_MailScanner_conf. >>> - Made significant changes to child worker process management >>> and re-spawning, >>> to try to avoid problems reported by a few users with >>> MailScanner "slowly >>> stopping working" over the space of several hours. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list >>> ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jun 1 16:54:31 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: sa-learn Message-ID: Yes, I see it every day on my sa-learn. Haven't figured it out. Jeff Earickson Colby College On Wed, 1 Jun 2005, ius wrote: > Date: Wed, 1 Jun 2005 14:21:16 +0700 > From: ius > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: sa-learn > > Hi, > > i'm trying to train the bayes with spam and ham. The spam was successful, but > the ham showed some errors (i think) : > > [root@alpha mail]# sa-learn --showdots --mbox --spam spam > ........................................................................................ > Learned from 87 message(s) (88 message(s) examined). > [root@alpha mail]# sa-learn --showdots --mbox --ham archive > .....Parsing of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .........................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > ..................................................................................................................................................................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .....................................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .......................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > ................................................................................... > Learned from 508 message(s) (527 message(s) examined). > [root@alpha mail]# > > anybody has seen these errors before ? > > > Thanks > ius > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 16:58:10 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 01 June 2005 16:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed > [snip] >Your High-scoring MCP threshold is 10, but what are the scores of the >MCP rules you are using? Are they 10 or above, or below? I haven't >yet seen evidence that the High-scoring MCP threshold is actually >reached. Julian Appended are the log records (there are just 3) for a message caught by MCP on a 4.42.9 system and which, because it scored 10, should be deleted. There are no further Sendmail records because MailScanner deleted it although it has not logged that fact. That is the bug! I am seeing the same bug when the score is 20 or 30. Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: from=, size=538, class=0, nrcpts=1, msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: to=, delay=00:00:00, mailer=esmtp, pri=30538, stat=queued Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 from 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 16:41:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>> >>># As a rough guide, try 5 children per CPU. But read the notes above. >>>Max Children = 5 >>> >>>I guess I have to change it to 10 and see how things work as we >>>have a dual processor >> >>You can try it out, it might help or not though, depending on many >>factors. As other said, the message delay is the only factor that's >>always a good indication. >> >>Is this a dedicated MailScanner machine? >> > > > Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail Cool, then don't worry too much about the load. I've seen systems with very high load running perfectly. Just make sure your delay is not too long and that your load isn't continuously going up. Cheers, Ugo > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 17:11:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: On 1 Jun 2005, at 16:58, Quentin Campbell wrote: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 16:25 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed >> >> > [snip] > >> Your High-scoring MCP threshold is 10, but what are the scores of the >> MCP rules you are using? Are they 10 or above, or below? I haven't >> yet seen evidence that the High-scoring MCP threshold is actually >> reached. >> > > Julian > > Appended are the log records (there are just 3) for a message > caught by > MCP on a 4.42.9 system and which, because it scored 10, should be > deleted. There are no further Sendmail records because MailScanner > deleted it although it has not logged that fact. That is the bug! > > I am seeing the same bug when the score is 20 or 30. > > Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: > from=, size=538, class=0, nrcpts=1, > msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, > daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] > Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: > to=, delay=00:00:00, mailer=esmtp, pri=30538, > stat=queued > Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 > from > 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, > MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) Do you get the "delete" spam action logged at all? Clearly the "delete" mcp action isn't being logged how I intended. I will have to take a look at that bit. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:05:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: "No space left on device" Which device? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > Hi Julian, > > Thanks for the response. I have already checked that, which is how I > know that there is ~3Gb free space there at the moment. > > I guess it would be possible for enough email to arrive at one time > to fill that partition, but I have never seen it happen before now. > > But now that you have confirmed that is defintely the area that was > full during that processing run, I can keep an eye on it and look > into throwing some more disk at it. > Do you have /var/spool/MailScanner/incoming mapped to tmpfs? This could cause this if too large a batch is done at once. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:53:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > --On June 1, 2005 3:05:50 PM +0100 Julian Field > wrote: > >> Sounds like either my or your email app has done something screwy. > > > Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS > line breaks. Changing those to Unix line breaks works. > > We'll assume it was something that I did to the file. The copy I got from the e-mail has dos line breaks also. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 1 18:06:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:52 2006 Subject: sa-learn Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's a nuisance, but it's a non-issue and doesn't affect accuracy or normal operation of SA. It's been fixed in the devel trunk, but the fix is just to catch the warning and prevent it from being printed. http://bugzilla.spamassassin.org/show_bug.cgi?id=4046 Jeff A. Earickson wrote: > Yes, I see it every day on my sa-learn. Haven't figured it out. > >> i'm trying to train the bayes with spam and ham. The spam was >> successful, but the ham showed some errors (i think) : >> >> [root@alpha mail]# sa-learn --showdots --mbox --spam spam >> ........................................................................................ >> >> Learned from 87 message(s) (88 message(s) examined). >> [root@alpha mail]# sa-learn --showdots --mbox --ham archive >> .....Parsing of undecoded UTF-8 will give garbage when decoding >> entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm >> line 182. >> >> anybody has seen these errors before ? >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:57:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: > The following line never gets updated when I use upgrade_MailScanner_conf command > > MailScanner Version Number = 4.36.1 > > I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value > I think that is intentional. It tells you the version you installed, not the version you upgraded to. I don't know why, but I'm sure Julian has his reasons. I usually just fix it anytime I manually change something in the config. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 18:21:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Michael H. Martel wrote: > > >>--On June 1, 2005 3:05:50 PM +0100 Julian Field >> wrote: >> >> >> >>>Sounds like either my or your email app has done something screwy. >>> >>> >>Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS >>line breaks. Changing those to Unix line breaks works. >> >>We'll assume it was something that I did to the file. >> >> >The copy I got from the e-mail has dos line breaks also. > > See my gzipped repost. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 18:38:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >BG Mahesh wrote: > > >>The following line never gets updated when I use upgrade_MailScanner_conf command >> >>MailScanner Version Number = 4.36.1 >> >>I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value >> >> >> >I think that is intentional. It tells you the version you installed, not >the version you upgraded to. I don't know why, but I'm sure Julian has >his reasons. >I usually just fix it anytime I manually change something in the config. > > It's actually a bug. The "MailScanner Version Number" setting is the only one that should *not* be copied over from the old version of the file. Attached is a fixed version. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] From rpoe at PLATTESHERIFF.ORG Wed Jun 1 21:12:25 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:29:52 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: Hey...I think William Kwan is going to ... nevermind .. you know. ;) (I couldn't resist .. sorry!) >>> MailScanner@ECS.SOTON.AC.UK 5/26/2005 9:09 AM >>> For info, I have just suspended his membership. On 26 May 2005, at 15:03, William Kwan wrote: > I will be out of the office starting 13/05/2005 and will not return > until 30/05/2005. > > I will respond to your message when I return. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Wed Jun 1 23:10:55 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: On Wed, 1 Jun 2005, Julian Field wrote: > It's actually a bug. The "MailScanner Version Number" setting is the > only one that should *not* be copied over from the old version of the file. > Attached is a fixed version. I'll wait for 4.42.10 :-) -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 23:59:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> BG Mahesh wrote: >> >> >>> The following line never gets updated when I use >>> upgrade_MailScanner_conf command >>> >>> MailScanner Version Number = 4.36.1 >>> >>> I think upgrade utility is missing out in updating the above value. >>> It doesn't hurt the working of MailScanner but it would be nice to >>> see the correct value >>> >>> >> >> I think that is intentional. It tells you the version you installed, not >> the version you upgraded to. I don't know why, but I'm sure Julian has >> his reasons. >> I usually just fix it anytime I manually change something in the config. >> >> > It's actually a bug. The "MailScanner Version Number" setting is the > only one that should *not* be copied over from the old version of the file. > > Attached is a fixed version. > It has been there so long, I thought it was a "feature". I guess it isn't broken until someone trips over it and says something. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Thu Jun 2 08:01:05 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:52 2006 Subject: Feature Requests Message-ID: > >> > >> > > > > > > Can I add to this? :) > > > > I'd really like to have multiple MCP matches. You mention using A > > custom function, and if you could point me in the right direction I > > would happily go and see what I can see. > > What do you mean? I would like to be able to use several different rulesets and get back a Separate MCP score for each. Basically, I have a list of pornographic swearwords, and a list of racial Swearwords and I would like to get a separate score for each message with Respect to the content. I imagine I would need to find the MCP function and variables and just Repeat those for however many different sets needed, but at the minute I'm Strictly a mailscanner user, and haven't looked at the code at all. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jun 2 08:25:54 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: [snip] >> Appended are the log records (there are just 3) for a message >> caught by >> MCP on a 4.42.9 system and which, because it scored 10, should be >> deleted. There are no further Sendmail records because MailScanner >> deleted it although it has not logged that fact. That is the bug! >> >> I am seeing the same bug when the score is 20 or 30. >> >> Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: >> from=, size=538, class=0, nrcpts=1, >> msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, >> daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] >> Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: >> to=, delay=00:00:00, mailer=esmtp, pri=30538, >> stat=queued >> Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 >> from >> 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, >> MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) > >Do you get the "delete" spam action logged at all? >Clearly the "delete" mcp action isn't being logged how I intended. I >will have to take a look at that bit. Julian I am not seeing the MCP delete action being logged with the rest of the MailScanner and Sendmail records. The message has clearly been deleted however. Those three records above are all the records logged for message ID j51DkTbp014718. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Thu Jun 2 09:04:04 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: after removing the razor-agent.log from the postfix-hold-queue the MailScanner doesn't hang anymore. - But now I see an other question: Since I first updated MailScanner a few days ago to a version > 4.40 razor doesn't seem to run anymore at all. At least I don't get new entries to the razor-agent.log or better a new razor-agent.log at all somewhere. Is razor called with the user MailScanner is running with or as root ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 09:14:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: On 2 Jun 2005, at 09:04, Dirk Rieger wrote: > after removing the razor-agent.log from the postfix-hold-queue the > MailScanner doesn't hang anymore. - But now I see an other question: > Since I first updated MailScanner a few days ago to a version > > 4.40 razor > doesn't seem to run anymore at all. At least I don't get new > entries to the > razor-agent.log or better a new razor-agent.log at all somewhere. > > Is razor called with the user MailScanner is running with or as root ? The user MailScanner is running as. It will by default have a .razor directory in that user's home directory. Run it in Debug mode with Debug SpamAssassin as well and see what is going on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 09:12:58 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: "No space left on device" Which device? Message-ID: Hi, > Anthony Peacock wrote: > > Hi Julian, > > > > Thanks for the response. I have already checked that, which is how > > I know that there is ~3Gb free space there at the moment. > > > > I guess it would be possible for enough email to arrive at one time > > to fill that partition, but I have never seen it happen before now. > > > > But now that you have confirmed that is defintely the area that was > > full during that processing run, I can keep an eye on it and look > > into throwing some more disk at it. > > > > Do you have /var/spool/MailScanner/incoming mapped to tmpfs? > This could cause this if too large a batch is done at once. No, it is on a disk partition. It does share the same disk partition as the mail queues etc, so there could have been an event that temporarily filled that partition. However, see my other email about the error in the system log about /tmp being full. I suspect, but haven't had the time to check, that somewhere in the MIME:Parser stuff it uses a temporary file, and that filled the /tmp area. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Thu Jun 2 09:15:16 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: If you are running postfix it is running as user postfix at least on my suse box, make sure that razor2 finds the config file you have created and that user postfix has the rights to write to it. Do a lint test with spamassassin and see where razor expects to find it's config file. Med vennlig hilsen / Regards John Berntsen Omegadata AS Leangbukta 31 1392 Vettre Mobil 99 43 07 79 Telefon 66 76 61 00 Faks 66 76 61 01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dirk Rieger Sent: 2. juni 2005 10:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail after removing the razor-agent.log from the postfix-hold-queue the MailScanner doesn't hang anymore. - But now I see an other question: Since I first updated MailScanner a few days ago to a version > 4.40 razor doesn't seem to run anymore at all. At least I don't get new entries to the razor-agent.log or better a new razor-agent.log at all somewhere. Is razor called with the user MailScanner is running with or as root ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 09:15:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Dirk I gue razor will be called via the user MS is running as, as it will be called from SA... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dirk Rieger wrote: > after removing the razor-agent.log from the postfix-hold-queue the > MailScanner doesn't hang anymore. - But now I see an other question: > Since I first updated MailScanner a few days ago to a version > 4.40 razor > doesn't seem to run anymore at all. At least I don't get new entries to the > razor-agent.log or better a new razor-agent.log at all somewhere. > > Is razor called with the user MailScanner is running with or as root ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 09:23:03 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Julian Field wrote: > On 2 Jun 2005, at 09:04, Dirk Rieger wrote: > >> after removing the razor-agent.log from the postfix-hold-queue the >> MailScanner doesn't hang anymore. - But now I see an other question: >> Since I first updated MailScanner a few days ago to a version > >> 4.40 razor >> doesn't seem to run anymore at all. At least I don't get new >> entries to the >> razor-agent.log or better a new razor-agent.log at all somewhere. >> >> Is razor called with the user MailScanner is running with or as root >> ? > > The user MailScanner is running as. It will by default have a .razor > directory in that user's home directory. Run it in Debug mode with > Debug SpamAssassin as well and see what is going on. With postfix running in a chroot jail, your postfix user usually don't have write permission to its $HOME (and here is where the razor log error arises from too). There are several ways to rectify this, most have been covered on this list before... Simply create the dirs and make them owned by the user, or perhaps better do su - postfix -s /bin/bash and then run through discoveries for razor, pyzor and dcc (if you use 'em all:). If you'd like to cron the discoveries, just make sure they're run as the postfix user. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Thu Jun 2 10:31:26 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: I reconfigured Razor2 to run as the MailScanner-user. Now everything works. It was a bit weird because when implementig the server Postfix was configured to run with SpamAssassin/Razor2 without MailScanner. After implementing MailScanner Razor wasn't reconfigured but still running without any complains over months - as the agent-log says. So without having the configuration-files for razor, razor wrote it's log to the postfix-hold-queue...and at least blocked MailScanner after 4 hours ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 11:48:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Make sure you do a razor-admin -discover every night too. Otherwise it may break at some random point in the future. On 2 Jun 2005, at 10:31, Dirk Rieger wrote: > I reconfigured Razor2 to run as the MailScanner-user. Now > everything works. > It was a bit weird because when implementig the server Postfix was > configured to run with SpamAssassin/Razor2 without MailScanner. > After implementing MailScanner Razor wasn't reconfigured but still > running > without any complains over months - as the agent-log says. So without > having the configuration-files for razor, razor wrote it's log to the > postfix-hold-queue...and at least blocked MailScanner after 4 hours -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Thu Jun 2 13:43:15 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:52 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 14:04:38 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: SV: McAfee uvscan libary oddity Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On a mandrake 10.1, but anyway....: # strings uvscan | grep libstdc++ libstdc++.so.5 # ldd uvscan linux-gate.so.1 => (0xffffe000) liblnxfv.so.4 => /usr/local/lib/liblnxfv.so.4 (0x40016000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x40270000) libm.so.6 => /lib/tls/libm.so.6 (0x40330000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40353000) libc.so.6 => /lib/tls/libc.so.6 (0x4035d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4504 created Jun 01 2005 Scanning for 129164 viruses, trojans and variants. # .... installed fron the vlnxp4400.tar.Z package. If you use the other package (which is for 2.2 and 2.4 kernel) you have the stdc++-2.8 requirement, not if you use the "p" package;). A somewhat obtuse note about this is actually in the wiki (well, the diff between the packages, which would then lead to deducung that this isn't a requirement other than on really old systems...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Tom Combs Skickat: to 2005-06-02 14:43 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: McAfee uvscan libary oddity Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 14:13:35 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: SV: McAfee uvscan libary oddity Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here's a wiki ref: http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:mcafee:install (all on one line of course) -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Steen, Glenn Skickat: to 2005-06-02 15:04 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: SV: McAfee uvscan libary oddity On a mandrake 10.1, but anyway....: # strings uvscan | grep libstdc++ libstdc++.so.5 # ldd uvscan linux-gate.so.1 => (0xffffe000) liblnxfv.so.4 => /usr/local/lib/liblnxfv.so.4 (0x40016000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x40270000) libm.so.6 => /lib/tls/libm.so.6 (0x40330000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40353000) libc.so.6 => /lib/tls/libc.so.6 (0x4035d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4504 created Jun 01 2005 Scanning for 129164 viruses, trojans and variants. # .... installed fron the vlnxp4400.tar.Z package. If you use the other package (which is for 2.2 and 2.4 kernel) you have the stdc++-2.8 requirement, not if you use the "p" package;). A somewhat obtuse note about this is actually in the wiki (well, the diff between the packages, which would then lead to deducung that this isn't a requirement other than on really old systems...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Tom Combs Skickat: to 2005-06-02 14:43 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: McAfee uvscan libary oddity Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at wozenilek.de Thu Jun 2 14:13:50 2005 From: mail at wozenilek.de (Martin Wozenilek) Date: Thu Jan 12 21:29:52 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are two different downloads from mcafee: - McAfee VirusScan Command Line Scanner for Linux - McAfee VirusScan Command Line Scanner for RedHat 9 and Suse 8.x Linux http://www.mcafeesecurity.com/de/downloads/evals/default.asp Bye, -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: mail@wozenilek.de PGP-Key-ID: 0x00105C52 > ----- Original Message ----- > Subject: McAfee uvscan libary oddity > From: Tom Combs > To: MAILSCANNER@JISCMAIL.AC.UK > Date: 02-06-2005 14:43 > > > Hi, > > I'm in the process of upgrading my uvscan engine to 4400 from 4320 on > a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very > old version. The old 4320 engine looks for libstdc++.so.5. > > Would someone who is runing uvscan engine 4400 kindly do a 'strings > uvscan | grep libstdc++' and let me know what you get? TIA, Tom > > -- > Tom Combs E-mail: combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Thu Jun 2 15:13:33 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:52 2006 Subject: Newlines in language strings Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, One of the patches I need to apply to each new version of MailScanner is a notification message that I wish to place at the top of each message generated in the MessageBatch::WarnLocalPostmaster function. Now, in principle I could get around having to patch the code by using the 'noticeprefix' language string instead; however, that doesn't allow interpret newlines so I couldn't use this in the way I wanted for that. Now, how much pain could it cause elsewhere to have the string returned checked for newlines and subsequently used in output? Indeed, what if that is taken a step further for %percent% and ENV vars too? I was thinking something like: sub DoLineExpansion { # like DoPercentVars but with ENV too my ($string) = @_; $string =~ s/\%([^%]+)\%/$PercentVars{lc($1)}/g; $string =~ s/\$\{?(\w+)\}?/$ENV{$1}/g; $string =~ s/\\n/\n/g; $string; } sub LanguageValue { return &DoLineExpansion( FindLanguageValue( @_ ) ); } ... where the original LanguageValue function is renamed FindLanguageValue; thus, I could then have a line in languages.conf like: Notice Prefix: This is a line blah blah\nwith text on another line\nFrom %org-long-name% What could go horribly wrong ... ?!!! (I guess this expansion could probably be extended to Value() and QuickPeek() too at some point ...) Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 16:35:28 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 (clamavmodule). A password protected Excel spreadsheet is getting stopped by Sophos with the MailScanner report saying: SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) and the user is howling because they can't email their spreadsheet. I ran the Excel file thru sweep by hand, eg: === Checking 94237001F.xls with Sophos sweep SWEEP virus detection utility Version 3.94.0 [Solaris/SPARC] Virus data version 3.94, June 2005 Includes detection for 105167 viruses, trojans and worms Copyright (c) 1989-2005 Sophos Plc, www.sophos.com System time 11:03:52, System date 02 June 2005 Command line qualifiers are: -sc -f -all -rec -archive -loopback --no-follow-symlinks --no-reset-atime -tnef (BTW, do these settings match MS? Where to find them in MS?) IDE directory is: /opt/sophos/ide ..... Full Sweeping Password protected file 94237001F.xls 1 file swept in 3 seconds. 1 error was encountered. No viruses were discovered. 1 encrypted file was not checked. End of Sweep. And sweep gives back a return code of 2. This problem just started in the last month, eg Sophos 3.93.2 and 3.94 releases. The user has a spreadsheet where the Tools -> Protection -> Protect Sheet feature of Excel has been used and a password was entered here. She doesn't know the password. We cracked it and an unprotected version of the file gets a zero return code from Sophos. ClamAV has no problems with either version of the file. I have "Block Encrypted Messages = no" in the MailScanner.conf file. Suggestions please? Anything that could be done with MailScanner? Does MS only look at zero/non-zero return codes from the virus scanners to determine virus or not? Or does it consider non-zero return codes, eg "2 means encrypted" (I'm guessing here)? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 16:38:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Newlines in language strings Message-ID: Please try the attached Config.pm. I have implemented \n everywhere. I did it differently from your version, mine should be very slightly faster. Please let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 26KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] On 2 Jun 2005, at 15:13, Chuck Foster wrote: > Hi, > > One of the patches I need to apply to each new version of > MailScanner is a > notification message that I wish to place at the top of each message > generated in the MessageBatch::WarnLocalPostmaster function. Now, in > principle I could get around having to patch the code by using the > 'noticeprefix' language string instead; however, that doesn't allow > interpret newlines so I couldn't use this in the way I wanted for > that. > > Now, how much pain could it cause elsewhere to have the string > returned > checked for newlines and subsequently used in output? Indeed, what > if that > is taken a step further for %percent% and ENV vars too? I was thinking > something like: > > > sub DoLineExpansion { # like DoPercentVars but with ENV too > my ($string) = @_; > $string =~ s/\%([^%]+)\%/$PercentVars{lc($1)}/g; > $string =~ s/\$\{?(\w+)\}?/$ENV{$1}/g; > $string =~ s/\\n/\n/g; > $string; > } > > sub LanguageValue { return &DoLineExpansion( FindLanguageValue > ( @_ ) ); } > > > ... where the original LanguageValue function is renamed > FindLanguageValue; > thus, I could then have a line in languages.conf like: > > Notice Prefix: This is a line blah blah\nwith text on another > line\nFrom %org-long-name% > > What could go horribly wrong ... ?!!! > > (I guess this expansion could probably be extended to Value() and > QuickPeek() too at some point ...) > > Chuck > > > This message should be regarded as confidential. If you have > received this > email in error please notify the sender and destroy it immediately. > Statements of intent shall only become binding when confirmed in > hard copy > by an authorized signatory. > > > -- > This message has been scanned for viruses and potentially > harmful content by StreamShield Protector. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 16:43:51 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Hi, I would first have a look at the following MailScanner configuration setting: "Allowed Sophos Error Messages =" > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted > (530) > > and the user is howling because they can't email their spreadsheet. I > ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utility > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started in > the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect > Sheet feature of Excel has been used and a password was entered here. > She doesn't know the password. We cracked it and an unprotected > version of the file gets a zero return code from Sophos. ClamAV has > no problems with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus > scanners to determine virus or not? Or does it consider non-zero > return codes, eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 16:50:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: The Sophos command-line switches (for the 'sophos' scanner) are -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks --no- reset-atime -TNEF You find them from the "ScanOptions" + "CommonOptions" in SweepViruses.pm + whatever may be specified in addition in /usr/lib/ MailScanner/sophos-wrapper. For the sophossavi scanner, the options are set by this bit of code: my @options = qw( FullSweep DynamicDecompression FullMacroSweep OLE2Handling IgnoreTemplateBit VBA3Handling VBA5Handling OF95DecryptHandling HelpHandling DecompressVBA5 Emulation PEHandling ExcelFormulaHandling PowerPointMacroHandling PowerPointEmbeddedHandling ProjectHandling ZipDecompression ArjDecompression RarDecompression UueDecompression GZipDecompression TarDecompression CmzDecompression HqxDecompression MbinDecompression !LoopBackEnabled Lha SfxArchives MSCabinet TnefAttachmentHandling MSCompress !DeleteAllMacros Vbe !ExecFileDisinfection VisioFileHandling Mime ActiveMimeHandling !DelVBA5Project ScrapObjectHandling SrpStreamHandling Office2001Handling Upx PalmPilotHandling HqxDecompression Pdf Rtf Html Elf WordB OutlookExpress ); my $error = $SAVI->set('MaxRecursionDepth', 30, 1); The "Encrypted Messages" options in MailScanner are designed to pick up things like SMIME messages and PGP encrypted messages. They are not relevant to your problem here. What I suspect you are looking for is the "Allowed Sophos Error Messages" option in MailScanner.conf. The doc for this is: # Anything on the next line that appears in brackets at the end of a line # of output from Sophos will cause the error/infection to be ignored. # Use of this option is dangerous, and should only be used if you are having # trouble with lots of corrupt PDF files, for example. # If you need to specify more than 1 string to find in the error message, # then put each string in quotes and separate them with a comma. # For example: #Allowed Sophos Error Messages = "corrupt", "format not supported" Let me know if this helps or whether you actually need a change in the MailScanner code. The allowed-error-messages code was written quite a long time ago, and Sophos may have changed their output since, making this option useless to you. On 2 Jun 2005, at 16:35, Jeff A. Earickson wrote: > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) > > and the user is howling because they can't email their spreadsheet. > I ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utility > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started > in the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect > Sheet > feature of Excel has been used and a password was entered here. She > doesn't know the password. We cracked it and an unprotected version > of the file gets a zero return code from Sophos. ClamAV has no > problems with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus > scanners > to determine virus or not? Or does it consider non-zero return codes, > eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 16:49:20 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Oh happy day! Would I just set this to: Allowed Sophos Error Messages = "File was encrypted" That's it?? Jeff On Thu, 2 Jun 2005, Anthony Peacock wrote: > Date: Thu, 2 Jun 2005 16:43:51 +0100 > From: Anthony Peacock > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > Hi, > > I would first have a look at the following MailScanner configuration > setting: > > "Allowed Sophos Error Messages =" > >> Julian, >> >> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 >> (clamavmodule). >> >> A password protected Excel spreadsheet is getting stopped by Sophos >> with the MailScanner report saying: >> >> SophosSAVI: 94237001F.xls caused an error: File was encrypted >> (530) >> >> and the user is howling because they can't email their spreadsheet. I >> ran the Excel file thru sweep by hand, eg: >> >> === Checking 94237001F.xls with Sophos sweep >> SWEEP virus detection utility >> Version 3.94.0 [Solaris/SPARC] >> Virus data version 3.94, June 2005 >> Includes detection for 105167 viruses, trojans and worms >> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com >> >> System time 11:03:52, System date 02 June 2005 >> Command line qualifiers are: -sc -f -all -rec -archive -loopback >> --no-follow-symlinks --no-reset-atime -tnef >> >> (BTW, do these settings match MS? Where to find them in MS?) >> >> IDE directory is: /opt/sophos/ide >> ..... >> Full Sweeping >> >> Password protected file 94237001F.xls >> >> 1 file swept in 3 seconds. >> 1 error was encountered. >> No viruses were discovered. >> 1 encrypted file was not checked. >> End of Sweep. >> >> And sweep gives back a return code of 2. This problem just started in >> the last month, eg Sophos 3.93.2 and 3.94 releases. >> >> The user has a spreadsheet where the Tools -> Protection -> Protect >> Sheet feature of Excel has been used and a password was entered here. >> She doesn't know the password. We cracked it and an unprotected >> version of the file gets a zero return code from Sophos. ClamAV has >> no problems with either version of the file. >> >> I have "Block Encrypted Messages = no" in the MailScanner.conf file. >> >> Suggestions please? Anything that could be done with MailScanner? >> Does MS only look at zero/non-zero return codes from the virus >> scanners to determine virus or not? Or does it consider non-zero >> return codes, eg "2 means encrypted" (I'm guessing here)? >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "It is easy to be blinded to the essential uselessness of > computers by the sense of accomplishment you get from > getting them to work at all." -- Douglas Adams > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 16:55:05 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Hi, > Oh happy day! Would I just set this to: > > Allowed Sophos Error Messages = "File was encrypted" > > That's it?? I haven't used it for this particular error message, but did use it a while back for "Corrupt". What you have above would fit the documented behaviour of that setting. > > Jeff > > On Thu, 2 Jun 2005, Anthony Peacock wrote: > > > Date: Thu, 2 Jun 2005 16:43:51 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner mailing list To: > > MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos killing protected > > Excel spreadsheets > > > > Hi, > > > > I would first have a look at the following MailScanner configuration > > setting: > > > > "Allowed Sophos Error Messages =" > > > >> Julian, > >> > >> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav > >> 0.85.1 (clamavmodule). > >> > >> A password protected Excel spreadsheet is getting stopped by Sophos > >> with the MailScanner report saying: > >> > >> SophosSAVI: 94237001F.xls caused an error: File was encrypted > >> (530) > >> > >> and the user is howling because they can't email their spreadsheet. > >> I ran the Excel file thru sweep by hand, eg: > >> > >> === Checking 94237001F.xls with Sophos sweep > >> SWEEP virus detection utility > >> Version 3.94.0 [Solaris/SPARC] > >> Virus data version 3.94, June 2005 > >> Includes detection for 105167 viruses, trojans and worms > >> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > >> > >> System time 11:03:52, System date 02 June 2005 > >> Command line qualifiers are: -sc -f -all -rec -archive > >> -loopback > >> --no-follow-symlinks --no-reset-atime -tnef > >> > >> (BTW, do these settings match MS? Where to find them in > >> MS?) > >> > >> IDE directory is: /opt/sophos/ide > >> ..... > >> Full Sweeping > >> > >> Password protected file 94237001F.xls > >> > >> 1 file swept in 3 seconds. > >> 1 error was encountered. > >> No viruses were discovered. > >> 1 encrypted file was not checked. > >> End of Sweep. > >> > >> And sweep gives back a return code of 2. This problem just started > >> in the last month, eg Sophos 3.93.2 and 3.94 releases. > >> > >> The user has a spreadsheet where the Tools -> Protection -> Protect > >> Sheet feature of Excel has been used and a password was entered > >> here. She doesn't know the password. We cracked it and an > >> unprotected version of the file gets a zero return code from > >> Sophos. ClamAV has no problems with either version of the file. > >> > >> I have "Block Encrypted Messages = no" in the MailScanner.conf > >> file. > >> > >> Suggestions please? Anything that could be done with MailScanner? > >> Does MS only look at zero/non-zero return codes from the virus > >> scanners to determine virus or not? Or does it consider non-zero > >> return codes, eg "2 means encrypted" (I'm guessing here)? > >> > >> Jeff Earickson > >> Colby College > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. Before posting, read > >> the Wiki (http://wiki.mailscanner.info/) and the archives > >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "It is easy to be blinded to the essential uselessness of > > computers by the sense of accomplishment you get from > > getting them to work at all." -- Douglas Adams > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 17:04:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: On 2 Jun 2005, at 16:55, Anthony Peacock wrote: > Hi, > > >> Oh happy day! Would I just set this to: >> >> Allowed Sophos Error Messages = "File was encrypted" >> >> That's it?? >> > > I haven't used it for this particular error message, but did use it a > while back for "Corrupt". > > What you have above would fit the documented behaviour of that > setting. The "Allowed Sophos Error Messages" is currently not applied to the sophossavi scanner, only the sophos scanner. Would you like me to add some code to implement the same support in sophossavi? >> On Thu, 2 Jun 2005, Anthony Peacock wrote: >>> Date: Thu, 2 Jun 2005 16:43:51 +0100 >>> From: Anthony Peacock >>> Reply-To: MailScanner mailing list To: >>> MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos killing protected >>> Excel spreadsheets >>> >>> Hi, >>> >>> I would first have a look at the following MailScanner configuration >>> setting: >>> >>> "Allowed Sophos Error Messages =" >>> >>> >>>> Julian, >>>> >>>> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav >>>> 0.85.1 (clamavmodule). >>>> >>>> A password protected Excel spreadsheet is getting stopped by Sophos >>>> with the MailScanner report saying: >>>> >>>> SophosSAVI: 94237001F.xls caused an error: File was encrypted >>>> (530) >>>> >>>> and the user is howling because they can't email their spreadsheet. >>>> I ran the Excel file thru sweep by hand, eg: >>>> >>>> === Checking 94237001F.xls with Sophos sweep >>>> SWEEP virus detection utility >>>> Version 3.94.0 [Solaris/SPARC] >>>> Virus data version 3.94, June 2005 >>>> Includes detection for 105167 viruses, trojans and worms >>>> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com >>>> >>>> System time 11:03:52, System date 02 June 2005 >>>> Command line qualifiers are: -sc -f -all -rec -archive >>>> -loopback >>>> --no-follow-symlinks --no-reset-atime -tnef >>>> >>>> (BTW, do these settings match MS? Where to find them in >>>> MS?) >>>> >>>> IDE directory is: /opt/sophos/ide >>>> ..... >>>> Full Sweeping >>>> >>>> Password protected file 94237001F.xls >>>> >>>> 1 file swept in 3 seconds. >>>> 1 error was encountered. >>>> No viruses were discovered. >>>> 1 encrypted file was not checked. >>>> End of Sweep. >>>> >>>> And sweep gives back a return code of 2. This problem just started >>>> in the last month, eg Sophos 3.93.2 and 3.94 releases. >>>> >>>> The user has a spreadsheet where the Tools -> Protection -> Protect >>>> Sheet feature of Excel has been used and a password was entered >>>> here. She doesn't know the password. We cracked it and an >>>> unprotected version of the file gets a zero return code from >>>> Sophos. ClamAV has no problems with either version of the file. >>>> >>>> I have "Block Encrypted Messages = no" in the MailScanner.conf >>>> file. >>>> >>>> Suggestions please? Anything that could be done with MailScanner? >>>> Does MS only look at zero/non-zero return codes from the virus >>>> scanners to determine virus or not? Or does it consider non-zero >>>> return codes, eg "2 means encrypted" (I'm guessing here)? >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. Before posting, read >>>> the Wiki (http://wiki.mailscanner.info/) and the archives >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> Anthony Peacock >>> CHIME, Royal Free & University College Medical School >>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>> "It is easy to be blinded to the essential uselessness of >>> computers by the sense of accomplishment you get from >>> getting them to work at all." -- Douglas Adams >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "In the beginning of a change, the patriot is a brave and scarce man, > hated and scorned. When the cause succeeds, however, the timid join > him...for then it costs nothing to be a patriot." -Mark Twain > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu Jun 2 17:09:05 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: I think that it would be a good addition to add the functionality for SophosSAVI. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Julian Field wrote: > On 2 Jun 2005, at 16:55, Anthony Peacock wrote: >> Hi, >> >> >>> Oh happy day! Would I just set this to: >>> >>> Allowed Sophos Error Messages = "File was encrypted" >>> >>> That's it?? >>> >> >> I haven't used it for this particular error message, but did use it >> a while back for "Corrupt". >> >> What you have above would fit the documented behaviour of that >> setting. > > The "Allowed Sophos Error Messages" is currently not applied to the > sophossavi scanner, only the sophos scanner. > Would you like me to add some code to implement the same support in > sophossavi? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 17:50:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Consider it done. Patch attached. Aaron K. Moore wrote: >I think that it would be a good addition to add the functionality for >SophosSAVI. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 16:40:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Jeff try ammending the Allowed Sophos Error Messages = "corrupt", "format not supported" In MailScanner.conf to Allowed Sophos Error Messages = "corrupt", "format not supported", "Password protected file" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) > > and the user is howling because they can't email their spreadsheet. > I ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utilityPassword protected file > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started in > the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect Sheet > feature of Excel has been used and a password was entered here. She > doesn't know the password. We cracked it and an unprotected version > of the file gets a zero return code from Sophos. ClamAV has no problems > with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus scanners > to determine virus or not? Or does it consider non-zero return codes, > eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 17:14:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian Field wrote: > On 2 Jun 2005, at 16:55, Anthony Peacock wrote: > >> Hi, >> >> >>> Oh happy day! Would I just set this to: >>> >>> Allowed Sophos Error Messages = "File was encrypted" >>> >>> That's it?? >>> >> >> I haven't used it for this particular error message, but did use it a >> while back for "Corrupt". >> >> What you have above would fit the documented behaviour of that >> setting. > > > The "Allowed Sophos Error Messages" is currently not applied to the > sophossavi scanner, only the sophos scanner. > Would you like me to add some code to implement the same support in > sophossavi? > > Julian yes please... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 18:00:27 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, I've set Allowed Sophos Error Messages = "File was encrypted", changed from sophossavi to sophos, and asked the howling user to send me an encrypted Excel spreadsheet to see if this fixes the issue. Then I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. Since there have two or three patches emailed out re 4.42.9, maybe it is time to slap 4.43.x beta out there, and I'll just go to that... Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 17:50:16 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > Consider it done. > Patch attached. > > Aaron K. Moore wrote: > >> I think that it would be a good addition to add the functionality for >> SophosSAVI. >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 18:05:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would like confirmation that my patches for Config.pm (\n in settings) and SweepViruses.pm (Allowed Sophos Error Messages implemented for SophosSAVI scanner) both work as intended before I publish a beta. But maybe that is slightly self-defeating. Sod it, I'll put out a beta for you. 4.43.1 on its way. Jeff A. Earickson wrote: > Julian, > > I've set Allowed Sophos Error Messages = "File was encrypted", changed > from sophossavi to sophos, and asked the howling user to send me > an encrypted Excel spreadsheet to see if this fixes the issue. Then > I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. > > Since there have two or three patches emailed out re 4.42.9, maybe it > is time to slap 4.43.x beta out there, and I'll just go to that... > > Jeff Earickson > Colby College > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 17:50:16 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Sophos killing protected Excel spreadsheets >> >> Consider it done. >> Patch attached. >> >> Aaron K. Moore wrote: >> >>> I think that it would be a good addition to add the functionality for >>> SophosSAVI. >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 18:24:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the first beta release of next month's version, 4.43.1. Download as usual from www.mailscanner.info. Please can you give it a try and let me know how you get on. The Change Log is: * New Features and Improvements * - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well as the command-line Sophos scanner. - "\n" can be used to insert line breaks in just about any configuration setting or languages.conf string. * Fixes * - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of "MailScanner Version Number" rather than copying it over from the old one. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From denis at CROOMBS.ORG Thu Jun 2 19:09:47 2005 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:29:53 2006 Subject: Clamav, MailScanner & Ensim server Message-ID: I have been using this for many years now but this is causing me a BIG problem, I have tried chaging the compression ratio up to 1000, but I still get same error as below in /var/log/maillog and it removes the zip files. Report: ClamAV: Apr2003-Mar2004v2.zip contains Oversized Zip ClamAV: Load test from Globix Results.zip contains Oversized Zip Report: ClamAV: Load test from Globix Results.zip contains Oversized Zip Any clues ? Thanks Denis ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 19:29:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, My howling user could successfully email her spreadsheet with the tweaks below. Now to upgrade to 4.43.1 and repeat the test. Stay tuned. Jeff On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 18:05:54 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > I would like confirmation that my patches for Config.pm (\n in settings) and > SweepViruses.pm (Allowed Sophos Error Messages implemented for SophosSAVI > scanner) both work as intended before I publish a beta. > > But maybe that is slightly self-defeating. Sod it, I'll put out a beta for > you. 4.43.1 on its way. > > Jeff A. Earickson wrote: > >> Julian, >> >> I've set Allowed Sophos Error Messages = "File was encrypted", changed >> from sophossavi to sophos, and asked the howling user to send me >> an encrypted Excel spreadsheet to see if this fixes the issue. Then >> I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. >> >> Since there have two or three patches emailed out re 4.42.9, maybe it >> is time to slap 4.43.x beta out there, and I'll just go to that... >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 17:50:16 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Sophos killing protected Excel spreadsheets >>> >>> Consider it done. >>> Patch attached. >>> >>> Aaron K. Moore wrote: >>> >>>> I think that it would be a good addition to add the functionality for >>>> SophosSAVI. >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 20:14:55 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: Julian, When I ran upgrade_MailScanner_conf and then looked at the outputs of new and old side-by-side, the version number fix did: # This is the version number of the MailScanner distribution that created # this configuration file. Please do not change this value. MailScanner Version Number = 4.43.1 # This is the version number of the MailScanner distribution that created # this configuration file. Please do not change this value. in the new output. The last three lines got duplicated, which is probably not what you wanted. BTW, I wasn't aware of upgrade_MailScanner_conf. Don't know how I missed this gem. Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 18:24:54 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Beta 4.43.1 released > > I have just released the first beta release of next month's version, 4.43.1. > Download as usual from www.mailscanner.info. > > Please can you give it a try and let me know how you get on. > > The Change Log is: > > * New Features and Improvements * > - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well > as the command-line Sophos scanner. > - "\n" can be used to insert line breaks in just about any configuration > setting or languages.conf string. > > * Fixes * > - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of > "MailScanner Version Number" rather than copying it over from the old one. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 20:37:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > When I ran upgrade_MailScanner_conf and then looked at the outputs > of new and old side-by-side, the version number fix did: > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > MailScanner Version Number = 4.43.1 > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > > in the new output. The last three lines got duplicated, which is > probably > not what you wanted. Doesn't seem to do it with my copy of the script. Can you mail me (off-list) the MailScanner.conf and MailScanner.conf.rpmnew files (or equivalents) you have to see if I can reproduce it please? > BTW, I wasn't aware of upgrade_MailScanner_conf. > Don't know how I missed this gem. It's been around for a very long time now, it makes upgrading a 5 minute job instead of a 1 hour job. :-) > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 18:24:54 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Beta 4.43.1 released >> >> I have just released the first beta release of next month's version, >> 4.43.1. >> Download as usual from www.mailscanner.info. >> >> Please can you give it a try and let me know how you get on. >> >> The Change Log is: >> >> * New Features and Improvements * >> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as >> well >> as the command-line Sophos scanner. >> - "\n" can be used to insert line breaks in just about any configuration >> setting or languages.conf string. >> >> * Fixes * >> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new >> value of >> "MailScanner Version Number" rather than copying it over from the old >> one. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 20:52:41 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: Julian, My testing of the sophossavi tweak: 1) Email encrypted xls file, settings are: Allowed Sophos Error Messages = "File was encrypted" Virus Scanners = sophos clamavmodule Email delivered, no complaints in syslog (OK) 2) Email encrypted xls file, settings are: Allowed Sophos Error Messages = "File was encrypted" Virus Scanners = sophossavi clamavmodule Email delivered, but MailScanner syslogged: SophosSAVI::ERROR:: File was encrypted (530):: ./j52JOpu2020635/94237001F.xls I would expect MailScanner to be quiet like the "sophos" setting. People will think that a bad file had slipped thru. 3) Email encrypted xls file, settings are: Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule THE MESSAGE GOT DELIVERED!! No complaints in syslog, landed in the recipient's mail. A bad file DID slip thru. 3) Email encrypted xls file, settings are: Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule Properly blocked, noted in syslog, not delivered (OK). Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 21:02:45 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: Julian, Attached is my MailScanner.conf from version 4.42.3 (old version). I did the following: 1) untar MailScanner-4.43.1-1.tar.gz into /opt, so the install ends up as /opt/MailScanner-4.43.1. 2) cd /opt/MailScanner-4.43.1/etc 3) ../bin/upgrade_MailScanner_conf --keep-comments \ /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner-4.43.1/etc/MailScanner.conf > MailScanner.new where the /opt/MailScanner/etc/MailScanner.conf points to the attached file. Jeff On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 20:37:52 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.43.1 released > > Jeff A. Earickson wrote: > >> Julian, >> When I ran upgrade_MailScanner_conf and then looked at the outputs >> of new and old side-by-side, the version number fix did: >> >> # This is the version number of the MailScanner distribution that created >> # this configuration file. Please do not change this value. >> MailScanner Version Number = 4.43.1 >> >> # This is the version number of the MailScanner distribution that created >> # this configuration file. Please do not change this value. >> >> in the new output. The last three lines got duplicated, which is probably >> not what you wanted. > > Doesn't seem to do it with my copy of the script. Can you mail me (off-list) > the MailScanner.conf and MailScanner.conf.rpmnew files (or equivalents) you > have to see if I can reproduce it please? > >> BTW, I wasn't aware of upgrade_MailScanner_conf. >> Don't know how I missed this gem. > > It's been around for a very long time now, it makes upgrading a 5 minute job > instead of a 1 hour job. > :-) > >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 18:24:54 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Beta 4.43.1 released >>> >>> I have just released the first beta release of next month's version, >>> 4.43.1. >>> Download as usual from www.mailscanner.info. >>> >>> Please can you give it a try and let me know how you get on. >>> >>> The Change Log is: >>> >>> * New Features and Improvements * >>> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well >>> as the command-line Sophos scanner. >>> - "\n" can be used to insert line breaks in just about any configuration >>> setting or languages.conf string. >>> >>> * Fixes * >>> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value >>> of >>> "MailScanner Version Number" rather than copying it over from the old one. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:23:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please try the attached patch to see if it helps problem 3. The syslogging should be fixed. Jeff A. Earickson wrote: > Julian, > > My testing of the sophossavi tweak: > > 1) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = "File was encrypted" > Virus Scanners = sophos clamavmodule > > Email delivered, no complaints in syslog (OK) > > 2) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = "File was encrypted" > Virus Scanners = sophossavi clamavmodule > > Email delivered, but MailScanner syslogged: > > SophosSAVI::ERROR:: File was encrypted (530):: > ./j52JOpu2020635/94237001F.xls > > I would expect MailScanner to be quiet like the "sophos" > setting. People will think that a bad file had slipped thru. > > 3) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule > > THE MESSAGE GOT DELIVERED!! No complaints in syslog, > landed in the recipient's mail. A bad file DID slip thru. > > 3) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule > > Properly blocked, noted in syslog, not delivered (OK). > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.1KB. ] [ Unable to print this part. ] From lhaig at HAIGMAIL.COM Thu Jun 2 21:25:53 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone else having trouble downloading from their site? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:38:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Attached is a new upgrade_MailScanner_conf which keeps the comments around the MailScanner Version Number setting when --keep-comments is used. Jeff A. Earickson wrote: > Julian, > Attached is my MailScanner.conf from version 4.42.3 (old version). > I did the following: > > 1) untar MailScanner-4.43.1-1.tar.gz into /opt, so the install ends up as > /opt/MailScanner-4.43.1. > > 2) cd /opt/MailScanner-4.43.1/etc > > 3) ../bin/upgrade_MailScanner_conf --keep-comments \ > /opt/MailScanner/etc/MailScanner.conf > /opt/MailScanner-4.43.1/etc/MailScanner.conf > MailScanner.new > > where the /opt/MailScanner/etc/MailScanner.conf points to the attached > file. > > Jeff > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 20:37:52 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Beta 4.43.1 released >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> When I ran upgrade_MailScanner_conf and then looked at the outputs >>> of new and old side-by-side, the version number fix did: >>> >>> # This is the version number of the MailScanner distribution that >>> created >>> # this configuration file. Please do not change this value. >>> MailScanner Version Number = 4.43.1 >>> >>> # This is the version number of the MailScanner distribution that >>> created >>> # this configuration file. Please do not change this value. >>> >>> in the new output. The last three lines got duplicated, which is >>> probably >>> not what you wanted. >> >> >> Doesn't seem to do it with my copy of the script. Can you mail me >> (off-list) the MailScanner.conf and MailScanner.conf.rpmnew files (or >> equivalents) you have to see if I can reproduce it please? >> >>> BTW, I wasn't aware of upgrade_MailScanner_conf. >>> Don't know how I missed this gem. >> >> >> It's been around for a very long time now, it makes upgrading a 5 >> minute job instead of a 1 hour job. >> :-) >> >>> On Thu, 2 Jun 2005, Julian Field wrote: >>> >>>> Date: Thu, 2 Jun 2005 18:24:54 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Beta 4.43.1 released >>>> >>>> I have just released the first beta release of next month's >>>> version, 4.43.1. >>>> Download as usual from www.mailscanner.info. >>>> >>>> Please can you give it a try and let me know how you get on. >>>> >>>> The Change Log is: >>>> >>>> * New Features and Improvements * >>>> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner >>>> as well >>>> as the command-line Sophos scanner. >>>> - "\n" can be used to insert line breaks in just about any >>>> configuration >>>> setting or languages.conf string. >>>> >>>> * Fixes * >>>> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new >>>> value of >>>> "MailScanner Version Number" rather than copying it over from the >>>> old one. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Thu Jun 2 21:42:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: Julian, Nope, same result for 3. I'll test more in the morning when I'm fresh. Do you need the encrypted xls file? And what is your off-list email address? I fumbled that one and accidently posted to the list. Doh. Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 21:23:38 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.43.1 sophossavi testing > > Please try the attached patch to see if it helps problem 3. The syslogging > should be fixed. > > Jeff A. Earickson wrote: > >> Julian, >> >> My testing of the sophossavi tweak: >> >> 1) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = "File was encrypted" >> Virus Scanners = sophos clamavmodule >> >> Email delivered, no complaints in syslog (OK) >> >> 2) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = "File was encrypted" >> Virus Scanners = sophossavi clamavmodule >> >> Email delivered, but MailScanner syslogged: >> >> SophosSAVI::ERROR:: File was encrypted (530):: >> ./j52JOpu2020635/94237001F.xls >> >> I would expect MailScanner to be quiet like the "sophos" >> setting. People will think that a bad file had slipped thru. >> >> 3) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >> >> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >> landed in the recipient's mail. A bad file DID slip thru. >> >> 3) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule >> >> Properly blocked, noted in syslog, not delivered (OK). >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:45:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The encrypted xls file would really help, then I can actually test it myself :-) mailscanner@ecs.soton.ac.uk. Jeff A. Earickson wrote: > Julian, > Nope, same result for 3. I'll test more in the morning when I'm fresh. > Do you need the encrypted xls file? And what is your off-list email > address? I fumbled that one and accidently posted to the list. Doh. > > Jeff Earickson > Colby College > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 21:23:38 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.43.1 sophossavi testing >> >> Please try the attached patch to see if it helps problem 3. The >> syslogging should be fixed. >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> >>> My testing of the sophossavi tweak: >>> >>> 1) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = "File was encrypted" >>> Virus Scanners = sophos clamavmodule >>> >>> Email delivered, no complaints in syslog (OK) >>> >>> 2) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = "File was encrypted" >>> Virus Scanners = sophossavi clamavmodule >>> >>> Email delivered, but MailScanner syslogged: >>> >>> SophosSAVI::ERROR:: File was encrypted (530):: >>> ./j52JOpu2020635/94237001F.xls >>> >>> I would expect MailScanner to be quiet like the "sophos" >>> setting. People will think that a bad file had slipped thru. >>> >>> 3) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >>> >>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>> landed in the recipient's mail. A bad file DID slip thru. >>> >>> 3) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>> clamavmodule >>> >>> Properly blocked, noted in syslog, not delivered (OK). >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:50:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] By the way, you might need to put it on a www server and mail me a url to it. Also, what happens if you do cd wherever-it-is-stored /usr/lib/MailScanner/sophos-wrapper /usr/local/sophos -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks --no-reset-atime -TNEF . (all that last bit on 1 line, and don't forget the "." on the end) What is the output? This will help me a lot to track it down. Julian Field wrote: > The encrypted xls file would really help, then I can actually test it > myself :-) > mailscanner@ecs.soton.ac.uk. > > Jeff A. Earickson wrote: > >> Julian, >> Nope, same result for 3. I'll test more in the morning when I'm >> fresh. >> Do you need the encrypted xls file? And what is your off-list email >> address? I fumbled that one and accidently posted to the list. Doh. >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 21:23:38 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.43.1 sophossavi testing >>> >>> Please try the attached patch to see if it helps problem 3. The >>> syslogging should be fixed. >>> >>> Jeff A. Earickson wrote: >>> >>>> Julian, >>>> >>>> My testing of the sophossavi tweak: >>>> >>>> 1) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = "File was encrypted" >>>> Virus Scanners = sophos clamavmodule >>>> >>>> Email delivered, no complaints in syslog (OK) >>>> >>>> 2) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = "File was encrypted" >>>> Virus Scanners = sophossavi clamavmodule >>>> >>>> Email delivered, but MailScanner syslogged: >>>> >>>> SophosSAVI::ERROR:: File was encrypted (530):: >>>> ./j52JOpu2020635/94237001F.xls >>>> >>>> I would expect MailScanner to be quiet like the "sophos" >>>> setting. People will think that a bad file had slipped thru. >>>> >>>> 3) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >>>> >>>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>>> landed in the recipient's mail. A bad file DID slip thru. >>>> >>>> 3) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>>> clamavmodule >>>> >>>> Properly blocked, noted in syslog, not delivered (OK). >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ellis at KAZAKCOMPOSITES.COM Thu Jun 2 21:54:30 2005 From: ellis at KAZAKCOMPOSITES.COM (Steve Ellis) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that were previously deleted due to High scoring spam action are now also being virus scanned. Is this the result of a design change that I missed, or a bug? If it's from a design change is there any setting which would give the previous behavior? I have Silent Viruses = All-Viruses Quarantine Silent Viruses = no Keep Spam And MCP Archive Clean = no Example Log entry: Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, SpamAssassin (score=36.958, required 5, autolearn=spam, .... Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message j52BqPBf030435 actions are delete Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:00:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Ellis wrote: > Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that > were previously deleted due to High scoring spam action are now also > being virus scanned. Is this the result of a design change that I > missed, or a bug? If it's from a design change is there any setting > which would give the previous behavior? They may be virus scanned, but is this fact actually reflected in what happens to the message? > > I have > Silent Viruses = All-Viruses > Quarantine Silent Viruses = no > Keep Spam And MCP Archive Clean = no > > Example Log entry: > Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from > 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, > SpamAssassin (score=36.958, required 5, autolearn=spam, .... > Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message > j52BqPBf030435 actions are delete > Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: > Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif > > > > > Steve Ellis > Sr. Engineer > KaZaK Composites, Inc > > 781.932.5667 x105 > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > Unless otherwise specified, the information contained in this > e-mail message should be considered: privileged, confidential, > and protected from disclosure. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 2 21:53:22 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > When I ran upgrade_MailScanner_conf and then looked at the outputs > of new and old side-by-side, the version number fix did: > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > MailScanner Version Number = 4.43.1 > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > > in the new output. The last three lines got duplicated, which is probably > not what you wanted. BTW, I wasn't aware of upgrade_MailScanner_conf. > Don't know how I missed this gem. Then you've probably not seen the MAQ page... there are many other gems in there... have a look :). http://wiki.mailscanner.info/doku.php?id=maq:index ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 2 21:57:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:14:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is partly a design change, but you have pointed out a common case where my current version is inefficient. If "Keep Spam And MCP Archive Clean" is no then there is no need to keep processing messages that won't be delivered. Please try the attached patch for MessageBatch.pm and let me know how you get on. Steve Ellis wrote: > Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that > were previously deleted due to High scoring spam action are now also > being virus scanned. Is this the result of a design change that I > missed, or a bug? If it's from a design change is there any setting > which would give the previous behavior? > > I have > Silent Viruses = All-Viruses > Quarantine Silent Viruses = no > Keep Spam And MCP Archive Clean = no > > Example Log entry: > Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from > 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, > SpamAssassin (score=36.958, required 5, autolearn=spam, .... > Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message > j52BqPBf030435 actions are delete > Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: > Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif > > > > > Steve Ellis > Sr. Engineer > KaZaK Composites, Inc > > 781.932.5667 x105 > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > Unless otherwise specified, the information contained in this > e-mail message should be considered: privileged, confidential, > and protected from disclosure. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 818bytes. ] [ Unable to print this part. ] From ellis at KAZAKCOMPOSITES.COM Thu Jun 2 22:18:46 2005 From: ellis at KAZAKCOMPOSITES.COM (Steve Ellis) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: Julian wrote: >They may be virus scanned, but is this fact actually reflected in what >happens to the message? The message does get virus scanned, followed by filename and type checked. Then the message is deleted. Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:22:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Ellis wrote: > Julian wrote: > > >> They may be virus scanned, but is this fact actually reflected in >> what happens to the message? > > > The message does get virus scanned, followed by filename and type > checked. Then the message is deleted. With my patch the messages should get deleted after they are MCP and spam scanned. The other tests would have been necessary if any part of the spam+mcp archive was being kept clean. The patch optimises the simple case when it is "no" for all messages. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Fri Jun 3 00:18:30 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:53 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 2 Jun 2005 11:13 pm, Martin Wozenilek wrote: > There are two different downloads from mcafee: > > - McAfee VirusScan Command Line Scanner for Linux > - McAfee VirusScan Command Line Scanner for RedHat 9 and Suse 8.x Linux > > http://www.mcafeesecurity.com/de/downloads/evals/default.asp And don't forget the Pentium optimised versions for Linux too. We've seen big improvements in scanning speed (20-30% on some compressed files for example) over the standard i386 version. Don't try to run the Pentium optimised versions on Pentium-classic (ie, pre PPro/PII) - you need a "686" class processor or better. The "586" doesn't cut it :) Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Fri Jun 3 01:36:44 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: However many levels I provide, people always ask for another one :-) This is pretty easy to implement with a Custom Function. I will have to look at Custom Functions... thanks If you effectively want to score blacklists, then do it in SpamAssassin, that provides a system to do all this. If something is on a Blacklist... I don't want SpamAssassin to look at it at all. I want to either mark as high level Spam or Delete it. There is a generic virus scanner module, but not a generic spam scanner module. I will take a look at this one. Thanks! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From taz at TAZ-MANIA.COM Fri Jun 3 01:46:33 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another thing that would be great is in the rules being able to set a separate To: and From: for the same rule. I have two mail hubs that receive email, scan it and send it on to another mail server where the users reside. Actually depending on the domain that could be one of many destination mail servers. So the Hub has no knowledge of what a valid end user email address is. However I do occasionally get requests from users to whitelist certain from addresses, but I would like to say on some of them to whitelist From:xxx@example.com To:yyy@domain.net. So the whitelist doesn't effect other users. There are many times where I have and need to whitelist anything From:xxx@example.com to anyone or to whitelist everything To:yyy@domain.net as well. Thank you -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From SJCJonker at SJC.NL Fri Jun 3 07:11:23 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I just received 2 copies of an mail containing a text that Osama Bin Laden was captured, with an attachment of pics.zip (900 bytes). Virustotal.com didn't report anything really usefull back, will be doing my rounds through the submissions sites of mcafee,norman, symantec and clamav. Output of virustotal.com: Antivirus Version Update Result AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader AVG 718 06.02.2005 no virus found Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 DrWeb 4.32b 06.02.2005 no virus found eTrust-Iris 7.1.194.0 06.02.2005 no virus found eTrust-Vet 11.9.1.0 06.02.2005 no virus found Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr Ikarus 2.32 06.03.2005 no virus found Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr McAfee 4505 06.02.2005 no virus found NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus Norman 5.70.10 06.03.2005 W32/Downloader Panda 8.02.00 06.02.2005 no virus found Sybari 7.5.1314 06.03.2005 W32/Downloade Symantec 8.0 06.02.2005 no virus found VBA32 3.10.3 06.02.2005 no virus found - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -----BEGIN PGP SIGNATURE----- iD8DBQFCn/SLjU9r45tKnOARAoMyAJ9ojcSzzpMctIV7DWNUgveUhImfqwCfW5Mt 7MMBmTHfBqYwZ6RgQWdecIU= =0Qxy -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Fri Jun 3 07:13:23 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oeps forgot to mention, it's detected on the extension and the heuristics checks. Stijn Jonker said the following on 03/06/2005 08:11: > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). > > Virustotal.com didn't report anything really usefull back, will be doing > my rounds through the submissions sites of mcafee,norman, symantec and > clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found > > -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Fri Jun 3 06:47:55 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:53 2006 Subject: Scanning Encapsulated Messages Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messaged in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jun 3 09:10:19 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Scott, can you send me the link you are using? It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 09:31:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: Dennis AFAIK you can do that already - have a look at the EXAMPLES file in the rules dir. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dennis Willson wrote: > Another thing that would be great is in the rules being able to set a > separate To: and From: for the same rule. > > I have two mail hubs that receive email, scan it and send it on to > another mail server where the users reside. Actually depending on the > domain that could be one of many destination mail servers. So the Hub > has no knowledge of what a valid > end user email address is. However I do occasionally get requests from > users to whitelist certain from addresses, but I would like to say on > some of them to whitelist From:xxx@example.com To:yyy@domain.net. So the > whitelist doesn't effect other users. There are many times where I have > and need to whitelist anything From:xxx@example.com to anyone or to > whitelist everything To:yyy@domain.net as well. > > Thank you > -- > ------------------------------------------------------------------------ > */Dennis Willson/* > taz@taz-mania.com > taz@scubatech.org > > www.taz-mania.com > > Ham: KA6LSW > GMRS: WPSJ953 > SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, > Equip, Altitude > > Life should not be a journey to the grave with the intention of arriving > safely in a nice looking and well preserved body, but rather to skid in > broadside, thoroughly used up, totally worn out, and loudly proclaiming, > "WOW! WHAT A RIDE!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 09:36:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: Or else use the per-domain and per-user white/black lists implemented in CustomConfig.pm. They are dead simple to use. On 3 Jun 2005, at 09:31, Martin Hepworth wrote: > Dennis > > AFAIK you can do that already - have a look at the EXAMPLES file in > the rules dir. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Dennis Willson wrote: > >> Another thing that would be great is in the rules being able to >> set a separate To: and From: for the same rule. >> I have two mail hubs that receive email, scan it and send it on to >> another mail server where the users reside. Actually depending on >> the domain that could be one of many destination mail servers. So >> the Hub has no knowledge of what a valid >> end user email address is. However I do occasionally get requests >> from users to whitelist certain from addresses, but I would like >> to say on some of them to whitelist From:xxx@example.com >> To:yyy@domain.net. So the whitelist doesn't effect other users. >> There are many times where I have and need to whitelist anything >> From:xxx@example.com to anyone or to whitelist everything >> To:yyy@domain.net as well. >> Thank you >> -- >> --------------------------------------------------------------------- >> --- >> */Dennis Willson/* >> taz@taz-mania.com >> taz@scubatech.org >> www.taz-mania.com >> Ham: KA6LSW >> GMRS: WPSJ953 >> SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW >> Photographer, Equip, Altitude >> Life should not be a journey to the grave with the intention of >> arriving safely in a nice looking and well preserved body, but >> rather to skid in broadside, thoroughly used up, totally worn out, >> and loudly proclaiming, "WOW! WHAT A RIDE!" >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> *Support MailScanner development - buy the book off the website!* >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 09:39:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: A new SweepViruses.pm is attached which implements the "Allowed Sophos Error Messages" for the SophosSAVI virus scanner. Let me know if there is still anything you want to change in this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 33KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] On 2 Jun 2005, at 21:50, Julian Field wrote: > By the way, you might need to put it on a www server and mail me a > url to it. > > Also, what happens if you do > cd wherever-it-is-stored > /usr/lib/MailScanner/sophos-wrapper /usr/local/sophos -sc -f -all - > rec -ss -archive -loopback --no-follow-symlinks --no-reset-atime - > TNEF . > (all that last bit on 1 line, and don't forget the "." on the end) > > What is the output? This will help me a lot to track it down. > > Julian Field wrote: > > >> The encrypted xls file would really help, then I can actually test >> it myself :-) >> mailscanner@ecs.soton.ac.uk. >> >> Jeff A. Earickson wrote: >> >> >>> Julian, >>> Nope, same result for 3. I'll test more in the morning when >>> I'm fresh. >>> Do you need the encrypted xls file? And what is your off-list email >>> address? I fumbled that one and accidently posted to the list. >>> Doh. >>> >>> Jeff Earickson >>> Colby College >>> >>> On Thu, 2 Jun 2005, Julian Field wrote: >>> >>> >>>> Date: Thu, 2 Jun 2005 21:23:38 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: 4.43.1 sophossavi testing >>>> >>>> Please try the attached patch to see if it helps problem 3. The >>>> syslogging should be fixed. >>>> >>>> Jeff A. Earickson wrote: >>>> >>>> >>>>> Julian, >>>>> >>>>> My testing of the sophossavi tweak: >>>>> >>>>> 1) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = "File was encrypted" >>>>> Virus Scanners = sophos clamavmodule >>>>> >>>>> Email delivered, no complaints in syslog (OK) >>>>> >>>>> 2) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = "File was encrypted" >>>>> Virus Scanners = sophossavi clamavmodule >>>>> >>>>> Email delivered, but MailScanner syslogged: >>>>> >>>>> SophosSAVI::ERROR:: File was encrypted (530):: ./ >>>>> j52JOpu2020635/94237001F.xls >>>>> >>>>> I would expect MailScanner to be quiet like the "sophos" >>>>> setting. People will think that a bad file had slipped thru. >>>>> >>>>> 3) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = Virus Scanners = sophos >>>>> clamavmodule >>>>> >>>>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>>>> landed in the recipient's mail. A bad file DID slip thru. >>>>> >>>>> 3) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>>>> clamavmodule >>>>> >>>>> Properly blocked, noted in syslog, not delivered (OK). >>>>> >>>>> Jeff Earickson >>>>> Colby College -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 3 09:46:28 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:53 2006 Subject: Clamav, MailScanner & Ensim server Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > me a BIG problem, I have tried chaging the compression ratio > up to 1000, but I still get same error as below in > /var/log/maillog and it removes the zip files. are you using clamav or clamavmodule? If you use clamav you need to tewak clamav-wrapper and add an extra scan option. man clamav will help. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 09:45:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Steve got my first one 23.11 (GMT) last night - clamav picked it up as the name below. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stijn Jonker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). > > Virustotal.com didn't report anything really usefull back, will be doing > my rounds through the submissions sites of mcafee,norman, symantec and > clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found > > > - -- > Met Vriendelijke groet/Yours Sincerely > Stijn Jonker > -----BEGIN PGP SIGNATURE----- > > iD8DBQFCn/SLjU9r45tKnOARAoMyAJ9ojcSzzpMctIV7DWNUgveUhImfqwCfW5Mt > 7MMBmTHfBqYwZ6RgQWdecIU= > =0Qxy > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jun 3 10:16:37 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: After McAfee and Sophos let us down over the Mytob.gen worm, have decided to install ClamAV as a third A-V engine to be used by MS. Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V engines. Normally do MS install from RPM version downloaded from Julian's site. Where is best source of info/how-to for installing Clam in the above environment? Is it better to do a source install (and subsequent upgrades) or find a suitable RPM from a third party? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 10:24:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: Quentin uses the source, but then I don't run a RPM based systems so.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quentin Campbell wrote: > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Fri Jun 3 10:28:36 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: Hi Quentin, On Fri, 3 Jun 2005, Quentin Campbell wrote: > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? I would grab the source... also once you've done that, run freshclam manually, then cpan -i Mail::ClamAV check /etc/MailScanner/virus.scanners.conf and ensure clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp THen just check the clamav-wrapper to make sure freshclam can update, you will have to make a change vi|pico|mcedit /usr/local/etc/clamd.conf and comment out the Example line and maybe change other things to suite your taste. Of course tell MS to use clamavmodule (it's claimed to be faster than just clamscan on its own, and I would tend to agree) It's all pretty painless :) If i've forgotten somthing I'm sure someone else will throw it in... -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Fri Jun 3 10:45:28 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, We are running the rpm from Dag Wieers repository. You can set up yum to download and install from his directory. Check clamav.net web site under binary ports section. Using Dag's rpm's sets you back about 24 hours after a new release before it's available as rpm. Jens > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 11:09:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] They seem to be "hiding" a small farm behind ftp.bitdefender.com, and at least westpoint.bitdefender.com was very responsive... If you've got transient problems, perhaps try a few times (in the hope you'd reach another mirror that isn't missbehaving... A bit like it used to be/still is with mcafees FTP servers:-). -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Lance Haig Sent: den 3 juni 2005 10:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Trouble downloading Bitdefender? Hi Scott, can you send me the link you are using? It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 11:24:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:install:tarball (slightly rudimentary, but covers how simple it is:-). I do run on an otherwise (mostly) rpm-installed system, but prefer source since I don't want to wait for someone else to package it first (although Dag seems to be very alert... I don't use RH/FC, so that's not relevant to me though:). -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Quentin Campbell Sent: den 3 juni 2005 11:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Installing ClamAV for the first time After McAfee and Sophos let us down over the Mytob.gen worm, have decided to install ClamAV as a third A-V engine to be used by MS. Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V engines. Normally do MS install from RPM version downloaded from Julian's site. Where is best source of info/how-to for installing Clam in the above environment? Is it better to do a source install (and subsequent upgrades) or find a suitable RPM from a third party? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Fri Jun 3 12:20:50 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: > -----Original Message----- > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > Sent: 03 June 2005 07:11 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that > Osama Bin Laden was captured, with an attachment of pics.zip > (900 bytes). > > Virustotal.com didn't report anything really usefull back, > will be doing my rounds through the submissions sites of > mcafee,norman, symantec and clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 > Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 > Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 > Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown > NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found I had F-Prot pick this up first along with trusty old MailScanner..Bitdefender would have as it picked it up as suspicious but MailScanner allowed it through where do I change this behaviour? I had a look in bitdefender-wrapper but couldn't see any config there. Thanks ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fred at EZCOMPUTERS.CO.UK Fri Jun 3 12:20:30 2005 From: fred at EZCOMPUTERS.CO.UK (Steve Spiller) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm new to MailScanner configuration, and want to check something before I make changes to our working email server after a bad experience with a slight change to our Firewall. MailScanner is currently configured to reject all emails which have an attachment with html scripting (which I understand to be a Good Thing). Except one of our suppliers insists that they send their RMA form unzipped, with loads of scripting. They say that their system does not allow them to compress/rename the form prior to sending. From reading the archives and manuals, I gather I need to do something like the following: 1. create a htmlscript.allow.rules (or other name) with the following contents: From: 127.0.0.1 no From: *@awkwardsupplier.com no FromOrTo: default yes 2. Change MailScanner.conf from: Allow Script Tags = no to: Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules Am I correct in believing this will allow virus scanning on their emails, but allow the RMA Form to be received? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Jun 3 12:40:19 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm receiving a lot of them... Only clamav was detecting it on my server in the begining... Now bitdefender is detecting it to. But mcafee does not... ----- Original Message ----- From: "Hywel Burris" To: Sent: Friday, June 03, 2005 8:20 AM Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > > > > -----Original Message----- > > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > > Sent: 03 June 2005 07:11 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hello all, > > > > I just received 2 copies of an mail containing a text that > > Osama Bin Laden was captured, with an attachment of pics.zip > > (900 bytes). > > > > Virustotal.com didn't report anything really usefull back, > > will be doing my rounds through the submissions sites of > > mcafee,norman, symantec and clamav. > > > > Output of virustotal.com: > > Antivirus Version Update Result > > AntiVir 6.30.0.15 06.02.2005 > > Heuristic/Trojan.Downloader > > AVG 718 06.02.2005 no virus found > > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > > ClamAV devel-20050501 06.02.2005 > > Trojan.Downloader.Small-561 > > DrWeb 4.32b 06.02.2005 no virus found > > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > > Ikarus 2.32 06.03.2005 no virus found > > Kaspersky 4.0.2.24 06.03.2005 > > Trojan-Downloader.Win32.Small.axr > > McAfee 4505 06.02.2005 no virus found > > NOD32v2 1.1124 06.02.2005 probably unknown > > NewHeur_PE virus > > Norman 5.70.10 06.03.2005 W32/Downloader > > Panda 8.02.00 06.02.2005 no virus found > > Sybari 7.5.1314 06.03.2005 W32/Downloade > > Symantec 8.0 06.02.2005 no virus found > > VBA32 3.10.3 06.02.2005 no virus found > > > I had F-Prot pick this up first along with trusty old > MailScanner..Bitdefender would have as it picked it up as suspicious but > MailScanner allowed it through where do I change this behaviour? I had a > look in bitdefender-wrapper but couldn't see any config there. > > Thanks > > ************************************************************************ > This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > > Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Jun 3 12:40:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry. Mcafee is detecting it too now... ----- Original Message ----- From: "Roger Jochem" To: "MailScanner mailing list" Sent: Friday, June 03, 2005 8:40 AM Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > I'm receiving a lot of them... Only clamav was detecting it on my server in > the begining... Now bitdefender is detecting it to. But mcafee does not... > > ----- Original Message ----- > From: "Hywel Burris" > To: > Sent: Friday, June 03, 2005 8:20 AM > Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > > > > > > > > > -----Original Message----- > > > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > > > Sent: 03 June 2005 07:11 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hello all, > > > > > > I just received 2 copies of an mail containing a text that > > > Osama Bin Laden was captured, with an attachment of pics.zip > > > (900 bytes). > > > > > > Virustotal.com didn't report anything really usefull back, > > > will be doing my rounds through the submissions sites of > > > mcafee,norman, symantec and clamav. > > > > > > Output of virustotal.com: > > > Antivirus Version Update Result > > > AntiVir 6.30.0.15 06.02.2005 > > > Heuristic/Trojan.Downloader > > > AVG 718 06.02.2005 no virus found > > > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > > > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > > > ClamAV devel-20050501 06.02.2005 > > > Trojan.Downloader.Small-561 > > > DrWeb 4.32b 06.02.2005 no virus found > > > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > > > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > > > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > > > Ikarus 2.32 06.03.2005 no virus found > > > Kaspersky 4.0.2.24 06.03.2005 > > > Trojan-Downloader.Win32.Small.axr > > > McAfee 4505 06.02.2005 no virus found > > > NOD32v2 1.1124 06.02.2005 probably unknown > > > NewHeur_PE virus > > > Norman 5.70.10 06.03.2005 W32/Downloader > > > Panda 8.02.00 06.02.2005 no virus found > > > Sybari 7.5.1314 06.03.2005 W32/Downloade > > > Symantec 8.0 06.02.2005 no virus found > > > VBA32 3.10.3 06.02.2005 no virus found > > > > > > I had F-Prot pick this up first along with trusty old > > MailScanner..Bitdefender would have as it picked it up as suspicious but > > MailScanner allowed it through where do I change this behaviour? I had a > > look in bitdefender-wrapper but couldn't see any config there. > > > > Thanks > > > > ************************************************************************ > > This e-mail and any attachments are strictly confidential and intended > solely for the addressee. They may contain information which is covered by > legal, professional or other privilege. If you are not the intended > addressee, you must not copy the e-mail or the attachments, or use them for > any purpose or disclose their contents to any other person. To do so may be > unlawful. If you have received this transmission in error, please notify us > as soon as possible and delete the message and attachments from all places > in your computer where they are stored. > > > > Although we have scanned this e-mail and any attachments for viruses, it > is your responsibility to ensure that they are actually virus free. > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Fri Jun 3 12:55:36 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: 03 June, 2005 10:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.43.1 sophossavi testing > > > A new SweepViruses.pm is attached which implements the "Allowed > Sophos Error Messages" for the SophosSAVI virus scanner. Let me know > if there is still anything you want to change in this. Julian, Is this only for version 4.43 or can we also use it with 4.42? Regards, Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jun 3 13:29:03 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time - thanks for replies - working! Message-ID: Thanks to all who replied. Did install from tar ball. It is working although not in production yet. Neeed to review clamd.conf options and MailScanner.conf changes that are needed. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 03 June 2005 10:17 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Installing ClamAV for the first time > >After McAfee and Sophos let us down over the Mytob.gen worm, have >decided to install ClamAV as a third A-V engine to be used by MS. > >Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V >engines. > >Normally do MS install from RPM version downloaded from Julian's site. > >Where is best source of info/how-to for installing Clam in the above >environment? Is it better to do a source install (and subsequent >upgrades) or find a suitable RPM from a third party? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 13:51:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: You have your yes and no the wrong way round. For mail from localhost and from awkwardsupplier.com you want to allow scripts (i.e. yes), but other mail you want to disallow scripts (i.e. no). The symptom you might have noticed, which indicates you have done something wrong, is that you were changing a setting of "no" to a ruleset for which the default value is "yes". On 3 Jun 2005, at 12:20, Steve Spiller wrote: > I'm new to MailScanner configuration, and want to check something > before I make changes to our working email server after a bad > experience with a slight change to our Firewall. > MailScanner is currently configured to reject all emails which have > an attachment with html scripting (which I understand to be a Good > Thing). Except one of our suppliers insists that they send their > RMA form unzipped, with loads of scripting. They say that their > system does not allow them to compress/rename the form prior to > sending. From reading the archives and manuals, I gather I need to > do something like the following: > > 1. create a htmlscript.allow.rules (or other name) with the > following contents: > From: 127.0.0.1 no > From: *@awkwardsupplier.com no > FromOrTo: default yes > > 2. Change MailScanner.conf from: > Allow Script Tags = no > to: > Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules > > Am I correct in believing this will allow virus scanning on their > emails, but allow the RMA Form to be received? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 13:52:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: On 3 Jun 2005, at 12:55, Adri Koppes wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Julian Field >> Sent: 03 June, 2005 10:40 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.43.1 sophossavi testing >> >> >> A new SweepViruses.pm is attached which implements the "Allowed >> Sophos Error Messages" for the SophosSAVI virus scanner. Let me know >> if there is still anything you want to change in this. >> > > Julian, > > Is this only for version 4.43 or can we also use it with 4.42? Should work fine with 4.42. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 13:53:31 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: SV: Installing ClamAV for the first time - thanks for replies - working! Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't forget to look at/set freshclam.conf (the DNS thing and the "close" Databasemirror things) too. If I understand things correctly, clamd.conf only matters if you use clamavmodule. But you're perhaps going that way? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Quentin Campbell Skickat: fr 2005-06-03 14:29 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Installing ClamAV for the first time - thanks for replies - working! Thanks to all who replied. Did install from tar ball. It is working although not in production yet. Neeed to review clamd.conf options and MailScanner.conf changes that are needed. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 03 June 2005 10:17 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Installing ClamAV for the first time > >After McAfee and Sophos let us down over the Mytob.gen worm, have >decided to install ClamAV as a third A-V engine to be used by MS. > >Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V >engines. > >Normally do MS install from RPM version downloaded from Julian's site. > >Where is best source of info/how-to for installing Clam in the above >environment? Is it better to do a source install (and subsequent >upgrades) or find a suitable RPM from a third party? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 15:55:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Stijn Jonker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). Just an FYI. Trend Micro sent this out this morning. Looks like having double extension checking on will help filter them out too, if the name.1.zip pattern is consistant... ...Kevin ======================================================= Dear Trend Micro customer, As of June 3, 2005, 1:38 AM PDT (Pacific Daylight Time/GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BOBAX.P. TrendLabs has received several infection reports indicating that this malware is spreading in Australia, India, Ireland, Japan, Peru, Singapore, and the United States. This memory-resident worm usually arrives on a system as a downloaded file of TROJ_SMALL.AHE. It spreads by sending a copy of TROJ_SMALL.AHE as an attachment to an email message that it sends using its own Simple Mail Transfer Protocol (SMTP) engine. The message it sends out contains the following details: Subject: {blank} Message body: (any of the following) * Attached some pics that i found * Check this out :-) * Hello, * I was going through my album, and look what I found.. * Long time! Check this out! * Osama Bin Laden Captured. * Remember this? * Saddam Hussein - Attempted Escape, Shot dead * Secret! * Testing (followed by any of the following strings) * +++ Attachment: No Virus found * +++ F-Secure AntiVirus - You are protected * +++ Norman AntiVirus - You are protected * +++ Norton AntiVirus - You are protected * +++ Panda AntiVirus - You are protected * +++ www.f-secure.com * +++ www.norman.com * +++ www.pandasoftware.com * +++ www.symantec.com Attachment: (any of the following names followed by a .ZIP extension) * bush.1 * funny.1 * joke.1 * pics.1 * secret.2 When an unsuspecting user executes the Trojan attachment, TROJ_SMALL.AHE downloads WORM_BOBAX.P, and the vicious worm-Trojan cycle continues. It also propagates by taking advantage of the Windows LSASS vulnerability. Furthermore, it is capable of modifying the system's HOSTS file in order to prevent users from accessing certain Web sites. TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 179 -- already uploaded Official Pattern Release 2.663.00 Damage Cleanup Template 612 For more information on WORM_BOBAX.P, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P You can modify subscription settings for Trend Micro newsletters at: http://www.trendmicro.com/subscriptions/default.asp ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 16:09:15 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:53 2006 Subject: FW: Your email requires verification verify#gJxMNtnqNg35xBxN7GuOK 236xoVud1bR Message-ID: steve@yurmail.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Fri Jun 03 09:52:44 2005 > Received: from [206.123.69.170] (helo=yurhost4.yurhost.com) > by yurhost5.yurhost.com with esmtp (Exim 4.50) > id 1DeDXP-0007FQ-Sg > for steve@yurmail.com; Fri, 03 Jun 2005 09:52:43 -0500 snip Can someone hit this guy with a clue-by-4? Or at least suspend his account on the MailScanner list until he whitelists the list server? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Fri Jun 3 16:17:06 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:29:53 2006 Subject: ClamV updates Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I put this in yum.conf: [crash-hat] name=Fedora Core $releasever - $basearch - CrashHat baseurl=http://crash.fce.vutbr.cz/crash-hat/$releasever enabled=1 gpgcheck=1 It working with no problems... Mauricio. >From: Ugo Bellavance >Reply-To: MailScanner mailing list >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ClamV updates >Date: Wed, 25 May 2005 15:24:24 -0400 > >Billy A. Pumphrey wrote: >>Thank you for the replies. I am still a little lost on how I should/can >>do the updates. >> >>Looking at the clamv site (http://www.clamav.net/binary.html) I do not >>know which package to use for CentOS. > >There is no rpm compiled specifically for CentOS (RHEL). Maybe another >would, maybe not. I can't tell. > >> >>Also, do you know how that I can update using the Dag yum? > >2 choices: > >1- manually download & install http://dag.wieers.com/packages/clamav/ >2- Use dag's repository using apt, yum or up2date(beware of the >implications). http://dag.wieers.com/home-made/apt/FAQ.php#B. Be >careful, this may update other packages when you do system updates. > >> >>Billy Pumphrey >>IT Manager >>Wooden & McLaughlin >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fred at EZCOMPUTERS.CO.UK Fri Jun 3 15:06:23 2005 From: fred at EZCOMPUTERS.CO.UK (Steve Spiller) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > You have your yes and no the wrong way round. > For mail from localhost and from awkwardsupplier.com you want to > allow scripts (i.e. yes), but other mail you want to disallow scripts > (i.e. no). > > The symptom you might have noticed, which indicates you have done > something wrong, is that you were changing a setting of "no" to a > ruleset for which the default value is "yes". > > > On 3 Jun 2005, at 12:20, Steve Spiller wrote: > >> I'm new to MailScanner configuration, and want to check something >> before I make changes to our working email server after a bad >> experience with a slight change to our Firewall. >> MailScanner is currently configured to reject all emails which have >> an attachment with html scripting (which I understand to be a Good >> Thing). Except one of our suppliers insists that they send their RMA >> form unzipped, with loads of scripting. They say that their system >> does not allow them to compress/rename the form prior to sending. >> From reading the archives and manuals, I gather I need to do >> something like the following: >> >> 1. create a htmlscript.allow.rules (or other name) with the >> following contents: >> From: 127.0.0.1 no >> From: *@awkwardsupplier.com no >> FromOrTo: default yes >> >> 2. Change MailScanner.conf from: >> Allow Script Tags = no >> to: >> Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules >> >> Am I correct in believing this will allow virus scanning on their >> emails, but allow the RMA Form to be received? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > Thanks for pointing that out - that solved the problem. I didn't beleive that the answer could be so simple and so obvious! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 16:47:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Your MailScanner mailing list subscription Message-ID: Steve (steve@yurmail.com), I have suspended your MailScanner mailing list subscription until you tell your stupid email challenge-response system to accept mail from the mailing list server. You asked to be sent the mail. You should at least configure your system to accept mail that you asked for in the first place. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 16:49:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? Even BitDefender caught this one before McAfee. I haven't taken actual data, but it seems Clam is way above the others I use in detection. Lets hear it for open source!! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 16:54:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > I'm receiving a lot of them... Only clamav was detecting it on my server in > the begining... Now bitdefender is detecting it to. But mcafee does not... > Todays update for McAfee now gets it. I really hate McAfee's policy of one update a day, unless it is a higher risk. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 17:24:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Scott Silva wrote: > Roger Jochem wrote: >> I'm receiving a lot of them... Only clamav was detecting it on my >> server in the begining... Now bitdefender is detecting it to. But >> mcafee does not... >> > Todays update for McAfee now gets it. I really hate McAfee's policy of > one update a day, unless it is a higher risk. > What I hate isn't the dailys... It's the extra.dats... Don't seem to be as common any more (due to the shift to daily updates, but still... They should look'n'learn from clam;) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 17:07:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi Scott, > > can you send me the link you are using? > ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm or .deb or .run if you need the Debian file or the self installer > It just times out when I try > > Thanks > > Lance > > -----Original Message----- > From: Scott Silva > To: MAILSCANNER@JISCMAIL.AC.UK > Date: Thu, 2 Jun 2005 13:57:51 -0700 > Subject: Re: Trouble downloading Bitdefender? > > Lance Haig wrote: > >>Anyone else having trouble downloading from their site? >> >>Lance >> > > Not at all. Just downloaded again. Quite speedy actually. > -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 17:27:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: lots of new mytobs today.....CA recon we're up for a massive zombie break out (again) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steen, Glenn wrote: > Scott Silva wrote: > >>Roger Jochem wrote: >> >>>I'm receiving a lot of them... Only clamav was detecting it on my >>>server in the begining... Now bitdefender is detecting it to. But >>>mcafee does not... >>> >> >>Todays update for McAfee now gets it. I really hate McAfee's policy of >>one update a day, unless it is a higher risk. >> > > What I hate isn't the dailys... It's the extra.dats... Don't seem to be > as common any more (due to the shift to daily updates, but still... They > should look'n'learn from clam;) > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jhiggins at KENNESAW.EDU Fri Jun 3 19:31:39 2005 From: jhiggins at KENNESAW.EDU (Jonathan Higgins) Date: Thu Jan 12 21:29:53 2006 Subject: SA userprefs stored in SQL Message-ID: I looked through the customconfig, and found the section talking about white/black lists per domain.... which is not what im looking for. global storage of user preferences. thats what I need. Spamassassin provides it only in thier client server configuration. I want to continue to use spamassassin the way that MailScanner wants to. anyone else out there doing this?.. are you running spamd/spamc? and so on.. >I am using the CustomConfig to do that, I had it working great on an old >server until a little hitch with MailScanner maintaining mysql connections >on the new one... haven't had time to figure out the issue, but look at >CustomConfig.pm, I am using it to obtain if the domain should want mail >scanned, the score, actions, etc... > >------------------------- >Brian Taber >Manager/IT Specialist >Diverse Computer Group >Office: 508-758-4402 >Cell: 508-496-9221 > > This apparently has come up a few times in the past. I may be asking > this in the wrong place, so if I need to post this question on the > spamassassin list please let me know. > > I even found a piece of information on the Faq-O-matic... here is an > excerpt. > > "..... problem is that SpamAssassin, according to what I've read at the > following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, > will only use the DB for getting the user preferences if it's running in > client/server mode, i.e., as spamc and spamd. So this means that if I > want to let end users manage their own whitelists, I would have to get > SpamAssassin running the old slow way. Thoughts or suggestions? " > > After searching, I have not found a solution to this. I am already > using a mysql bayes for my lvs mail cluster system.. I need a way to > store SA user preferences globally.. and i would rather not go back to > using spamc/spamd. > > thanks. > > > > Jonathan Higgins > IT R&D Project Manager > Kennesaw State University ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jun 3 19:50:07 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:54 2006 Subject: ClamV updates Message-ID: I about have it figured out (your email gave it to me). I figured out how it works, sort of. I did this. I have clamav-0.84rc1 installed. I got yum to use the dap repository. I do a yum search clam and it returns results for clamav.i386 and others. Yum update clamav does not work. Yum update clamav.i386 did not work. I did yum install clamav.i386 and it appeared to install the latest version. Then I ran freshclam and it still says that I am updated. Any thoughts? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mauricio Cavalcanti > Sent: Friday, June 03, 2005 10:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamV updates > > I put this in yum.conf: > > [crash-hat] > name=Fedora Core $releasever - $basearch - CrashHat > baseurl=http://crash.fce.vutbr.cz/crash-hat/$releasever > enabled=1 > gpgcheck=1 > > It working with no problems... > > Mauricio. > > >From: Ugo Bellavance > >Reply-To: MailScanner mailing list > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: ClamV updates > >Date: Wed, 25 May 2005 15:24:24 -0400 > > > >Billy A. Pumphrey wrote: > >>Thank you for the replies. I am still a little lost on how I should/can > >>do the updates. > >> > >>Looking at the clamv site (http://www.clamav.net/binary.html) I do not > >>know which package to use for CentOS. > > > >There is no rpm compiled specifically for CentOS (RHEL). Maybe another > >would, maybe not. I can't tell. > > > >> > >>Also, do you know how that I can update using the Dag yum? > > > >2 choices: > > > >1- manually download & install http://dag.wieers.com/packages/clamav/ > >2- Use dag's repository using apt, yum or up2date(beware of the > >implications). http://dag.wieers.com/home-made/apt/FAQ.php#B. Be > >careful, this may update other packages when you do system updates. > > > >> > >>Billy Pumphrey > >>IT Manager > >>Wooden & McLaughlin > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jun 3 20:14:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:54 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > I about have it figured out (your email gave it to me). I figured out > how it works, sort of. I did this. > > I have clamav-0.84rc1 installed. > > I got yum to use the dap repository. I do a yum search clam and it > returns results for clamav.i386 and others. > > Yum update clamav does not work. Yum update clamav.i386 did not work. > > I did yum install clamav.i386 and it appeared to install the latest > version. Then I ran freshclam and it still says that I am updated. > > Any thoughts? Must be a problem with your yum config. 'yum install clamav' should work. You'll probably need clamav-db as well. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jun 3 21:32:06 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:54 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Scott, Thanks that link worked. Seems strange :-) Lance Scott Silva wrote: Lance Haig wrote: Hi Scott, can you send me the link you are using? ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm or .deb or .run if you need the Debian file or the self installer It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: Anyone else having trouble downloading from their site? Lance Not at all. Just downloaded again. Quite speedy actually. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 21:42:51 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: I got the bayes.lock file blues again. Read the MAQ, read the FAQ, read the book. I must be slow. Sendmail Suse 9.3 spamassassin 3.03 MailScanner 4.41.3 spam.assassin.prefs.conf bayes_auto_expire 0 MailScanner.conf Rebuild Bayes Every = 86400 Wait During Bayes Build = yes Lock Type = posix Root's crontab: 0 5 * * * /usr/bin/sa-learn --force-expire > /dev/null 2>&1 I don't stop MailScanner to run the force-expire. I don't get any bayes_expiry files anymore, but every day I get a couple bayes.lock* files. The timestamp is a couple minutes apart up to about 10 minutes apart and they all fall w/in a half hour up to about an hour and a half. I think around the same time of day that I last started MailScanner, which makes me suspect the rebuild process. In this case the times range from 9:04 up to 9:48 am. Should I set "Rebuild Bayes Every = 0" and the Wait back to no? I would have thought that telling it to wait would have solved the problem. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 21:54:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why are you rebuilding the Bayes db from MailScanner and from cron? You should do either 1 or the other. I would recommend (of course) doing it from MailScanner.conf, so just comment out your crontab entry. Kevin Miller wrote: >I got the bayes.lock file blues again. Read the MAQ, read the FAQ, read the >book. I must be slow. > >Sendmail >Suse 9.3 >spamassassin 3.03 >MailScanner 4.41.3 > >spam.assassin.prefs.conf > bayes_auto_expire 0 > >MailScanner.conf > Rebuild Bayes Every = 86400 > Wait During Bayes Build = yes > Lock Type = posix > >Root's crontab: > 0 5 * * * /usr/bin/sa-learn --force-expire > /dev/null 2>&1 > >I don't stop MailScanner to run the force-expire. > >I don't get any bayes_expiry files anymore, but every day I get a couple >bayes.lock* files. The timestamp is a couple minutes apart up to about 10 >minutes apart and they all fall w/in a half hour up to about an hour and a >half. I think around the same time of day that I last started MailScanner, >which makes me suspect the rebuild process. In this case the times range >from 9:04 up to 9:48 am. > >Should I set "Rebuild Bayes Every = 0" and the Wait back to no? I would >have thought that telling it to wait would have solved the problem. > >Thanks... > >...Kevin > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 22:24:41 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: Julian Field wrote: > Why are you rebuilding the Bayes db from MailScanner and from cron? > You should do either 1 or the other. I would recommend (of course) > doing it from MailScanner.conf, so just comment out your crontab > entry. Well, I was having the lock file troubles so I added the cron job yesterday to see if it would make any difference and forgot to turn it off in MailScanner. Senior moment I guess. I'll kill it and see how things go over the weekend. Should I leave the wait on? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 23:30:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:54 2006 Subject: Your MailScanner mailing list subscription Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Steve (steve@yurmail.com), > > I have suspended your MailScanner mailing list subscription until you > tell your stupid email challenge-response system to accept mail from > the mailing list server. > > You asked to be sent the mail. You should at least configure your > system to accept mail that you asked for in the first place. > I second that emotion! Seems a little over the top to ask for help, and then fight the answer. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 23:40:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > >>Why are you rebuilding the Bayes db from MailScanner and from cron? >>You should do either 1 or the other. I would recommend (of course) >>doing it from MailScanner.conf, so just comment out your crontab >>entry. >> >> > >Well, I was having the lock file troubles so I added the cron job yesterday >to see if it would make any difference and forgot to turn it off in >MailScanner. Senior moment I guess. I'll kill it and see how things go >over the weekend. > >Should I leave the wait on? > > The wait only applies to MailScanner's rebuilds, it has no effect on your cron job's operation. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Sat Jun 4 00:30:26 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: Julian Field wrote: > Kevin Miller wrote: > >> Julian Field wrote: >> >> >>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>> You should do either 1 or the other. I would recommend (of course) >>> doing it from MailScanner.conf, so just comment out your crontab >>> entry. >>> >>> >> >> Well, I was having the lock file troubles so I added the cron job >> yesterday to see if it would make any difference and forgot to turn >> it off in MailScanner. Senior moment I guess. I'll kill it and see >> how things go over the weekend. >> >> Should I leave the wait on? >> >> > The wait only applies to MailScanner's rebuilds, it has no effect on > your cron job's operation. Yeah, I understand that. If I kill the cron job, and leave the rebuild at 86400, should the wait be enabled? Default is no, but in this case what does wisdom dictate? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sat Jun 4 03:04:59 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know that there has to be a howto somewhere, but after several hours I can not find it. I am running mailscanner with postfix and want to do my filtering through procmail. When I change my mailbox_command = /usr/bin/procmail it just bypasses mailscanner and I get no checks. The best information i can come up with is that there are actually 2 postfix/main.cf files (postfix and postfix.in). The problem is that I do not have these files (postfix.in). Do I need to copy them from somewhere. If somebody could point me to a tutorial that would be great thanks Mike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jun 4 05:15:21 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: Johnny Hughes just released this guide a few days ago. I found it to be informative for me, a sendmail guy: http://www.hughesjr.com/content/view/42/2/Site_News Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of michael irons Sent: Friday, June 03, 2005 9:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: postfix+mailscanner+procmail I know that there has to be a howto somewhere, but after several hours I can not find it. I am running mailscanner with postfix and want to do my filtering through procmail. When I change my mailbox_command = /usr/bin/procmail it just bypasses mailscanner and I get no checks. The best information i can come up with is that there are actually 2 postfix/main.cf files (postfix and postfix.in). The problem is that I do not have these files (postfix.in). Do I need to copy them from somewhere. If somebody could point me to a tutorial that would be great thanks Mike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sat Jun 4 05:40:52 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yeah I saw that site in my searches. I have Mailscanner up and running along with postfix. Itworks when I send mail to /var/spool... and directly to my Maildir. But I wasnt to use procmail to filter out spam to a users spam folder. My understanding from all of the sites I have read mailscanner works like this incoming postfix server -> mailscanner -> outgoing postfix -> final destination (Maildir, spool, or mda). but if I use mailbox_command = /usr/bin/procmail in postfix/main.cf it goes striaght to procmail, bypassing mailscanner. Do I need to configure the second postfix server and how do I do that, or am I completely confused. thanks Mike --- Mike Kercher wrote: > Johnny Hughes just released this guide a few days > ago. I found it to be > informative for me, a sendmail guy: > > http://www.hughesjr.com/content/view/42/2/Site_News > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of michael irons > Sent: Friday, June 03, 2005 9:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: postfix+mailscanner+procmail > > I know that there has to be a howto somewhere, but > after several hours I can > not find it. I am running mailscanner with postfix > and want to do my > filtering through procmail. When I change my > mailbox_command = > /usr/bin/procmail it just bypasses mailscanner and I > get no checks. The best > information i can come up with is that there are > actually 2 postfix/main.cf > files (postfix and postfix.in). The problem is that > I do not have these > files (postfix.in). Do I need to copy them from > somewhere. If somebody could > point me to a tutorial that would be great > > thanks > Mike > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 08:02:08 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Hello, after upgrade on 4-43.1 version sophossavi not scan for viruses. After start i see: SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files but mails from testvirus.org are not scannet. When in MailScanner.conf i switch to sophos - scan is o.k. Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From bg.mahesh at INDIAINFO.COM Sat Jun 4 08:39:00 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I see the following type of messages in /var/log/maillog tag found in message j4UA2wNj002975 I found out about this when a friend's email was never reaching me. In that email his signature has a URL. What should I do to receive this email or atleast for MailScanner to bounce back the email to the sender warning him about the error -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 09:45:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Uh, Lance.... that's the exact link you get by following their link on the download page.... I guess that's one more to chalk up on the "temporary problem" account:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Lance Haig Sent: fr 2005-06-03 22:32 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Trouble downloading Bitdefender? Hi Scott, Thanks that link worked. Seems strange :-) Lance Scott Silva wrote: >Lance Haig wrote: > > >> Hi Scott, >> >>can you send me the link you are using? >> >> >> > >ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm >or .deb or .run if you need the Debian file or the self installer > > >>It just times out when I try >> >>Thanks >> >>Lance >> >>-----Original Message----- >>From: Scott Silva >>To: MAILSCANNER@JISCMAIL.AC.UK >>Date: Thu, 2 Jun 2005 13:57:51 -0700 >>Subject: Re: Trouble downloading Bitdefender? >> >>Lance Haig wrote: >> >> >> >>>Anyone else having trouble downloading from their site? >>> >>>Lance >>> >>> >>> >>Not at all. Just downloaded again. Quite speedy actually. >> >> >> > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 09:50:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: Your MailScanner mailing list subscription Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I bet we're all silently cheering Jules for this action... Or (as in your and my case Scott) not-so-silently:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Scott Silva Sent: lö 2005-06-04 00:30 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Your MailScanner mailing list subscription Julian Field wrote: > Steve (steve@yurmail.com), > > I have suspended your MailScanner mailing list subscription until you > tell your stupid email challenge-response system to accept mail from > the mailing list server. > > You asked to be sent the mail. You should at least configure your > system to accept mail that you asked for in the first place. > I second that emotion! Seems a little over the top to ask for help, and then fight the answer. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 10:31:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sounds like the deprecated "2 postfix setup via deferral". You should be using "1 postfix with the HOLD feature" (Joshua will disagree:-). Look at the wiki, there's quite a lot about PF there: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation AFAICS, you must be doing something slightly strange, since the mailbox_command is used by the local delivery agent.... which should be way after MS is finished. Tell us a bit more about the specific setup, and I'm sure will be able to give some pointers. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of michael irons Sent: lö 2005-06-04 06:40 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: postfix+mailscanner+procmail yeah I saw that site in my searches. I have Mailscanner up and running along with postfix. Itworks when I send mail to /var/spool... and directly to my Maildir. But I wasnt to use procmail to filter out spam to a users spam folder. My understanding from all of the sites I have read mailscanner works like this incoming postfix server -> mailscanner -> outgoing postfix -> final destination (Maildir, spool, or mda). but if I use mailbox_command = /usr/bin/procmail in postfix/main.cf it goes striaght to procmail, bypassing mailscanner. Do I need to configure the second postfix server and how do I do that, or am I completely confused. thanks Mike --- Mike Kercher wrote: > Johnny Hughes just released this guide a few days > ago. I found it to be > informative for me, a sendmail guy: > > http://www.hughesjr.com/content/view/42/2/Site_News > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of michael irons > Sent: Friday, June 03, 2005 9:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: postfix+mailscanner+procmail > > I know that there has to be a howto somewhere, but > after several hours I can > not find it. I am running mailscanner with postfix > and want to do my > filtering through procmail. When I change my > mailbox_command = > /usr/bin/procmail it just bypasses mailscanner and I > get no checks. The best > information i can come up with is that there are > actually 2 postfix/main.cf > files (postfix and postfix.in). The problem is that > I do not have these > files (postfix.in). Do I need to copy them from > somewhere. If somebody could > point me to a tutorial that would be great > > thanks > Mike > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 12:48:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > >>Kevin Miller wrote: >> >> >> >>>Julian Field wrote: >>> >>> >>> >>> >>>>Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>You should do either 1 or the other. I would recommend (of course) >>>>doing it from MailScanner.conf, so just comment out your crontab >>>>entry. >>>> >>>> >>>> >>>> >>>Well, I was having the lock file troubles so I added the cron job >>>yesterday to see if it would make any difference and forgot to turn >>>it off in MailScanner. Senior moment I guess. I'll kill it and see >>>how things go over the weekend. >>> >>>Should I leave the wait on? >>> >>> >>> >>> >>The wait only applies to MailScanner's rebuilds, it has no effect on >>your cron job's operation. >> >> > >Yeah, I understand that. If I kill the cron job, and leave the rebuild at >86400, should the wait be enabled? Default is no, but in this case what >does wisdom dictate? > > It depends a bit on the mail traffic through your site. If the rebuild takes a long time, then you probably want to continue delivering while it goes on (wait=no). If it only takes a minute or two, and your server can catch up fairly quickly, you probably want to wait for it to complete (wait=yes). I would go for wait=yes and change it if it causes a problem. Otherwise spam will get through during the rebuild. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:11:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can someone check this please? I can't get the SAVI module to install on my RHEL systems. Peter, please can you do a "MailScanner -v" and post the output. Peter Zimen wrote: > * PGP Bad Signature, Signed by a unverified key > Hello, > after upgrade on 4-43.1 version sophossavi not scan for viruses. > After start i see: > > SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses > Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files > > but mails from testvirus.org are not scannet. When in > MailScanner.conf i switch to sophos - scan is o.k. > > > > Peter > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > * Thawte Freemail Member > * Issuer: Thawte Consulting (Pty) Ltd. - Unverified > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Jun 4 13:26:33 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Running 4.43.2 on Solaris 9 with sophossavi (perl module for savi = 0.25). Sophos is detecting viruses, but not near as much as ClamAV. But I goofed in my adjustment of sophos-autoupdate yesterday, so I wasn't getting Sophos updates for a few hours. Jeff Earickson Colby College On Sat, 4 Jun 2005, Julian Field wrote: > Date: Sat, 4 Jun 2005 13:11:09 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sophossavi > > Can someone check this please? I can't get the SAVI module to install on my > RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > >> * PGP Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. After >> start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files >> >> but mails from testvirus.org are not scannet. When in MailScanner.conf i >> switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:32:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just tested this on SuSE 9.3 and it works fine. Try doing a test with eicar (www.eicar.org) and see if that gets detected. Also what does the maillog say about a scan where is misses a virus? Julian Field wrote: > Can someone check this please? I can't get the SAVI module to install > on my RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > >> > Old Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. >> After start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files >> >> but mails from testvirus.org are not scannet. When in >> MailScanner.conf i switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:35:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is it just showing that it found a link in the message, which it will have to check for phishing attacks. It doesn't mean it will actually alter the message, just that it needs to look at it further. Check out the "notify senders" options. But do *NOT* switch on Notify Senders of Viruses as that will just spam people who didn't send you viruses, as all modern viruses fake the senders address, so that you cannot trace who really sent the message. BG Mahesh wrote: >hi > >I see the following type of messages in /var/log/maillog > > tag found in message j4UA2wNj002975 > >I found out about this when a friend's email was never reaching me. In that email his signature has a URL. What should I do to receive this email or atleast for MailScanner to bounce back the email to the sender warning him about the error > >-- >B.G. Mahesh >bg.mahesh@indiainfo.com >http://www.indiainfo.com/ > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 13:59:52 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.43.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.49 Net::DNS missing Net::LDAP missing Parse::RecDescent 0.30 SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI --- S pozdravom Peter Zimen On 4.6.2005, at 14:11, Julian Field wrote: > Can someone check this please? I can't get the SAVI module to > install on my RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > > >> * PGP Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. >> After start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >> files >> >> but mails from testvirus.org are not scannet. When in >> MailScanner.conf i switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From mailscanner at MCKERRS.NET Sat Jun 4 14:10:55 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Kevin Miller wrote: > >> Julian Field wrote: >> >> >>> Kevin Miller wrote: >>> >>> >>> >>>> Julian Field wrote: >>>> >>>> >>>> >>>> >>>>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>> You should do either 1 or the other. I would recommend (of course) >>>>> doing it from MailScanner.conf, so just comment out your crontab >>>>> entry. >>>>> >>>>> >>>> >>>> Well, I was having the lock file troubles so I added the cron job >>>> yesterday to see if it would make any difference and forgot to turn >>>> it off in MailScanner. Senior moment I guess. I'll kill it and see >>>> how things go over the weekend. >>>> Should I leave the wait on? >>>> >>>> >>>> >>> >>> The wait only applies to MailScanner's rebuilds, it has no effect on >>> your cron job's operation. >>> >> >> >> Yeah, I understand that. If I kill the cron job, and leave the >> rebuild at >> 86400, should the wait be enabled? Default is no, but in this case what >> does wisdom dictate? >> >> > It depends a bit on the mail traffic through your site. If the rebuild > takes a long time, then you probably want to continue delivering while > it goes on (wait=no). If it only takes a minute or two, and your > server can catch up fairly quickly, you probably want to wait for it > to complete (wait=yes). > > I would go for wait=yes and change it if it causes a problem. > Otherwise spam will get through during the rebuild. > Hi Julian, on a related note, is the 'minute or two' rebuild process a CPU bound task ? I have a dual PII-450 machine and it takes 3 minutes plus to rebuild the database (I'd assume this is a single threaded task ?). Will this improve if I move my mail server to a P4 1.6ghz for example ? are you aware of any benchmarks for this spamassassin rebuild ? Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 14:35:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mailscanner wrote: > Julian Field wrote: > >> Kevin Miller wrote: >> >>> Julian Field wrote: >>> >>> >>>> Kevin Miller wrote: >>>> >>>> >>>> >>>>> Julian Field wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>>> You should do either 1 or the other. I would recommend (of course) >>>>>> doing it from MailScanner.conf, so just comment out your crontab >>>>>> entry. >>>>>> >>>>>> >>>>> >>>>> >>>>> Well, I was having the lock file troubles so I added the cron job >>>>> yesterday to see if it would make any difference and forgot to turn >>>>> it off in MailScanner. Senior moment I guess. I'll kill it and see >>>>> how things go over the weekend. >>>>> Should I leave the wait on? >>>>> >>>>> >>>>> >>>> >>>> >>>> The wait only applies to MailScanner's rebuilds, it has no effect on >>>> your cron job's operation. >>>> >>> >>> >>> >>> Yeah, I understand that. If I kill the cron job, and leave the >>> rebuild at >>> 86400, should the wait be enabled? Default is no, but in this case >>> what >>> does wisdom dictate? >>> >>> >> It depends a bit on the mail traffic through your site. If the >> rebuild takes a long time, then you probably want to continue >> delivering while it goes on (wait=no). If it only takes a minute or >> two, and your server can catch up fairly quickly, you probably want >> to wait for it to complete (wait=yes). >> >> I would go for wait=yes and change it if it causes a problem. >> Otherwise spam will get through during the rebuild. >> > Hi Julian, > > on a related note, is the 'minute or two' rebuild process a CPU bound > task ? I have a dual PII-450 machine and it takes 3 minutes plus to > rebuild the database (I'd assume this is a single threaded task ?). > Will this improve if I move my mail server to a P4 1.6ghz for example > ? are you aware of any benchmarks for this spamassassin rebuild ? Yes, I think it is quite heavy on CPU. Haven't seen any benchmarks of this at all, sorry. A 1.6Ghz box should definitely do it a lot faster than a P2/450 box. The second CPU won't help you though, it's a single-threaded program. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqGuJhH2WUcUFbZUEQKncwCgmddlHksn+rTgnx86fGev7eElmMMAn1nX AwSpmwAYVORYzciXkYCKcVOc =EmOY -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Sat Jun 4 14:49:57 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Mailscanner wrote: > > > >>Julian Field wrote: >> >> >> >>>Kevin Miller wrote: >>> >>> >>> >>>>Julian Field wrote: >>>> >>>> >>>> >>>> >>>>>Kevin Miller wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>>>>You should do either 1 or the other. I would recommend (of course) >>>>>>>doing it from MailScanner.conf, so just comment out your crontab >>>>>>>entry. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>Well, I was having the lock file troubles so I added the cron job >>>>>>yesterday to see if it would make any difference and forgot to turn >>>>>>it off in MailScanner. Senior moment I guess. I'll kill it and see >>>>>>how things go over the weekend. >>>>>>Should I leave the wait on? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>The wait only applies to MailScanner's rebuilds, it has no effect on >>>>>your cron job's operation. >>>>> >>>>> >>>>> >>>> >>>>Yeah, I understand that. If I kill the cron job, and leave the >>>>rebuild at >>>>86400, should the wait be enabled? Default is no, but in this case >>>>what >>>>does wisdom dictate? >>>> >>>> >>>> >>>> >>>It depends a bit on the mail traffic through your site. If the >>>rebuild takes a long time, then you probably want to continue >>>delivering while it goes on (wait=no). If it only takes a minute or >>>two, and your server can catch up fairly quickly, you probably want >>>to wait for it to complete (wait=yes). >>> >>>I would go for wait=yes and change it if it causes a problem. >>>Otherwise spam will get through during the rebuild. >>> >>> >>> >>Hi Julian, >> >>on a related note, is the 'minute or two' rebuild process a CPU bound >>task ? I have a dual PII-450 machine and it takes 3 minutes plus to >>rebuild the database (I'd assume this is a single threaded task ?). >>Will this improve if I move my mail server to a P4 1.6ghz for example >>? are you aware of any benchmarks for this spamassassin rebuild ? >> >> > >Yes, I think it is quite heavy on CPU. Haven't seen any benchmarks of >this at all, sorry. A 1.6Ghz box should definitely do it a lot faster >than a P2/450 box. The second CPU won't help you though, it's a >single-threaded program. > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQqGuJhH2WUcUFbZUEQKncwCgmddlHksn+rTgnx86fGev7eElmMMAn1nX >AwSpmwAYVORYzciXkYCKcVOc >=EmOY >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Thanks Julian, this thread has been very useful for me as I was previously running my own cron job to rebuild the database. Much neater to have MS do it for me and much easier for my migration as I wont have to remember that particular cron entry. Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 14:56:30 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: SA userprefs stored in SQL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jonathan Higgins wrote: >I looked through the customconfig, and found the section talking about >white/black lists per domain.... which is not what im looking for. > >global storage of user preferences. thats what I need. Spamassassin >provides it only in thier client server configuration. I want to continue >to use spamassassin the way that MailScanner wants to. > >anyone else out there doing this?.. are you running spamd/spamc? and so on.. > > > > Unfortunately its not possible to use userwise prefs in Mysql for SA (I realised this recently) if you are using MailScanner. SA needs to switch user its is running as to load the prefs of the user from SQL, but incase of MailScanner SA is always invoked as the user which is running the MailScanner processes, also since MailScanner processes mails in batches and compiles (i.e. loads rulesets and other params) SA modules once per batch its not possible to switch user and invoke SA from within MailScanner. One time compilation of SA (per batch) in MailScanner makes anti-spam checks more efficient. Things would become worse if MailScanner had to compile SA per message. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 15:15:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: SA userprefs stored in SQL Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rakesh wrote: > Jonathan Higgins wrote: > >> I looked through the customconfig, and found the section talking about >> white/black lists per domain.... which is not what im looking for. >> >> global storage of user preferences. thats what I need. Spamassassin >> provides it only in thier client server configuration. I want to >> continue >> to use spamassassin the way that MailScanner wants to. >> >> anyone else out there doing this?.. are you running spamd/spamc? and >> so on.. >> >> >> >> > Unfortunately its not possible to use userwise prefs in Mysql for SA > (I realised this recently) if you are using MailScanner. SA needs to > switch user its is running as to load the prefs of the user from SQL, > but incase of MailScanner SA is always invoked as the user which is > running the MailScanner processes, also since MailScanner processes > mails in batches and compiles (i.e. loads rulesets and other params) > SA modules once per batch its not possible to switch user and invoke > SA from within MailScanner. One time compilation of SA (per batch) in > MailScanner makes anti-spam checks more efficient. Things would become > worse if MailScanner had to compile SA per message. It doesn't even load rulesets and SA modules once per batch (though it has to do that for MCP). It loads the rulesets and SA modules once every restart (by default every 4 hours, see "Restart Every") so that it is as fast as I can make it. If you have to compile SA for every message, things get really slow. The same sort of lack of speed that most of my competitors have. :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqG3lBH2WUcUFbZUEQJyqgCgwiZtcHs19FWs7uakK0i362VDXtYAn1tJ ugBPVuZUcYvkjcgVzfZOQvLG =xCpI -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:18:09 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>># As a rough guide, try 5 children per CPU. But read the notes above. >>>Max Children = 5 >>> >>>I guess I have to change it to 10 and see how things work as we >>>have a dual processor >>> >>> >>You can try it out, it might help or not though, depending on many >>factors. As other said, the message delay is the only factor that's >>always a good indication. >> >>Is this a dedicated MailScanner machine? >> >> >> > >Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail > > > I have recently faced a similar problem especially during the sober and mytob outbreak, Servers were slow in processing the mails, I receive about 2 lac of mails per day on individual servers and the mail hit rate on the servers were high than the processing rate and usually at a given point of time there used to be 1 K of mails waiting in the queue to be processed by MailScanner. Here is what I did to optimise my setup and thought this might help you. Reduced the number of Max Children to 5 from 10 (Although I have dual Xeon and 2 gigs of RAM) Kept a decent batch size not too high and not too low : 20 from vmstat and iostat outputs I found tht IO was a prob for me so I mounted /tmp (area where SA and clamav decomposes mail ) on tmpfs. Many would say tht its a bad idea to put /tmp on tmpfs as chances are there tht it might grow up and hog up all the memory so I put a size cap on it using -size option in mount and did some tests on dummy machines to ensure tht its not spilling over the specified limit and since this server is just an Anti-Spam/Anti-Virus gateway it was easy for me to ensure tht no other apps create their dummy files in /tmp. This has reduced the disk IO on the system and increased the processing to some extent. Now its usually 50 mails at a given time waiting in the queue to be processed by MS, while the mail hit rate remains the same. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:30:38 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rabie van der Merwe wrote: >Hi Ed, > >I also had issues with releasing mail, here is what I did and posted to the >group: > >Regards >Rabie > >PS This should release anything. > >----snip---- >Thanx too all, it works, herewith all the changes that where required for >MailScanner 4.39. Also to make this more foolproof, one could add a 'AND >From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the >email address is of the sender of the quarantine proccess and should do this >if you have users on the local box who send mail. >Changes to MailScanner.conf: >Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning = >%rules-dir%/dangerous.content.scan.rules >Filename Rules = %rules-dir%/filename.rules Filetype Rules = >%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules > >Files: >virus.scan.rules: >From: 127.0.0.1 no >FromOrTo: default yes > >dangerous.content.scan.rules: >From: 127.0.0.1 no >FromOrTo: default yes > >spam.check.rules >From: 127.0.0.1 no >FromOrTo: default yes > >filename.rules >From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf >FromOrTo: default /etc/MailScanner/filename.rules.conf > >filetype.rules: >From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf >FromOrTo: default /etc/MailScanner/filetype.rules.conf > >filename.rules.allowall.conf: >allow .* - - > >filetype.rules.allowall.conf: >allow .* - - > >Regards >Rabie >----snip---- > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Ed Bruce >Sent: 26 May 2005 17:52 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Release a quarantined file (postfix) > >I tried this and the email was just quarantined again for the same reason. >So this doesn't release the email from quarantine. I'll try the save message >as a Queue Files option and see if the other option works to bypass >MailScanner. > >Martin Hepworth wrote: > > > >>Kenneth >> >>Assuming Postfix still pretends to be sendmail try >> >>sendmail -ti < message >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Kenneth Kalmer wrote: >> >> >> Reprocessing of the mail happens if you release it from quarantine because the mail goes back to hold as it gets processed by cleanup (assuming tht ur using postfix) . In postfix it usually follows a path something like this Internet -> SMTPD -> cleanup --> HOLD Queue When a mail is released from quarantine using the sendmail command it follows like this Sendmail command invokation --> pickup --> cleanup --> HOLD Queue So instead of writing so many rulesets to allow all the mails from the the local machine its easier if u put override options for pickup in your master.cf pickup fifo n - n 60 1 pickup -o receive_override_options=no_header_body_checks This will cause all those mails queued due to pickup not to go on hold, so the mails wont un-necessarily go in for MailScanner processing. Also with this setup the notifications tht MailScanner generates will not go into HOLD queue as well and will save MailScanner from doing some un-necessary stuff. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Jun 4 15:54:41 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rakesh > Sent: Saturday, June 04, 2005 10:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Release a quarantined file (postfix) > > Rabie van der Merwe wrote: > > >Hi Ed, > > > >I also had issues with releasing mail, here is what I did and posted to > the > >group: > > > >Regards > >Rabie > > > >PS This should release anything. > > > >----snip---- > >Thanx too all, it works, herewith all the changes that where required for > >MailScanner 4.39. Also to make this more foolproof, one could add a 'AND > >From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the > >email address is of the sender of the quarantine proccess and should do > this > >if you have users on the local box who send mail. > >Changes to MailScanner.conf: > >Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning > = > >%rules-dir%/dangerous.content.scan.rules > >Filename Rules = %rules-dir%/filename.rules Filetype Rules = > >%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules > > > >Files: > >virus.scan.rules: > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >dangerous.content.scan.rules: > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >spam.check.rules > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >filename.rules > >From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf > >FromOrTo: default /etc/MailScanner/filename.rules.conf > > > >filetype.rules: > >From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf > >FromOrTo: default /etc/MailScanner/filetype.rules.conf > > > >filename.rules.allowall.conf: > >allow .* - - > > > >filetype.rules.allowall.conf: > >allow .* - - > > > >Regards > >Rabie > >----snip---- > > > > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > >Of Ed Bruce > >Sent: 26 May 2005 17:52 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Release a quarantined file (postfix) > > > >I tried this and the email was just quarantined again for the same > reason. > >So this doesn't release the email from quarantine. I'll try the save > message > >as a Queue Files option and see if the other option works to bypass > >MailScanner. > > > >Martin Hepworth wrote: > > > > > > > >>Kenneth > >> > >>Assuming Postfix still pretends to be sendmail try > >> > >>sendmail -ti < message > >> > >>-- > >>Martin Hepworth > >>Snr Systems Administrator > >>Solid State Logic > >>Tel: +44 (0)1865 842300 > >> > >> > >>Kenneth Kalmer wrote: > >> > >> > >> > Reprocessing of the mail happens if you release it from quarantine > because the mail goes back to hold as it gets processed by cleanup > (assuming tht ur using postfix) . In postfix it usually follows a path > something like this > > Internet -> SMTPD -> cleanup --> HOLD Queue > > When a mail is released from quarantine using the sendmail command it > follows like this > > Sendmail command invokation --> pickup --> cleanup --> HOLD Queue > > So instead of writing so many rulesets to allow all the mails from the > the local machine its easier if u put override options for pickup in > your master.cf > > pickup fifo n - n 60 1 pickup > -o receive_override_options=no_header_body_checks > > This will cause all those mails queued due to pickup not to go on hold, > so the mails wont un-necessarily go in for MailScanner processing. Also > with this setup the notifications tht MailScanner generates will not go > into HOLD queue as well and will save MailScanner from doing some > un-necessary stuff. > > -- > Regards, > Rakesh B. Pal > Netcore Solutions Pvt. Ltd. > I think dropping quarantined messages directly in the outbound queue will really release everything - even viruses. While it's more cumbersome, the advantage of setting up rulesets to allow skipping of certain checks for 127.0.0.1 is that you can always force virus checks :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:59:58 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>Reprocessing of the mail happens if you release it from quarantine >>because the mail goes back to hold as it gets processed by cleanup >>(assuming tht ur using postfix) . In postfix it usually follows a path >>something like this >> >>Internet -> SMTPD -> cleanup --> HOLD Queue >> >>When a mail is released from quarantine using the sendmail command it >>follows like this >> >>Sendmail command invokation --> pickup --> cleanup --> HOLD Queue >> >>So instead of writing so many rulesets to allow all the mails from the >>the local machine its easier if u put override options for pickup in >>your master.cf >> >>pickup fifo n - n 60 1 pickup >> -o receive_override_options=no_header_body_checks >> >>This will cause all those mails queued due to pickup not to go on hold, >>so the mails wont un-necessarily go in for MailScanner processing. Also >>with this setup the notifications tht MailScanner generates will not go >>into HOLD queue as well and will save MailScanner from doing some >>un-necessary stuff. >> >> >> >I think dropping quarantined messages directly in the outbound queue will >really release everything - even viruses. > >While it's more cumbersome, the advantage of setting up rulesets to allow >skipping of certain checks for 127.0.0.1 is that you can always force virus >checks :) > >Steve > > > Right Agreed on that, but our dear friend Julian has kept an option in MailScanner.conf "Keep Spam And MCP Archive Clean" turning it on will ensure that we don't quarantine Virus Mails in the first process itself :-) -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Jun 4 16:14:12 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rakesh > Sent: Saturday, June 04, 2005 11:00 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Release a quarantined file (postfix) > > Stephen Swaney wrote: > > >>Reprocessing of the mail happens if you release it from quarantine > >>because the mail goes back to hold as it gets processed by cleanup > >>(assuming tht ur using postfix) . In postfix it usually follows a path > >>something like this > >> > >>Internet -> SMTPD -> cleanup --> HOLD Queue > >> > >>When a mail is released from quarantine using the sendmail command it > >>follows like this > >> > >>Sendmail command invokation --> pickup --> cleanup --> HOLD Queue > >> > >>So instead of writing so many rulesets to allow all the mails from the > >>the local machine its easier if u put override options for pickup in > >>your master.cf > >> > >>pickup fifo n - n 60 1 pickup > >> -o receive_override_options=no_header_body_checks > >> > >>This will cause all those mails queued due to pickup not to go on hold, > >>so the mails wont un-necessarily go in for MailScanner processing. Also > >>with this setup the notifications tht MailScanner generates will not go > >>into HOLD queue as well and will save MailScanner from doing some > >>un-necessary stuff. > >> > >> > >> > >I think dropping quarantined messages directly in the outbound queue will > >really release everything - even viruses. > > > >While it's more cumbersome, the advantage of setting up rulesets to allow > >skipping of certain checks for 127.0.0.1 is that you can always force > virus > >checks :) > > > >Steve > > > > > > > Right Agreed on that, but our dear friend Julian has kept an option in > MailScanner.conf > > "Keep Spam And MCP Archive Clean" > > turning it on will ensure that we don't quarantine Virus Mails in the > first process itself :-) > > -- > Regards, > Rakesh B. Pal > Netcore Solutions Pvt. Ltd. Absolutely correct but "Keep Spam And MCP Archive Clean": # . . . is set to no by default as it causes a small hit in performance, and # many people don't allow users to access the spam quarantine, so don't # need it. Make sure you set this to yes if you or users are dropping mail directly in the outbound queue :) Steve Steve Swaney President Fort Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:17:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just tested this on a CentOS (RHEL clone) system, and it works fine. Something is definitely wrong with your setup. That helps me, though it doesn't help you :-( Incidentally, from your output below, you need to install my combined ClamAV and SA package, as you are missing some of the optional modules for SpamAssassin. Peter Zimen wrote: > * PGP Bad Signature, Signed by a unverified key > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.43.2 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > 0.30 SAVI > missing Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > missing URI > > > --- > > S pozdravom > > Peter Zimen > > On 4.6.2005, at 14:11, Julian Field wrote: > >> Can someone check this please? I can't get the SAVI module to >> install on my RHEL systems. >> >> Peter, please can you do a "MailScanner -v" and post the output. >> >> Peter Zimen wrote: >> >> >>> > Old Bad Signature, Signed by a unverified key >>> Hello, >>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>> After start i see: >>> >>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>> files >>> >>> but mails from testvirus.org are not scannet. When in >>> MailScanner.conf i switch to sophos - scan is o.k. >>> >>> >>> >>> Peter >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> * Thawte Freemail Member >>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > * Thawte Freemail Member > * Issuer: Thawte Consulting (Pty) Ltd. - Unverified > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHGDxH2WUcUFbZUEQITjACdGtE/Ul1Ikx+ZQKFPW9WJCxUtH0kAoLVB hDiu3Bi9n/W1tsZkKYa6r+AQ =urhR -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:18:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rakesh wrote: > Stephen Swaney wrote: > >>> Reprocessing of the mail happens if you release it from quarantine >>> because the mail goes back to hold as it gets processed by cleanup >>> (assuming tht ur using postfix) . In postfix it usually follows a path >>> something like this >>> >>> Internet -> SMTPD -> cleanup --> HOLD Queue >>> >>> When a mail is released from quarantine using the sendmail command it >>> follows like this >>> >>> Sendmail command invokation --> pickup --> cleanup --> HOLD Queue >>> >>> So instead of writing so many rulesets to allow all the mails from the >>> the local machine its easier if u put override options for pickup in >>> your master.cf >>> >>> pickup fifo n - n 60 1 pickup >>> -o receive_override_options=no_header_body_checks >>> >>> This will cause all those mails queued due to pickup not to go on hold, >>> so the mails wont un-necessarily go in for MailScanner processing. Also >>> with this setup the notifications tht MailScanner generates will not go >>> into HOLD queue as well and will save MailScanner from doing some >>> un-necessary stuff. >>> >>> >> >> I think dropping quarantined messages directly in the outbound queue >> will >> really release everything - even viruses. >> >> While it's more cumbersome, the advantage of setting up rulesets to >> allow >> skipping of certain checks for 127.0.0.1 is that you can always force >> virus >> checks :) >> >> Steve >> >> >> > Right Agreed on that, but our dear friend Julian has kept an option in > MailScanner.conf > > "Keep Spam And MCP Archive Clean" > > turning it on will ensure that we don't quarantine Virus Mails in the > first process itself :-) > You cannot guarantee that this option will be switched on. It does have an overhead (all spam has to be virus-scanned, which will double your virus scanning load). - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHGTBH2WUcUFbZUEQLl7gCeJwAhjtWdRWEzpIYNom1GEH8T10IAnitb FVQJyKJsvGP2AH80AnL9ipTF =ebDb -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:46:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you tell me what your maillog says around the missed virus? Also, try running an infected batch through MailScanner with it in Debug mode, and tell me if it says anything unlikely. (Ignore EOCD signature fails, they are just zip file scans that didn't find a zip file). Julian Field wrote: > * PGP Signed: 06/04/05 at 16:17:35 > > I have just tested this on a CentOS (RHEL clone) system, and it works > fine. Something is definitely wrong with your setup. That helps me, > though it doesn't help you :-( > > Incidentally, from your output below, you need to install my combined > ClamAV and SA package, as you are missing some of the optional modules > for SpamAssassin. > > Peter Zimen wrote: > >> > Old Bad Signature, Signed by a unverified key >> This is Perl version 5.008006 (5.8.6) >> >> This is MailScanner version 4.43.2 >> Module versions are: >> 1.00 AnyDBM_File >> 1.14 Archive::Zip >> 1.03 Carp >> 1.119 Convert::BinHex >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.16 File::Temp >> 1.29 HTML::Entities >> 3.45 HTML::Parser >> 2.30 HTML::TokeParser >> 1.21 IO >> 1.10 IO::File >> 1.123 IO::Pipe >> 1.50 Mail::Header >> 3.05 MIME::Base64 >> 5.417 MIME::Decoder >> 5.417 MIME::Decoder::UU >> 5.417 MIME::Head >> 5.417 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.417 MIME::Tools >> 0.10 Net::CIDR >> 1.08 POSIX >> 1.77 Socket >> 0.05 Sys::Syslog >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.810 DB_File >> 1.08 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.10 Digest::SHA1 >> missing Inline >> missing Mail::ClamAV >> 3.000003 Mail::SpamAssassin >> missing Mail::SPF::Query >> missing Net::CIDR::Lite >> 0.49 Net::DNS >> missing Net::LDAP >> missing Parse::RecDescent >> 0.30 SAVI >> missing Sys::Hostname::Long >> 2.42 Test::Harness >> 0.47 Test::Simple >> 1.95 Text::Balanced >> missing URI >> >> >> --- >> >> S pozdravom >> >> Peter Zimen >> >> On 4.6.2005, at 14:11, Julian Field wrote: >> >>> Can someone check this please? I can't get the SAVI module to >>> install on my RHEL systems. >>> >>> Peter, please can you do a "MailScanner -v" and post the output. >>> >>> Peter Zimen wrote: >>> >>> >>>> > Old Bad Signature, Signed by a unverified key >>>> Hello, >>>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>>> After start i see: >>>> >>>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>>> files >>>> >>>> but mails from testvirus.org are not scannet. When in >>>> MailScanner.conf i switch to sophos - scan is o.k. >>>> >>>> >>>> >>>> Peter >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> * Thawte Freemail Member >>>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHMvxH2WUcUFbZUEQItEgCgsCkDo8TCX3CRI2U2FjyDItvnkO0An24V Tmuejl4lE8l8dowIcTSNHBXr =2SSv -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 19:01:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I write you folks a generic way of adding in a spam-processing plugin, how would you like it to work? A command-line or a function call? How do you want the envelope data? (client ip, sender, recipients) Returns a spam yes/no flag, or a score to add to SpamAssassin? Or a yes/no flag with a configurable score in MailScanner.conf? How do you actually want this interface to work? P.S. Do my PGP-signed list postings look okay? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHsfhH2WUcUFbZUEQKwFQCfWsqhGU1ygJCbIpArZKL7ZcugOVYAn3RC dMdSQsxMGcrL51Ei8fikXSaM =a9hr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sat Jun 4 20:09:43 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Julian Field wrote: > P.S. Do my PGP-signed list postings look okay? > Thunderbird says it is partially signed ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Sat Jun 4 20:13:23 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4/6/05 20:09, Michele Neylon:: Blacknight wrote: > Julian Field wrote: > > P.S. Do my PGP-signed list postings look okay? > > Thunderbird says it is partially signed That's because JISCMail adds its own signature. The signed part verifies correctly. Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 20:32:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Possibly just because it is a key you don't trust or know about? Sync it with keyserver.pgp.com and you should pick up a whole shed load of email addresses for it. Michele Neylon:: Blacknight wrote: >Julian Field wrote: > > P.S. Do my PGP-signed list postings look okay? > > >Thunderbird says it is partially signed > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqIB7BH2WUcUFbZUEQJ1YgCgvCYv0zDAGhPSUwfNzkHQk70jNg0AoNKk ym1IPV8JnrVzJ142h1YY6jp1 =CNOB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 20:33:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Zanker wrote: >On 4/6/05 20:09, Michele Neylon:: Blacknight wrote: > > > >>Julian Field wrote: >> > P.S. Do my PGP-signed list postings look okay? >> >>Thunderbird says it is partially signed >> >> > >That's because JISCMail adds its own signature. The signed part verifies >correctly. > Cool. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqICDRH2WUcUFbZUEQLQ3gCgjwrMSpaDFBTZ7AiQrjyF+EMJulIAn1or NYciv8AHnZEbsTLwLXNZ6gh6 =Kb3J -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jun 4 21:03:23 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? > A command-line or a function call? > How do you want the envelope data? (client ip, sender, recipients) > > Returns a spam yes/no flag, or a score to add to SpamAssassin? > Or a yes/no flag with a configurable score in MailScanner.conf? > > How do you actually want this interface to work? > Command lines sound easier compared to functions for a non-programmer like me. My opinion (which mostly doesn't count) being that since most 3rd party engines would either use a yes/no combination OR a number OR a %age, the generic plugin ought to use a generic input method. Though that could complicate matters and code exponentially. Situation one (as already proposed by Julian) ============= The 3rd party engine outputs SPAM / NOTSPAM, in which case use the following flags a. NO (surely not spam) b. YES (surely spam) c. SKIPPED (if no output is found) Situation two ============= The 3rd party engine outputs a %age or a number (say -100 to +100) then the input filter will watch for a number and based on that give the following flag a. NO (surely not spam) b. MOSTLY_NO (mostly not spam) c. MOSTLY_YES (probably spam) d. YES (surely spam) e. SKIPPED (if no number is found) Flag Action: (again as recommended by Julian) The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a configurable score in MailScanner.conf seem most flexible to me. regards, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 22:23:19 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Nothing. Virus scanning and mail was delivered as normal clean email. --- S pozdravom Peter Zimen On 4.6.2005, at 17:46, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you tell me what your maillog says around the missed virus? > > Also, try running an infected batch through MailScanner with it in > Debug > mode, and tell me if it says anything unlikely. (Ignore EOCD signature > fails, they are just zip file scans that didn't find a zip file). > > Julian Field wrote: > > >> * PGP Signed: 06/04/05 at 16:17:35 >> >> I have just tested this on a CentOS (RHEL clone) system, and it works >> fine. Something is definitely wrong with your setup. That helps me, >> though it doesn't help you :-( >> >> Incidentally, from your output below, you need to install my combined >> ClamAV and SA package, as you are missing some of the optional >> modules >> for SpamAssassin. >> >> Peter Zimen wrote: >> >> >>>> Old Bad Signature, Signed by a unverified key >>>> >>> This is Perl version 5.008006 (5.8.6) >>> >>> This is MailScanner version 4.43.2 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.14 Archive::Zip >>> 1.03 Carp >>> 1.119 Convert::BinHex >>> 1.00 DirHandle >>> 1.05 Fcntl >>> 2.73 File::Basename >>> 2.08 File::Copy >>> 2.01 FileHandle >>> 1.06 File::Path >>> 0.16 File::Temp >>> 1.29 HTML::Entities >>> 3.45 HTML::Parser >>> 2.30 HTML::TokeParser >>> 1.21 IO >>> 1.10 IO::File >>> 1.123 IO::Pipe >>> 1.50 Mail::Header >>> 3.05 MIME::Base64 >>> 5.417 MIME::Decoder >>> 5.417 MIME::Decoder::UU >>> 5.417 MIME::Head >>> 5.417 MIME::Parser >>> 3.03 MIME::QuotedPrint >>> 5.417 MIME::Tools >>> 0.10 Net::CIDR >>> 1.08 POSIX >>> 1.77 Socket >>> 0.05 Sys::Syslog >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.810 DB_File >>> 1.08 Digest >>> 1.01 Digest::HMAC >>> 2.33 Digest::MD5 >>> 2.10 Digest::SHA1 >>> missing Inline >>> missing Mail::ClamAV >>> 3.000003 Mail::SpamAssassin >>> missing Mail::SPF::Query >>> missing Net::CIDR::Lite >>> 0.49 Net::DNS >>> missing Net::LDAP >>> missing Parse::RecDescent >>> 0.30 SAVI >>> missing Sys::Hostname::Long >>> 2.42 Test::Harness >>> 0.47 Test::Simple >>> 1.95 Text::Balanced >>> missing URI >>> >>> >>> --- >>> >>> S pozdravom >>> >>> Peter Zimen >>> >>> On 4.6.2005, at 14:11, Julian Field wrote: >>> >>> >>>> Can someone check this please? I can't get the SAVI module to >>>> install on my RHEL systems. >>>> >>>> Peter, please can you do a "MailScanner -v" and post the output. >>>> >>>> Peter Zimen wrote: >>>> >>>> >>>> >>>>>> Old Bad Signature, Signed by a unverified key >>>>>> >>>>> Hello, >>>>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>>>> After start i see: >>>>> >>>>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>>>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>>>> files >>>>> >>>>> but mails from testvirus.org are not scannet. When in >>>>> MailScanner.conf i switch to sophos - scan is o.k. >>>>> >>>>> >>>>> >>>>> Peter >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> * Thawte Freemail Member >>>>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> * Thawte Freemail Member >>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>> >>> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqHMvxH2WUcUFbZUEQItEgCgsCkDo8TCX3CRI2U2FjyDItvnkO0An24V > Tmuejl4lE8l8dowIcTSNHBXr > =2SSv > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From bg.mahesh at INDIAINFO.COM Sun Jun 5 02:41:47 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > This is it just showing that it found a link in the message, which > it will have to check for phishing attacks. It doesn't mean it will > actually alter the message, just that it needs to look at it > further. > So the message is not being blocked? I am not getting that message in my email box > Check out the "notify senders" options. But do *NOT* switch on > Notify Senders of Viruses as that will just spam people who didn't > send you viruses, as all modern viruses fake the senders address, > so that you cannot trace who really sent the message. > Looks correct. Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk > BG Mahesh wrote: > > > hi > > > > I see the following type of messages in /var/log/maillog > > > > tag found in message j4UA2wNj002975 > > > > I found out about this when a friend's email was never reaching > > me. In that email his signature has a URL. What should I do to > > receive this email or atleast for MailScanner to bounce back the > > email to the sender warning him about the error > > > > -- > > B.G. Mahesh -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sun Jun 5 04:37:36 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, this is starting to make sense. I am pretty sure I am using 1 postfix with the hold feature. That is why I was so confused when I came upon directions for the 2 postfix server. I have my own howto file, that is a collection of other howto files I have found. I posted it online at: http://www.electricmonk.us/postfix-mailscanner/ maybe you could take a look and see if it was something obvious. I put it on the webpage to keep people from having to read all my conf files here. Thanks Mike --- "Steen, Glenn" wrote: > Sounds like the deprecated "2 postfix setup via > deferral". You should be using "1 postfix with the > HOLD feature" (Joshua will disagree:-). > Look at the wiki, there's quite a lot about PF > there: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > AFAICS, you must be doing something slightly > strange, since the mailbox_command is used by the > local delivery agent.... which should be way after > MS is finished. > > Tell us a bit more about the specific setup, and I'm > sure will be able to give some pointers. > > -- Glenn > > -----Original Message----- > From: MailScanner mailing list on behalf of michael > irons > Sent: lö 2005-06-04 06:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: postfix+mailscanner+procmail > yeah I saw that site in my searches. I have > Mailscanner up and running along with postfix. > Itworks > when I send mail to /var/spool... and directly to my > Maildir. But I wasnt to use procmail to filter out > spam to a users spam folder. My understanding from > all > of the sites I have read mailscanner works like this > incoming postfix server -> mailscanner -> outgoing > postfix -> final destination (Maildir, spool, or > mda). > but if I use mailbox_command = /usr/bin/procmail in > postfix/main.cf it goes striaght to procmail, > bypassing mailscanner. Do I need to configure the > second postfix server and how do I do that, or am I > completely confused. > > thanks > Mike > > --- Mike Kercher wrote: > > > Johnny Hughes just released this guide a few days > > ago. I found it to be > > informative for me, a sendmail guy: > > > > > http://www.hughesjr.com/content/view/42/2/Site_News > > > > Mike > > > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > > Of michael irons > > Sent: Friday, June 03, 2005 9:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: postfix+mailscanner+procmail > > > > I know that there has to be a howto somewhere, but > > after several hours I can > > not find it. I am running mailscanner with postfix > > and want to do my > > filtering through procmail. When I change my > > mailbox_command = > > /usr/bin/procmail it just bypasses mailscanner and > I > > get no checks. The best > > information i can come up with is that there are > > actually 2 postfix/main.cf > > files (postfix and postfix.in). The problem is > that > > I do not have these > > files (postfix.in). Do I need to copy them from > > somewhere. If somebody could > > point me to a tutorial that would be great > > > > thanks > > Mike > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Jun 5 09:16:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: SV: postfix+mailscanner+procmail Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That looks pretty straightforward. I do things a bit different, but that stems from me not running RHEL, not doing rbls in the MTA (and a very very few in MS) .... and running my setup as a pure MX/GW. I find having the mail-gateway and the mailstore separate is good for my logics centres... A whole lot easier to deduce _what_ should happen _where_:-) Hm. I'll have to run some tests on this. In the mean time, what happens if you set MS to run in debug mode _and_ with the procmail mailbox_command... This should run one batch through MS, then stop. Does it get called for an incoming batch? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom michael irons Skickat: sö 2005-06-05 05:37 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: postfix+mailscanner+procmail Ok, this is starting to make sense. I am pretty sure I am using 1 postfix with the hold feature. That is why I was so confused when I came upon directions for the 2 postfix server. I have my own howto file, that is a collection of other howto files I have found. I posted it online at: http://www.electricmonk.us/postfix-mailscanner/ maybe you could take a look and see if it was something obvious. I put it on the webpage to keep people from having to read all my conf files here. Thanks Mike --- "Steen, Glenn" wrote: > Sounds like the deprecated "2 postfix setup via > deferral". You should be using "1 postfix with the > HOLD feature" (Joshua will disagree:-). > Look at the wiki, there's quite a lot about PF > there: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > AFAICS, you must be doing something slightly > strange, since the mailbox_command is used by the > local delivery agent.... which should be way after > MS is finished. > > Tell us a bit more about the specific setup, and I'm > sure will be able to give some pointers. > > -- Glenn > > -----Original Message----- > From: MailScanner mailing list on behalf of michael > irons > Sent: lö 2005-06-04 06:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: postfix+mailscanner+procmail > yeah I saw that site in my searches. I have > Mailscanner up and running along with postfix. > Itworks > when I send mail to /var/spool... and directly to my > Maildir. But I wasnt to use procmail to filter out > spam to a users spam folder. My understanding from > all > of the sites I have read mailscanner works like this > incoming postfix server -> mailscanner -> outgoing > postfix -> final destination (Maildir, spool, or > mda). > but if I use mailbox_command = /usr/bin/procmail in > postfix/main.cf it goes striaght to procmail, > bypassing mailscanner. Do I need to configure the > second postfix server and how do I do that, or am I > completely confused. > > thanks > Mike > > --- Mike Kercher wrote: > > > Johnny Hughes just released this guide a few days > > ago. I found it to be > > informative for me, a sendmail guy: > > > > > http://www.hughesjr.com/content/view/42/2/Site_News > > > > Mike > > > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > > Of michael irons > > Sent: Friday, June 03, 2005 9:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: postfix+mailscanner+procmail > > > > I know that there has to be a howto somewhere, but > > after several hours I can > > not find it. I am running mailscanner with postfix > > and want to do my > > filtering through procmail. When I change my > > mailbox_command = > > /usr/bin/procmail it just bypasses mailscanner and > I > > get no checks. The best > > information i can come up with is that there are > > actually 2 postfix/main.cf > > files (postfix and postfix.in). The problem is > that > > I do not have these > > files (postfix.in). Do I need to copy them from > > somewhere. If somebody could > > point me to a tutorial that would be great > > > > thanks > > Mike > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 16:41:55 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: Does anybody know where I can find a php or perl script for checking URLs/Ips against multiple DNSBLs? The only one I've found so far refuses to work for me :( I know of hosted ones, but I'm looking for one I can use on a new site/project I'm working on TIA Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 5 16:49:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 www.dnsstuff.com Michele Neylon :: Blacknight Solutions wrote: >Does anybody know where I can find a php or perl script for checking >URLs/Ips against multiple DNSBLs? >The only one I've found so far refuses to work for me :( > >I know of hosted ones, but I'm looking for one I can use on a new >site/project I'm working on > >TIA > >Michele > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >Hosting, co-location & domains >http://www.blacknight.ie/ >Tel. +353 59 9137101 | Fax. +353 59 9146970 >Tired of your current host? Save 15% when you move to us! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqMfAhH2WUcUFbZUEQJxqACg9ipiOFC1bCJUeJ+7uASuLmPZsOIAoK1G hravjgLLOelfRV9C3hoZQqQt =Jt7r -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 17:38:21 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: > > www.dnsstuff.com That's hosted :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 5 18:45:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which order are you getting your Subject line tags in? They should have Spam on the front, followed by Disarmed (if it applied, obviously). Which order are you getting them in? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC wy4ESasWItMi8akGtnOi15Fs =g3DU -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sun Jun 5 20:14:46 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Julian, Julian Field wrote: > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? VERY cool btw! Currently I'm using DSPAM for spam detection and there were some many situations where I wished that it would be integrated into MailScanner... > A command-line or a function call? function call because I have separate user profiles for spam scanning and I have to do some mysql lookups. If I could save the overhead of starting a external interpreter script that would be nice. > How do you want the envelope data? (client ip, sender, recipients) Hash? Or maybe a 'request object'? > Returns a spam yes/no flag, or a score to add to SpamAssassin? I think it should be possible to completely replace SpamAssassin but an additional SpamAssassin score may be helpful too. One thing I would like to have control over is changing the message headers and/or the message content. DSPAM for example adds an ID into the mail body and the header so that should be possible using the plugin interface. > How do you actually want this interface to work? Definitely! -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Jun 5 20:08:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: SV: DNSBL checking script Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would http://moensted.dk/spam/drbcheck.txt be useful? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Michele Neylon :: Blacknight Solutions Skickat: sö 2005-06-05 17:41 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: OT: DNSBL checking script Does anybody know where I can find a php or perl script for checking URLs/Ips against multiple DNSBLs? The only one I've found so far refuses to work for me :( I know of hosted ones, but I'm looking for one I can use on a new site/project I'm working on TIA Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 22:46:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:54 2006 Subject: SV: DNSBL checking script Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Would http://moensted.dk/spam/drbcheck.txt be useful? > Glenn You are a lifesaver! Thanks Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 00:38:16 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Julian, just one addition to my mail: I just thought of a problem that a message may be addressed to several recipients that use different spam profiles. Therefore it may be possible that the mail is considered as spam for one recipient and as ham for the other. One possible solution I can think of is that it should be possible to "multiply" a message. Another thing I would like to see is a more flexible action system so that spam mails may be quarantined on a per user basis. fs ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jun 5 23:41:39 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: You can already have mails quarantined on a per-user basis using the very flexible rulesets. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Felix Schwarz Sent: Sunday, June 05, 2005 6:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Generic spam plug-in Hi Julian, just one addition to my mail: I just thought of a problem that a message may be addressed to several recipients that use different spam profiles. Therefore it may be possible that the mail is considered as spam for one recipient and as ham for the other. One possible solution I can think of is that it should be possible to "multiply" a message. Another thing I would like to see is a more flexible action system so that spam mails may be quarantined on a per user basis. fs ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 02:28:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner add the Found to be clean message The network guys managed to wrongly enter an MX record causing a message to bounce between the servers a couple of times. Should mailscanner add the header many times, or just once? It doesnt really bother me, but i was curious - i would ahve thought that header got replaced rather appended to? It seems to be the only one that does it Thanks Pete X-companyname-MailScanner: Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Mon Jun 6 04:44:51 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:29:54 2006 Subject: filename expansion variable question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Everyone, I am using the $filename expansion variable in the reports to specify a path to a 'stored virus' ... This works 99% of the time, however I have just noticed that some times the variable expands to the string "the entire message" (instead of the actual filename). I am running mailscanner version 4.28.6-1. I checked the changelog, but could not find anything specific about this problem. Can anyone tell me if it has been addressed? Kind Regards, Andrew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jun 6 06:25:49 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>www.dnsstuff.com > > > That's hosted :) > See if this helps. http://phprbl.init1.nl/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jun 6 07:18:39 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: Hi! > MailScanner add the Found to be clean message The network guys managed to > wrongly enter an MX record causing a message to bounce between the servers a > couple of times. Should mailscanner add the header many times, or just once? > > It doesnt really bother me, but i was curious - i would ahve thought that > header got replaced rather appended to? It seems to be the only one that does > it > > Thanks > Pete > > X-companyname-MailScanner: Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean Multiple Headers = replace Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Mon Jun 6 07:04:11 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Hi, > > Julian Field wrote: > >> >> If I write you folks a generic way of adding in a spam-processing >> plugin, how would you like it to work? >> A command-line or a function call? >> How do you want the envelope data? (client ip, sender, recipients) >> >> Returns a spam yes/no flag, or a score to add to SpamAssassin? >> Or a yes/no flag with a configurable score in MailScanner.conf? >> >> How do you actually want this interface to work? >> > > Command lines sound easier compared to functions for a non-programmer > like me. > > Situation one (as already proposed by Julian) > ============= > The 3rd party engine outputs SPAM / NOTSPAM, in which case use the > following flags > a. NO (surely not spam) > b. YES (surely spam) > c. SKIPPED (if no output is found) > > Situation two > ============= > The 3rd party engine outputs a %age or a number (say -100 to +100) > then the input filter will watch for a number and based on that give > the following flag > a. NO (surely not spam) > b. MOSTLY_NO (mostly not spam) > c. MOSTLY_YES (probably spam) > d. YES (surely spam) > e. SKIPPED (if no number is found) > > Flag Action: (again as recommended by Julian) > The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a > configurable score in MailScanner.conf seem most flexible to me. > I agree with Dhawal on the Scoring mechanism of the plugin, which should be configurable in MailScanner.conf , however I feel that it should be invoked using function call instead of command line. A function call would be efficient in terms of processesing and since this plugin is going to be called from with in MailScanner, I think we need not bother much on its command line version. Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 07:38:28 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Buggar - sorry to waste everyone's time. Pete > > Multiple Headers = replace > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 09:40:28 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Mike, Mike Kercher schrieb: > You can already have mails quarantined on a per-user basis using the > very flexible rulesets. Allthough I'm not 100% sure I don't think that the currently available rulesets can do everything I want. Mail to user1@domain.net and user2@domain.net is recognized as spam. Now it should be quarantined in /var/mail/quarantines/domain.net/user1 and /var/mail/quarantines/domain.net/user2. As I'm supporting more than 100 users I certainly don't want to hardcode the path so something as /var/mail/quarantines/%domain%/%localpart is needed. To make things more complicated the domain is only a lookup key in a database (okay, that can be done with user defined functions). Another thing is the storage format. I won't use any mbox at all. Maildir++ is definitely a must. AFAIK it is not possible with MailScanner. Or quarantining a virus mail with _all_ (even the infected) attachements. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jun 6 08:50:02 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rakesh > Sent: 06 June, 2005 08:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Generic spam plug-in > > > Dhawal Doshy wrote: > > > Hi, > > > > Julian Field wrote: > > > >> > >> If I write you folks a generic way of adding in a spam-processing > >> plugin, how would you like it to work? > >> A command-line or a function call? > >> How do you want the envelope data? (client ip, sender, recipients) > >> > >> Returns a spam yes/no flag, or a score to add to SpamAssassin? > >> Or a yes/no flag with a configurable score in MailScanner.conf? > >> > >> How do you actually want this interface to work? > >> > > > > Command lines sound easier compared to functions for a > non-programmer > > like me. > > > > > > Situation one (as already proposed by Julian) > > ============= > > The 3rd party engine outputs SPAM / NOTSPAM, in which case use the > > following flags > > a. NO (surely not spam) > > b. YES (surely spam) > > c. SKIPPED (if no output is found) > > > > Situation two > > ============= > > The 3rd party engine outputs a %age or a number (say -100 to +100) > > then the input filter will watch for a number and based on > that give > > the following flag > > a. NO (surely not spam) > > b. MOSTLY_NO (mostly not spam) > > c. MOSTLY_YES (probably spam) > > d. YES (surely spam) > > e. SKIPPED (if no number is found) > > > > Flag Action: (again as recommended by Julian) > > The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a > > configurable score in MailScanner.conf seem most flexible to me. > > > > I agree with Dhawal on the Scoring mechanism of the plugin, > which should > be configurable in MailScanner.conf , however I feel that it should be > invoked using function call instead of command line. A function call > would be efficient in terms of processesing and since this plugin is > going to be called from with in MailScanner, I think we need > not bother > much on its command line version. > > Rakesh I agree a function call might be more efficient, but since this is supposed to be a generic plug-in, I think we should always have to option to use a command line version and process the output via a pipe, exit code or temporary file. Using a function call would make the generic plug-in less generic, since you can then only use it for external programs which have a perl interface! Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 09:52:44 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: Hi, Adri Koppes schrieb: > I agree a function call might be more efficient, but since this is > supposed to be a generic plug-in, I think we should always have to > option to use a command line version and process the output via a > pipe, exit code or temporary file. > Using a function call would make the generic plug-in less generic, > since you can then only use it for external programs which have a > perl interface! It is extreamly easy writing a very small perl function that does a 'system' call to execute a command line script. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jun 6 08:58:30 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hi, > > Adri Koppes schrieb: > > I agree a function call might be more efficient, but since this is > > supposed to be a generic plug-in, I think we should always have to > > option to use a command line version and process the output via a > > pipe, exit code or temporary file. > > > Using a function call would make the generic plug-in less generic, > > since you can then only use it for external programs which have a > > perl interface! > > It is extreamly easy writing a very small perl function that does a > 'system' call to execute a command line script. > > -- > Felix Sure it's not to difficult to do a 'system' call. It gets a little more complicated when you have to add timeouts, setting up the pipe, processing the output etc. I wouldn't have too many problems, but I think there are many people who are using MailScanner without having knowing how to write a perl script. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 09:16:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: SA userprefs stored in SQL Message-ID: Jonathan Short answer is no. Long answer is... MS calls SA via a perl function call. Therefore SA will 'think' it's being called by the MS user (as defined in MailScanner.conf) as thats the UID of the process running SA. SHOULD there be any way of doing this you'd first have to split the emails into their unique recipients then pass off to SA. BUT so far we've only managed to do this in Sendmail and Exim. For other MTA's (Postfix/qmail etc) we've either not found a way (despite asking for help) or haven't looked. Also alot of MS systems are gateway systems, so the end user may not be found in the email as it gets redirected via aliases etc on the actual email server, so emails might not get the correct SA preferences anyway. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jonathan Higgins wrote: > I looked through the customconfig, and found the section talking about > white/black lists per domain.... which is not what im looking for. > > global storage of user preferences. thats what I need. Spamassassin > provides it only in thier client server configuration. I want to continue > to use spamassassin the way that MailScanner wants to. > > anyone else out there doing this?.. are you running spamd/spamc? and so on.. > > > > >>I am using the CustomConfig to do that, I had it working great on an old >>server until a little hitch with MailScanner maintaining mysql connections >>on the new one... haven't had time to figure out the issue, but look at >>CustomConfig.pm, I am using it to obtain if the domain should want mail >>scanned, the score, actions, etc... >> >>------------------------- >>Brian Taber >>Manager/IT Specialist >>Diverse Computer Group >>Office: 508-758-4402 >>Cell: 508-496-9221 >> >>This apparently has come up a few times in the past. I may be asking >>this in the wrong place, so if I need to post this question on the >>spamassassin list please let me know. >> >>I even found a piece of information on the Faq-O-matic... here is an >>excerpt. >> >>"..... problem is that SpamAssassin, according to what I've read at the >>following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, >>will only use the DB for getting the user preferences if it's running in >>client/server mode, i.e., as spamc and spamd. So this means that if I >>want to let end users manage their own whitelists, I would have to get >>SpamAssassin running the old slow way. Thoughts or suggestions? " >> >>After searching, I have not found a solution to this. I am already >>using a mysql bayes for my lvs mail cluster system.. I need a way to >>store SA user preferences globally.. and i would rather not go back to >>using spamc/spamd. >> >>thanks. >> >> >> >>Jonathan Higgins >>IT R&D Project Manager >>Kennesaw State University > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Mon Jun 6 10:42:19 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: > Flag Action: (again as recommended by Julian) The above flags > NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a configurable > score in MailScanner.conf seem most flexible to me. I think it would be useful for engines to return a 'DONT KNOW' as well, As the SKIPPED return could mean either that it didn't scan it or that It wasn't able to come up with an answer. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 10:49:22 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, on 25.4.2005 I wrote a message to the list with the topic above. MailScanner stops working after instance dying of old age. I didn't see the error for 2 months now and it comes again. Now with more infos: Last messages in syslog: Jun 4 02:30:35 pns MailScanner[20452]: Uninfected: Delivered 1 messages Jun 4 02:30:35 pns MailScanner[20452]: MailScanner child dying of old age Jun 4 02:30:35 pns MailScanner[5471]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jun 4 02:30:36 pns MailScanner[5471]: Using locktype = flock "ps aufx" showed me that all processes are "running", but nothing was scanned. New mails always get deferred, nothing more. After killing and restarting MailScanner this in log: Jun 4 12:15:15 pns MailScanner[18097]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jun 4 12:15:16 pns MailScanner[18097]: Using locktype = flock Jun 4 12:15:17 pns MailScanner[18097]: New Batch: Found 3085 messages waiting Jun 4 12:15:17 pns MailScanner[18097]: New Batch: Scanning 80 messages, 319186 bytes Mail gets processed but MailScanner starts to many childs (set to 5): 18097 postfix 18 0 40160 39M 25716 R 10.3 4.4 0:39 MailScanner 17282 postfix 18 0 40048 39M 33056 R 11.5 4.4 0:37 MailScanner 7445 postfix 18 0 40000 39M 25092 R 12.3 4.4 0:31 MailScanner 15755 postfix 19 0 39748 38M 32956 R 0.3 4.3 0:00 MailScanner 25836 postfix 20 0 39664 38M 9836 R 6.7 4.3 0:32 MailScanner 28647 postfix 20 0 39588 38M 25616 R 1.1 4.3 0:00 MailScanner 29400 postfix 18 0 39576 38M 25768 R 12.1 4.3 0:33 MailScanner 29126 postfix 20 0 39428 38M 24988 R 1.3 4.3 0:00 MailScanner 12280 postfix 20 0 39004 38M 25668 R 1.1 4.3 0:00 MailScanner 3961 root 9 0 30856 28M 3156 S 0.0 3.1 57:40 perl 24285 named 9 0 23184 19M 4772 S 0.1 2.2 87:20 named 27324 postfix 9 0 15012 14M 8972 S 0.0 1.6 0:00 MailScanner I downgraded to another version, always the same. But it dies not every time a child is dying. I've now a cronjob restarting MailScanner every 4 hours. No errors until now. Another problem is that check_mailscanner script only checks if the process is running, so it doesn't detect the error wenn MailScanner stops because all processes are running. I searched all my logs, especially for HDA errors or something like that, but nothing found. My system is debian woody with postfix 2.0.20 (source), all perl modules newest version (source) and MailScanner also 4.42.9. The system is running with RAID1 (hardware). I think that's a problem with I/O but not sure a problem with RAID or MailScanner. Any ideas? Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Mon Jun 6 11:01:16 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: please take a look at task 45 Take 2: MailScanner children dying and not picking up new mail as I had an similar error. check that you don't have any non-mail file in one of your mail queues as in my case it was the razor-agent.log I updated to the actual MailScanner version as there were some changes how MailScanner childs were handled. Assure Razor is configured to place it's log to a fixed-place outside a mail-queue and that razor is able to write to this dir At best check your settings with setting Debug to Yes for Spamassassin and Mailscanner inside your MailScanner.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:28:50 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi again, > I searched all my logs, especially for HDA errors or something like that, > but nothing found. > > My system is debian woody with postfix 2.0.20 (source), all perl modules > newest version (source) and MailScanner also 4.42.9. The system is running > with RAID1 (hardware). > > I think that's a problem with I/O but not sure a problem > with RAID or MailScanner. > > Any ideas? I'm not sure, but in my logs I see after every scan a new instance of MailScanner is started (and killed): Jun 6 12:25:38 pns MailScanner[7603]: Uninfected: Delivered 1 messages Jun 6 12:25:45 pns MailScanner[3132]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:25:46 pns MailScanner[12989]: New Batch: Scanning 1 messages, 1788 bytes Jun 6 12:25:46 pns MailScanner[12989]: Spam Checks: Starting Jun 6 12:25:46 pns MailScanner[12989]: Virus and Content Scanning: Starting Jun 6 12:25:46 pns MailScanner[12989]: Requeue: 3E71F58075.C413A to 7D5194C106 Jun 6 12:25:46 pns MailScanner[12989]: Uninfected: Delivered 1 messages Jun 6 12:25:47 pns MailScanner[3132]: Using locktype = flock Jun 6 12:26:02 pns MailScanner[3463]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:26:03 pns MailScanner[3463]: Using locktype = flock Jun 6 12:26:03 pns MailScanner[3463]: New Batch: Scanning 2 messages, 6368 bytes Jun 6 12:26:03 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:03 pns MailScanner[3463]: Virus and Content Scanning: Starting Jun 6 12:26:04 pns MailScanner[3463]: Requeue: 07E8358078.8CF81 to 7CBBA4C106 Jun 6 12:26:04 pns MailScanner[3463]: Requeue: 2D8A158075.4C55D to A78244C107 Jun 6 12:26:04 pns MailScanner[3463]: Uninfected: Delivered 2 messages Jun 6 12:26:13 pns MailScanner[1439]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:26:14 pns MailScanner[1439]: Using locktype = flock Jun 6 12:26:18 pns MailScanner[3463]: New Batch: Scanning 1 messages, 3950 bytes Jun 6 12:26:18 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:18 pns MailScanner[3463]: Virus and Content Scanning: Starting Jun 6 12:26:18 pns MailScanner[3463]: Requeue: 3B3B658075.A53C3 to 4DFF24C106 Jun 6 12:26:18 pns MailScanner[3463]: Uninfected: Delivered 1 messages Jun 6 12:26:24 pns MailScanner[3463]: New Batch: Scanning 2 messages, 6288 bytes Jun 6 12:26:24 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:24 pns MailScanner[2401]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Is that OK? Thanks, Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:36:51 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > please take a look at task 45 > Take 2: MailScanner children dying and not picking up new mail > as I had an similar error. task 45? > check that you don't have any non-mail file in one of your mail queues > as in my case it was the razor-agent.log > I updated to the actual MailScanner version as there were some changes how > MailScanner childs were handled. > Assure Razor is configured to place it's log to a fixed-place outside a > mail-queue and that razor is able to write to this dir pns:/var/spool/postfix.in/deferred# ls -la insgesamt 1628 drwx------ 18 postfix root 4096 6. Jun 12:16 . drwxr-xr-x 14 root root 4096 12. Mär 2004 .. drwx------ 2 postfix postfix 12288 6. Jun 12:33 0 [...] drwx------ 2 postfix postfix 4096 6. Jun 12:30 F -rw------- 1 postfix postfix 1468635 3. Jun 16:13 tnef-6460-1.doc WTF is tnef-6460-1.doc? Could that be the problem? The errors occured with the newest version (4.42.9) > At best check your settings with setting Debug to Yes for Spamassassin and > Mailscanner inside your MailScanner.conf I'm not running SA, razor etc. Only MailScanner with clamavmodule and F-Prot. Thanks for you help. Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:55:30 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > seems to be some documentation from the tnef-perl module. > I'm sure this is the problem - MS seems to have problems handling non-mail > files inside a mail-queue ok, I found the thread some days ago. I'll remove the doc and try it again with 4.42.9. Thanks, Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Mon Jun 6 11:49:57 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > please take a look at task 45 > Take 2: MailScanner children dying and not picking up new mail > as I had an similar error. task 45? > check that you don't have any non-mail file in one of your mail queues > as in my case it was the razor-agent.log > I updated to the actual MailScanner version as there were some changes how > MailScanner childs were handled. > Assure Razor is configured to place it's log to a fixed-place outside a > mail-queue and that razor is able to write to this dir > pns:/var/spool/postfix.in/deferred# ls -la > insgesamt 1628 > drwx------ 18 postfix root 4096 6. Jun 12:16 . > drwxr-xr-x 14 root root 4096 12. Mär 2004 .. > drwx------ 2 postfix postfix 12288 6. Jun 12:33 0 > [...] > drwx------ 2 postfix postfix 4096 6. Jun 12:30 F > -rw------- 1 postfix postfix 1468635 3. Jun 16:13 tnef-6460-1.doc > WTF is tnef-6460-1.doc? Could that be the problem? The errors occured > with the newest version (4.42.9) seems to be some documentation from the tnef-perl module. I'm sure this is the problem - MS seems to have problems handling non-mail files inside a mail-queue >> At best check your settings with setting Debug to Yes for Spamassassin >> and Mailscanner inside your MailScanner.conf > I'm not running SA, razor etc. Only MailScanner with clamavmodule and > F-Prot. sure you don't need to debug what you're not using ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon Jun 6 13:34:28 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: hello! I just tried to upgrade to the latest stable version of MailScanner on my production box. When I launch MailScanner, everything seems to be fine. However, I start seeing defunct processes for MailScanner after a very short time (seconds). Using the last stable vesion I can do : [root@hemlock opt]# ps -eaf | grep Mail root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl -I/opt/MailScanner root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail Using the latest Stable version, almost everytime I do the same command I see the following : [root@hemlock log]# ps -eaf | grep Mail root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail It looks like I start getting defunct processes almost immediately after launching it. MailScanner -v gives me the following. Thoughts ? [root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Mon Jun 6 13:56:56 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:55 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I upgraded to the latest stable over the weekend. The infection messages in the syslog are now formatted like this... Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm Infection: W32/Mytob.EK@mm Prior to the upgrade the messages are formatted like this... Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm Note that the full path is missing. Unfortunately, I'm counting on the old message format in order to tie an infected message back to the sending site and targeted user. I'm using the message-id to do that. This is used for reports which I send to customers. Is there an easy way to return to the old message format? Richard Lynch WVNET ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 14:16:06 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: Julian, With 4.43.2, I am getting Subject: {Spam?} {Disarmed} blah blah Looks good to me. Jeff Earickson Colby College On Sun, 5 Jun 2005, Julian Field wrote: > Date: Sun, 5 Jun 2005 18:45:38 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam then Disarmed or Disarmed then Spam? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Which order are you getting your Subject line tags in? They should have > Spam on the front, followed by Disarmed (if it applied, obviously). > Which order are you getting them in? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC > wy4ESasWItMi8akGtnOi15Fs > =g3DU > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 6 14:17:47 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael H. Martel > Sent: Monday, June 06, 2005 8:34 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Latest Stable MailScanner > > hello! > > I just tried to upgrade to the latest stable version of MailScanner on my > production box. When I launch MailScanner, everything seems to be fine. > However, I start seeing defunct processes for MailScanner after a very > short time (seconds). > > Using the last stable vesion I can do : > > [root@hemlock opt]# ps -eaf | grep Mail > root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl > -I/opt/MailScanner > root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl > -I/opt/MailScanner > root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > > Using the latest Stable version, almost everytime I do the same command I > see the following : > > [root@hemlock log]# ps -eaf | grep Mail > root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl > -I/opt/MailScanner > root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] > root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] > root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > > It looks like I start getting defunct processes almost immediately after > launching it. MailScanner -v gives me the following. > > Thoughts ? > You probably have a configuration error. Please set Debug = yes And if you are using SpamAssassin Debug SpamAssassin = yes In MailScanner.conf and restart MailScanner. The configuration error should show up in the screen output. If you have a problem finding the error, please post the output to the list. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Mon Jun 6 14:19:45 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: Hi Steve, The defunctional process behavior is normal, and is by design according to Julian. I doubt there's anything wrong with his configuration. Regards, David On Mon, 2005-06-06 at 09:17 -0400, Stephen Swaney wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Michael H. Martel > > Sent: Monday, June 06, 2005 8:34 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Latest Stable MailScanner > > > > hello! > > > > I just tried to upgrade to the latest stable version of MailScanner on my > > production box. When I launch MailScanner, everything seems to be fine. > > However, I start seeing defunct processes for MailScanner after a very > > short time (seconds). > > > > Using the last stable vesion I can do : > > > > [root@hemlock opt]# ps -eaf | grep Mail > > root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl > > -I/opt/MailScanner > > root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl > > -I/opt/MailScanner > > root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > > > > Using the latest Stable version, almost everytime I do the same command I > > see the following : > > > > [root@hemlock log]# ps -eaf | grep Mail > > root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl > > -I/opt/MailScanner > > root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] > > root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] > > root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > > > > > It looks like I start getting defunct processes almost immediately after > > launching it. MailScanner -v gives me the following. > > > > Thoughts ? > > > > You probably have a configuration error. Please set > > Debug = yes > > And if you are using SpamAssassin > > Debug SpamAssassin = yes > > In MailScanner.conf and restart MailScanner. The configuration error should > show up in the screen output. > > If you have a problem finding the error, please post the output to the list. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 0860 0 SYNAQ (79627) Direct: 011 290 6388 Fax: 011 290 6389 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Mon Jun 6 14:11:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:55 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rakesh wrote: > BG Mahesh wrote: > >>>> # As a rough guide, try 5 children per CPU. But read the notes above. >>>> Max Children = 5 >>>> >>>> I guess I have to change it to 10 and see how things work as we have >>>> a dual processor >>>> >>> >>> You can try it out, it might help or not though, depending on many >>> factors. As other said, the message delay is the only factor that's >>> always a good indication. >>> >>> Is this a dedicated MailScanner machine? >>> >>> >> >> >> Yes..the system is used as our mailserver. No other development work >> etc goes on this machine. It process mail and just mail >> >> >> > I have recently faced a similar problem especially during the sober and > mytob outbreak, Servers were slow in processing the mails, I receive > about 2 lac of mails per day on individual servers and the mail hit > rate on the servers were high than the processing rate and usually at a > given point of time there used to be 1 K of mails waiting in the queue > to be processed by MailScanner. Here is what I did to optimise my setup > and thought this might help you. > > Reduced the number of Max Children to 5 from 10 (Although I have dual > Xeon and 2 gigs of RAM) > Kept a decent batch size not too high and not too low : 20 > > from vmstat and iostat outputs I found tht IO was a prob for me > so I mounted /tmp (area where SA and clamav decomposes mail ) on tmpfs. > Many would say tht its a bad idea to put /tmp on tmpfs as chances are > there tht it might grow up and hog up all the memory so I put a size cap > on it using -size option in mount and did some tests on dummy machines > to ensure tht its not spilling over the specified limit and since this > server is just an Anti-Spam/Anti-Virus gateway it was easy for me to > ensure tht no other apps create their dummy files in /tmp. > > This has reduced the disk IO on the system and increased the processing > to some extent. Now its usually 50 mails at a given time waiting in the > queue to be processed by MS, while the mail hit rate remains the same. > > > What OS are you running? It is fairly common to use tmpfs for working directory. http://wiki.mailscanner.info/doku.php?id=maq:index&s=tmpfs#optimization_tips ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 6 14:11:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > hello! > > I just tried to upgrade to the latest stable version of MailScanner on > my production box. When I launch MailScanner, everything seems to be > fine. However, I start seeing defunct processes for MailScanner after a > very short time (seconds). > Please have a look at your logs and report what you find. Is mail processed at all? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 14:55:35 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: I had a strange one today and it caused me to wonder about the overwriting or applied order of some of the mailscanner rules. I had an authenticated user send an email from our smtp server. The authenticated user's domain is specified in the WhiteList. However, whatever internet connection he was using has the sending IP address blacklisted in SBL+XBL. I would like to let anything in the whitelist always go out. Is there somewhere that I can change the way that this is working? Regards, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon Jun 6 14:57:19 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: --On June 6, 2005 9:11:40 AM -0400 Ugo Bellavance wrote: > Please have a look at your logs and report what you find. > > Is mail processed at all? Yes. I just figured it out. I forgot to update MailWatch when I updated MailScanner (you know, move MailWatch.pm and modify CustomConfig.pm). Now it all works fine. I need more Caffeine before I do updates. :-) Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Mon Jun 6 15:01:37 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:55 2006 Subject: sophossavi Message-ID: What OS are you running on? If you're running on Linux, what version of Sophos are you downloading? Some people, myself included, have had problems with the version for libc6 (glibc 2.2). I had to start using the plain libc6 version. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Peter Zimen wrote: > Hello, > after upgrade on 4-43.1 version sophossavi not scan for viruses. > After start i see: > > SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses > Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE > files > > but mails from testvirus.org are not scannet. When in > MailScanner.conf i switch to sophos - scan is o.k. > > > > Peter > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jun 6 15:05:38 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:55 2006 Subject: SA userprefs stored in SQL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Jonathan > > Short answer is no. > - snip - >>> >>> This apparently has come up a few times in the past. I may be asking >>> this in the wrong place, so if I need to post this question on the >>> spamassassin list please let me know. >>> >>> I even found a piece of information on the Faq-O-matic... here is an >>> excerpt. >>> >>> "..... problem is that SpamAssassin, according to what I've read at the >>> following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, >>> will only use the DB for getting the user preferences if it's running in >>> client/server mode, i.e., as spamc and spamd. So this means that if I >>> want to let end users manage their own whitelists, I would have to get >>> SpamAssassin running the old slow way. Thoughts or suggestions? " >>> >>> After searching, I have not found a solution to this. I am already >>> using a mysql bayes for my lvs mail cluster system.. I need a way to >>> store SA user preferences globally.. and i would rather not go back to >>> using spamc/spamd. >>> >>> thanks. >>> >>> Jonathan Higgins What preferences do you need to store in SQL? If you are purely looking at sql based whitelists / blacklists (and not SA preferences), here is something: http://filelister.linux-kernel.at/mod_perl?current=/tarballs/MailScanner Also if you can wait, mailwatch 0.6 when released (mailwatch.sf.net) will support sql based whitelists / blacklists. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 15:10:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: Diane Which whitelist - SA or MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I had a strange one today and it caused me to wonder about the overwriting > or applied order of some of the mailscanner rules. > > I had an authenticated user send an email from our smtp server. The > authenticated user's domain is specified in the WhiteList. > > However, whatever internet connection he was using has the sending IP > address blacklisted in SBL+XBL. > > I would like to let anything in the whitelist always go out. > > Is there somewhere that I can change the way that this is working? > > Regards, > Diane > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 15:37:23 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: I'm using MS rules. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, June 06, 2005 9:10 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: whitelist and listed in RBL Diane Which whitelist - SA or MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I had a strange one today and it caused me to wonder about the overwriting > or applied order of some of the mailscanner rules. > > I had an authenticated user send an email from our smtp server. The > authenticated user's domain is specified in the WhiteList. > > However, whatever internet connection he was using has the sending IP > address blacklisted in SBL+XBL. > > I would like to let anything in the whitelist always go out. > > Is there somewhere that I can change the way that this is working? > > Regards, > Diane > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 15:44:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: Diane can you post how you've configure MS for both the whitelist and RBL section (+plus what version of MS as 4.42 had a new option to help with the RBL processing!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I'm using MS rules. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Martin Hepworth > Sent: Monday, June 06, 2005 9:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: whitelist and listed in RBL > > Diane > > Which whitelist - SA or MS? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > >>I had a strange one today and it caused me to wonder about the overwriting >>or applied order of some of the mailscanner rules. >> >>I had an authenticated user send an email from our smtp server. The >>authenticated user's domain is specified in the WhiteList. >> >>However, whatever internet connection he was using has the sending IP >>address blacklisted in SBL+XBL. >> >>I would like to let anything in the whitelist always go out. >> >>Is there somewhere that I can change the way that this is working? >> >>Regards, >>Diane >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 15:56:00 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: Gang, There was a thread a while back "block emails with no valid reverse DNS", and one of the options was Neil Rickert's require_rdns.m4 hack for sendmail. I'm wondering how many people out there use this successfully? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 15:55:02 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: OK; when I went to post those configs I now see the problem... the domain I thought it was coming from is indeed NOT whitelisted... Thanks for the replies, and Sorry for the wasted bandwidth. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, June 06, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: whitelist and listed in RBL Diane can you post how you've configure MS for both the whitelist and RBL section (+plus what version of MS as 4.42 had a new option to help with the RBL processing!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I'm using MS rules. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Martin Hepworth > Sent: Monday, June 06, 2005 9:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: whitelist and listed in RBL > > Diane > > Which whitelist - SA or MS? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > >>I had a strange one today and it caused me to wonder about the overwriting >>or applied order of some of the mailscanner rules. >> >>I had an authenticated user send an email from our smtp server. The >>authenticated user's domain is specified in the WhiteList. >> >>However, whatever internet connection he was using has the sending IP >>address blacklisted in SBL+XBL. >> >>I would like to let anything in the whitelist always go out. >> >>Is there somewhere that I can change the way that this is working? >> >>Regards, >>Diane >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Mon Jun 6 15:57:20 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:55 2006 Subject: Header added to outgoing messages Message-ID: On Sun, 29 May 2005, Julian Field wrote: > Found and fixed. This is a bug I accidentally introduced recently as a > result of another change someone wanted. I think I have found them all > now. The scanning was working as intended, but the wrong header was > being put in. Julian, right now, I noticed that an "X-MailScanner: Found to be clean" is added if a domain gets a "Bcc:" of an email, is that an expected behaviour ? Let's say the ruleset for scans looks like this: To: a.com yes To: b.com yes To: default no Now I send an Email To: c.com with a Bcc: b.com . The email to c.com isn't actually scanned, nonetheless the header gets added. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Mon Jun 6 16:23:56 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 6 Jun 2005, Jeff A. Earickson wrote: > There was a thread a while back "block emails with no valid reverse DNS", > and one of the options was Neil Rickert's require_rdns.m4 hack for > sendmail. I'm wondering how many people out there use this successfully? We are happily using it for a couple of months now. Mails from hosts without reverse DNS are rejected with an error message so the user knows that his email has not been received. I think this is a fair behaviour. When I look at the logs, most of the rejected hosts are spam sources from either Korea or Brazil. If I'm not mistaken, AOL dumps email from hosts w/o PTR records to /dev/null. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 16:53:38 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? > A command-line or a function call? > How do you want the envelope data? (client ip, sender, recipients) > > Returns a spam yes/no flag, or a score to add to SpamAssassin? > Or a yes/no flag with a configurable score in MailScanner.conf? > > How do you actually want this interface to work? > > P.S. Do my PGP-signed list postings look okay? > Signing looks good through GMANE. I just need to set the trust on your key when I have time. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 17:23:04 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steffan Henke wrote: > On Mon, 6 Jun 2005, Jeff A. Earickson wrote: > > >>There was a thread a while back "block emails with no valid reverse DNS", >>and one of the options was Neil Rickert's require_rdns.m4 hack for >>sendmail. I'm wondering how many people out there use this successfully? > > > We are happily using it for a couple of months now. Mails from hosts > without reverse DNS are rejected with an error message so the user knows > that his email has not been received. > I think this is a fair behaviour. When I look at the logs, most of the > rejected hosts are spam sources from either Korea or Brazil. > If I'm not mistaken, AOL dumps email from hosts w/o PTR records to > /dev/null. > > Regards, > > Steffan > The last time I got one, AOL still was notifying. Took me a week with MCI to get that straightened out. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brichter at INTERACCESS.COM Mon Jun 6 17:50:19 2005 From: brichter at INTERACCESS.COM (brichter) Date: Thu Jan 12 21:29:55 2006 Subject: Turning on Check SA If on Spam list directive.. (For bayes) Message-ID: 1. We mark messages that are blacklisted as High Scoring. (So we can change the subject to reflect it failed Spam Checks due to Black Listing) 2. Anything that is under high scoring that is over 7.0, the subject gets changed to indicate it's Spam that failed because of analasys of the message content. In our enviornment 95% of the Spam that hits our gateways are coming from Black Listed sources. We currently have set: Spam Lists To Reach High Score = 1 So 95% of our Spam never gets processed by Spam Assasin (Which I would like so that it can help the bayes DB train better for the Spam that comes in through non black listed sources) My question is if I set: Check SpamAssassin If On Spam List = from no to yes Will it no longer have the "High Scoring" functinality applied to it that Mail Scanner currently does in our enviornment? (Different changed subject line indicating that it's Black Listed) I would like to have Spam Assassin process these so that they get applied to the bayes DB, but still have the subject line changed as I currently do to indicate it's from a black listed source. We forward ALL spam through our email gateway, then the clients have rules to push the messages into a local Spam folder they can look through. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Mon Jun 6 19:33:24 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:55 2006 Subject: RFC: Useful or not ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all ! Couple of days ago I noticed our mailservers were blocking a large quantity or "HTML.Phishing.Bank-225'. Since some virusscanners have failed us a couple of times before I wanted to double check it was not blocking by mistake. Since we do not quarantine these virusses by default I had to enable this, restart MS, wait for an instance of this particular virus (/ phishing mail) to popup again, disable quarantine, restart MS etc .... e voila .. I had my sample. At that time I dediced it would be more relaxed if MailScanner could save a 'sample' of every 'new virus' (or other things our virusscanner blocks) it receives. Therefore I wrote a small patch for MailScanner which does just that. Would other people see this as a useful supplement to MailScanner, or is it just handy for me (/us). Any feedback is appreciated. You can download a patch (for SweepViruses.pm) at http://mailscanner.prolocation.net/MS-VirusSample-v2.patch. It currently supports virusses detected by ClamAVModule and f-prot. But adding support for other virusscanner is pretty trivial. The current patch also assumes you have made a directory /var/spool/MailScanner/VirusSamples/ which is chown'ed to same uid as the MailScanner processes. bye, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 20:11:10 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:55 2006 Subject: Useful or not ? Message-ID: It sounds like an interesting idea, but if it could alert you to them, apart from just putting it in the logs it would be more useful imho M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 20:12:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:55 2006 Subject: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Michael H. Martel Skickat: må 2005-06-06 14:34 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Latest Stable MailScanner hello! I just tried to upgrade to the latest stable version of MailScanner on my production box. When I launch MailScanner, everything seems to be fine. However, I start seeing defunct processes for MailScanner after a very short time (seconds). Using the last stable vesion I can do : [root@hemlock opt]# ps -eaf | grep Mail root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl -I/opt/MailScanner root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail Using the latest Stable version, almost everytime I do the same command I see the following : [root@hemlock log]# ps -eaf | grep Mail root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail It looks like I start getting defunct processes almost immediately after launching it. MailScanner -v gives me the following. Thoughts ? [root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 20:16:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: I'd love to do something with this, but I wouldn't like to drop the mail entirely, as I know that there would be a silly amount of valid mail dropped if I did. How does it handle shared IPs? I was reading somewhere that the reverse and forward records have to match, which would cause issues in some instances Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Mon Jun 6 20:16:52 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:55 2006 Subject: Useful or not ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You think? Then again. A simple cron could look for changes in /var/spool/MailScanner/VirusSamples/ and notify you. But would you want to be notified for every new version of Mytob.xxx ? bye, Chris > It sounds like an interesting idea, but if it could alert you to them, apart > from just putting it in the logs it would be more useful imho > > M > > > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 > Tired of your current host? Save 15% when you move to us! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 20:39:02 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: > Date: Mon, 6 Jun 2005 20:16:32 +0100 > From: "Michele Neylon :: Blacknight Solutions" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: who is using require_rdns.m4? > > I'd love to do something with this, but I wouldn't like to drop the mail > entirely, as I know that there would be a silly amount of valid mail dropped > if I did. I installed require_rdns.m4 into my sendmail config this morning, and I've been watching it closely today. In approx 6 hours, I've rejected (500 error) nearly 2200 emails, with another 1080 tempfails (400 error) for not resolving or A/PTR record mismatches. I've warned our helpdesk about what I did and why, and I'm waiting for the yelling to begin. So far, silence. The bulk of rejections are from APNIC numbers. I love watching spammers fail. > > How does it handle shared IPs? I've seen machines with multiple NICs and IPs, but never heard of two machines sharing the same IP. Hunh? > I was reading somewhere that the reverse and forward records have to match, > which would cause issues in some instances No reverse DNS = fatal 500 error. Resolution failures or A/PTR mismatch are 400 tempfail errors. In googling on require_rdns.m4, there is some opinion that A/PTR mismatches should be a 500 error too. I would agree, but I'm presently giving mismatches a tempfail error instead. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:44:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >FrÃ¥n: MailScanner mailing list genom Michael H. Martel >Skickat: mÃ¥ 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ã^Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at pergamentum.com Mon Jun 6 20:46:44 2005 From: ard at pergamentum.com (Alisdair Davey) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 2005-06-06 at 13:39, Jeff A. Earickson wrote: > On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: > > > Date: Mon, 6 Jun 2005 20:16:32 +0100 > > From: "Michele Neylon :: Blacknight Solutions" > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: who is using require_rdns.m4? > > > > I'd love to do something with this, but I wouldn't like to drop the mail > > entirely, as I know that there would be a silly amount of valid mail dropped > > if I did. > > I installed require_rdns.m4 into my sendmail config this morning, and I've > been watching it closely today. In approx 6 hours, I've rejected (500 error) > nearly 2200 emails, with another 1080 tempfails (400 error) for not resolving > or A/PTR record mismatches. I've warned our helpdesk about what I did and > why, and I'm waiting for the yelling to begin. So far, silence. The bulk > of rejections are from APNIC numbers. I love watching spammers fail. > > > > > How does it handle shared IPs? > > I've seen machines with multiple NICs and IPs, but never heard of two machines > sharing the same IP. Hunh? I think he is referring to the situation where multiple domain names resolve to the same ip, but the ip can only resolve to one name. I would have thought this is quite common especially among ISPs. Cheers Alisdair > > I was reading somewhere that the reverse and forward records have to match, > > which would cause issues in some instances > > No reverse DNS = fatal 500 error. Resolution failures or A/PTR mismatch > are 400 tempfail errors. In googling on require_rdns.m4, there is some > opinion that A/PTR mismatches should be a 500 error too. I would agree, > but I'm presently giving mismatches a tempfail error instead. > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-406-581-6869 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:50:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adri Koppes wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Rakesh >>Sent: 06 June, 2005 08:04 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Generic spam plug-in >> >> >>Dhawal Doshy wrote: >> >> >> >>>Hi, >>> >>>Julian Field wrote: >>> >>> >>> >>>>If I write you folks a generic way of adding in a spam-processing >>>>plugin, how would you like it to work? >>>>A command-line or a function call? >>>>How do you want the envelope data? (client ip, sender, recipients) >>>> >>>>Returns a spam yes/no flag, or a score to add to SpamAssassin? >>>>Or a yes/no flag with a configurable score in MailScanner.conf? >>>> >>>>How do you actually want this interface to work? >>>> >>>> >>>> >>>Command lines sound easier compared to functions for a >>> >>> >>non-programmer >> >> >>>like me. >>> >>> >>> >> >> >> >> >>>Situation one (as already proposed by Julian) >>>============= >>>The 3rd party engine outputs SPAM / NOTSPAM, in which case use the >>>following flags >>>a. NO (surely not spam) >>>b. YES (surely spam) >>>c. SKIPPED (if no output is found) >>> >>>Situation two >>>============= >>>The 3rd party engine outputs a %age or a number (say -100 to +100) >>>then the input filter will watch for a number and based on >>> >>> >>that give >> >> >>>the following flag >>>a. NO (surely not spam) >>>b. MOSTLY_NO (mostly not spam) >>>c. MOSTLY_YES (probably spam) >>>d. YES (surely spam) >>>e. SKIPPED (if no number is found) >>> >>>Flag Action: (again as recommended by Julian) >>>The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a >>>configurable score in MailScanner.conf seem most flexible to me. >>> >>> >>> >>I agree with Dhawal on the Scoring mechanism of the plugin, >>which should >>be configurable in MailScanner.conf , however I feel that it should be >>invoked using function call instead of command line. A function call >>would be efficient in terms of processesing and since this plugin is >>going to be called from with in MailScanner, I think we need >>not bother >>much on its command line version. >> >>Rakesh >> >> > >I agree a function call might be more efficient, but since this is supposed to be a generic plug-in, I think we should always have to option to use a command line version and process the output via a pipe, exit code or temporary file. >Using a function call would make the generic plug-in less generic, since you can then only use it for external programs which have a perl interface! > > If I provide it as a function call, I'm sure you are capable of writing a little bit of code to call an external program :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSo6RH2WUcUFbZUEQKRhwCeLoW3/O9f6qeIY8f8s/gNN096sfUAoLUm F9RJInMUdDc2I7Ai9TinPLUe =/9X4 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 20:37:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: > I'd love to do something with this, but I wouldn't like to drop the mail > entirely, as I know that there would be a silly amount of valid mail dropped > if I did. > > How does it handle shared IPs? > I was reading somewhere that the reverse and forward records have to match, > which would cause issues in some instances If only there was a SpamAssassin plugin for a plain no rdns lookup. At least I couldn't find one. They all seem to deal with forged headers of some kind. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:52:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adri Koppes wrote: >>Hi, >> >>Adri Koppes schrieb: >> >> >>>I agree a function call might be more efficient, but since this is >>>supposed to be a generic plug-in, I think we should always have to >>>option to use a command line version and process the output via a >>>pipe, exit code or temporary file. >>> >>> >>>Using a function call would make the generic plug-in less generic, >>>since you can then only use it for external programs which have a >>>perl interface! >>> >>> >>It is extreamly easy writing a very small perl function that does a >>'system' call to execute a command line script. >> >>-- >>Felix >> >> > >Sure it's not to difficult to do a 'system' call. >It gets a little more complicated when you have to add timeouts, setting up the pipe, processing the output etc. >I wouldn't have too many problems, but I think there are many people who are using MailScanner without having knowing how to write a perl script. > > I was going to do all the timeout stuff for you anyway. Even if it's a function call, it will still need a timeout wrapper. And I can probably come up with some example code that uses an external program for you. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSpcRH2WUcUFbZUEQJQRgCdGbFYr6puRcePB9tjwwvrIjtm3gwAn1cw 7U11ZC/tj1xwpXItjHdaQyDm =8BJ0 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for confirming that, it's what I expected. For some reason someone at work is getting {Disarmed} {Spam?}. The only thing I can think is that the {Spam?} and {Disarmed} tags are being added by different servers (which is quite possible with my setup). Jeff A. Earickson wrote: > Julian, > > With 4.43.2, I am getting > > Subject: {Spam?} {Disarmed} blah blah > > Looks good to me. > > Jeff Earickson > Colby College > > On Sun, 5 Jun 2005, Julian Field wrote: > >> Date: Sun, 5 Jun 2005 18:45:38 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Spam then Disarmed or Disarmed then Spam? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Which order are you getting your Subject line tags in? They should have >> Spam on the front, followed by Disarmed (if it applied, obviously). >> Which order are you getting them in? >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.1 (Build 2185) >> >> iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC >> wy4ESasWItMi8akGtnOi15Fs >> =g3DU >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSp3BH2WUcUFbZUEQJ+2QCgpnoYzutpp5UCYtN3pBn6yKYCACkAoO5s MYnhF1jQ4OHKA9Hr+52jFNTl =+OBI -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 21:05:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Current thoughts are a function call (with timeout wrapper). It gets passed the smtp client ip, the sender and the list of recipients, and a ref to an array of lines holding the entire message. The function simply returns a number which is added to the spam score along with the SpamAssassin score. You can replace SpamAssassin completely by just using the generic wrapper and setting "Use SpamAssassin = no". If the timeout happens, the score contribution is just 0. I should also provide some sample code which calls an external program to produce the result score. My code will probably just output smtp client ip address (IPv4 or IPv6) sender address recipient address next recipient address... blank line message contents It will expect one line of input which will either be the return code from the program or the contents of the 1 line of output it produces which should be a number. I'll provide samples for both, up to you which you use. MailScanner.conf controls should be Use Custom Spam Detector = yes/no Custom Spam Detector Function = That should be all you need. What do you think? Dennis Willson wrote: > If I could only have one I would prefer command-line. However couldn't > there be a flag to indicate which mode a filter uses? > Also I'm hoping that multiple plug-ins are allowed... I want to write > one and I may find that billy-bob wrote one I would like to include as > well. > I also would prefer a score, That's the most flexible... If I want > pass/fail I just make it always return a super high score. > > THANKS!! > > > Julian Field wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>If I write you folks a generic way of adding in a spam-processing >>plugin, how would you like it to work? >>A command-line or a function call? >>How do you want the envelope data? (client ip, sender, recipients) >> >>Returns a spam yes/no flag, or a score to add to SpamAssassin? >>Or a yes/no flag with a configurable score in MailScanner.conf? >> >>How do you actually want this interface to work? >> >>P.S. Do my PGP-signed list postings look okay? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqHsfhH2WUcUFbZUEQKwFQCfWsqhGU1ygJCbIpArZKL7ZcugOVYAn3RC >>dMdSQsxMGcrL51Ei8fikXSaM >>=a9hr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > -- > ------------------------------------------------------------------------ > */Dennis Willson/* > taz@taz-mania.com > taz@scubatech.org > > www.taz-mania.com > > Ham: KA6LSW > GMRS: WPSJ953 > SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, > Equip, Altitude > > Life should not be a journey to the grave with the intention of > arriving safely in a nice looking and well preserved body, but rather > to skid in broadside, thoroughly used up, totally worn out, and loudly > proclaiming, "WOW! WHAT A RIDE!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSsoRH2WUcUFbZUEQKyiwCgn2vDRab/O4Xhe2sOMxydr+Rlf5sAoIkx ZuXAewbiwgkyVRJU7QMRJdaH =e1fj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Mon Jun 6 22:09:16 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:55 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, my sincere apologies if this is a dead horse that is about to receive another beating, but I have looked through the email archives and my friends at Google were also not able to shed some light on my problem, so I finally thought I would turn to the experts. I will be happy to work with the powers that be to add this to the new Wiki, because I am sure somebody else has wondered the same thing. Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Mon Jun 6 22:43:34 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:55 2006 Subject: Scanning Encapsulated Messages ? Message-ID: I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messages in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 22:47:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:55 2006 Subject: SV: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Indeed. And MS is not alone in this type of behaviour. It's when the parent _never_ reaps the defuncts that one should stop and pay attention... Like with the crummy AIX snmpd thing that I've got missbehaving ATM...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Julian Field Skickat: må 2005-06-06 21:44 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: Latest Stable MailScanner -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >Från: MailScanner mailing list genom Michael H. Martel >Skickat: må 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 22:59:30 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:55 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Here is the problem: > We have some clients that continually receive winmail.dat files. > Obviously, it be best if winmail.dat would just go away, but > unfortunately that is not that case ;) What we would like to do, is to > setup the MailScanner so that when the mail is processed it will go > ahead and unpack the winmail.dat file, extract the actual attachment, > scan it for viruses, and the re-attach that to the original email, thus > discarding the original winmail.dat file. Thus the client does not have > to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. > > I looked through the MailScanner.conf and studied the TNEF settings, but > my understanding of them is that they unpack the winmail.dat so that the > file(s) can be scanned, then just sends the original email on it way > with the winmail.dat still attached. I am just hoping to take this one > step further. > > We are currently running MailScanner 4.41.3 on Fedora Core 3. > > Can this be accomplished through MailScanner, or should I even dive down > into setting up a sendmail filter? I am open to any and all suggestions. > Thanks for your help! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Jun 6 23:01:42 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:55 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've currently got spam messages storing as queueu files so that they can be sent in case of a false/positive. I occasionally have file attachments that are named funny and need to be sent to the original recipient. Is there any way to have those stored as queue files as well? As it is, the file is just stored in a directory by the name of the message id and i have to copy it to the local webserver for download. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 23:06:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:55 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > I've currently got spam messages storing as queueu files so that they can > be sent in case of a false/positive. > > I occasionally have file attachments that are named funny and need to be > sent to the original recipient. Is there any way to have those stored as > queue files as well? As it is, the file is just stored in a directory by > the name of the message id and i have to copy it to the local webserver > for download. > Which MTA? If it's sendmail you don't need to worry about the attachments as the the other files look after it for you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 23:27:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> Here is the problem: >> We have some clients that continually receive winmail.dat files. >> Obviously, it be best if winmail.dat would just go away, but >> unfortunately that is not that case ;) What we would like to do, is to >> setup the MailScanner so that when the mail is processed it will go >> ahead and unpack the winmail.dat file, extract the actual attachment, >> scan it for viruses, and the re-attach that to the original email, >> thus discarding the original winmail.dat file. Thus the client does >> not have to bothered with the winmail.dat file. > > > Winmail.dat does not always mean that there is an attachment. It means > that some one who has incorrectly configured their exchange server has > allowed the iused of the Microsoft Rich Text for external emails and the > formatting data is contained in the winmail.dat, not attachments. > > Formatting data like outlook stationery, and horizontal rules and other > formatting data. > > You can safely delete them, but do it with a warning to the folks > running exchange. > > If the email had an attachment and was send from an incorrectly > configured exvchange environment you wouild see 2 attachments, not the > winmail.dat containing the 2nd attachment. > >> >> I looked through the MailScanner.conf and studied the TNEF settings, >> but my understanding of them is that they unpack the winmail.dat so >> that the file(s) can be scanned, then just sends the original email on >> it way with the winmail.dat still attached. I am just hoping to take >> this one step further. >> >> We are currently running MailScanner 4.41.3 on Fedora Core 3. >> >> Can this be accomplished through MailScanner, or should I even dive >> down into setting up a sendmail filter? I am open to any and all >> suggestions. >> Thanks for your help! >> > I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon Jun 6 23:56:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Something very odd is happening and im a little concerned and im turning to the boards here for some help. I have a mailgateway running here and so far, it has been perfect. All of the sudden, im seeing odd stuff from monster.com and yahoo.com. Here is a snip: Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: from=, size=1333, class=0, nrcpts=1, msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: to=, delay=00:00:01, mailer=esmtp, pri=31333, stat=queued Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 messages, 1899 bytes Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: Starting Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud from 205.138.199.146 in j56Mlt20034390 Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and have disarmed HTML message in j56Mlt20034390 from support@monster.com Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: to=, delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted for delivery) I'm looking at this and it almost seems as if im an open relay!! Ok...great. here is my setup MS: 4-41.3 sendmail: 8.12.11 If I am an open relay, anyone here that can help me out. Email me at liquid.proxy@gmail.com while I determine what the hell is going on. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:00:10 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ran a few quick open-relay tests and I am denying them. Either I am way too tired and im missing something blatantly obvious, or im just over-reacting. I appreciate the help. Jason Jason Williams wrote: > Something very odd is happening and im a little concerned and im > turning to the boards here for some help. > > I have a mailgateway running here and so far, it has been perfect. All > of the sudden, im seeing odd stuff from monster.com and yahoo.com. > > Here is a snip: > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > from=, size=1333, class=0, nrcpts=1, > msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > to=, delay=00:00:01, mailer=esmtp, pri=31333, > stat=queued > Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 > messages, 1899 bytes > Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting > Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: > Starting > Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud > from 205.138.199.146 in j56Mlt20034390 > Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and > have disarmed HTML message in j56Mlt20034390 from support@monster.com > Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages > Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: > to=, delay=00:00:07, xdelay=00:00:02, > mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. > [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted > for delivery) > > I'm looking at this and it almost seems as if im an open relay!! > > Ok...great. > > here is my setup > > MS: 4-41.3 > sendmail: 8.12.11 > > If I am an open relay, anyone here that can help me out. Email me at > liquid.proxy@gmail.com while I determine what the hell is going on. > > Thanks > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:09:32 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alright. Some additional information. This one just came in: Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: from=, size=1380, class=0, nrcpts=1, msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: to=, delay=00:00:00, mailer=esmtp, pri=31380, stat=queued Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 messages, 1964 bytes Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: Starting Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud from 205.138.199.146 in j56MwKQx036205 Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and have disarmed HTML message in j56MwKQx036205 from service@24hourfitness.com Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: to=, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. [64.18.6.10], dsn=5.1.1, stat=User unknown Uh, i'm really confused as to what is going on here. Why is it coming into my gateway and my gateway turnin around and relaying it? I just checked with www.ordb.org, ran their test as well as www.abuse.net to ensure I wasn't a open relay and i passed with flying colors. I'm confused right now. Anyone have any idea? Im annoyed but concerned right now. I appreciate it. Jason Jason Williams wrote: > I ran a few quick open-relay tests and I am denying them. > Either I am way too tired and im missing something blatantly obvious, > or im just over-reacting. > > I appreciate the help. > > Jason > > Jason Williams wrote: > >> Something very odd is happening and im a little concerned and im >> turning to the boards here for some help. >> >> I have a mailgateway running here and so far, it has been perfect. >> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >> >> Here is a snip: >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> from=, size=1333, class=0, nrcpts=1, >> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> to=, delay=00:00:01, mailer=esmtp, pri=31333, >> stat=queued >> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >> messages, 1899 bytes >> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >> Starting >> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >> fraud from 205.138.199.146 in j56Mlt20034390 >> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and >> have disarmed HTML message in j56Mlt20034390 from support@monster.com >> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >> messages >> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >> to=, delay=00:00:07, xdelay=00:00:02, >> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >> accepted for delivery) >> >> I'm looking at this and it almost seems as if im an open relay!! >> >> Ok...great. >> >> here is my setup >> >> MS: 4-41.3 >> sendmail: 8.12.11 >> >> If I am an open relay, anyone here that can help me out. Email me >> at liquid.proxy@gmail.com while I determine what the hell is going on. >> >> Thanks >> >> Jason >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jun 7 00:12:31 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] you should examine the email headers, not just the syslog. cheers raylund Jason Williams wrote: > Alright. Some additional information. This one just came in: > > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > from=, size=1380, class=0, nrcpts=1, > msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > to=, delay=00:00:00, mailer=esmtp, pri=31380, > stat=queued > Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 > messages, 1964 bytes > Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting > Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: > Starting > Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud > from 205.138.199.146 in j56MwKQx036205 > Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and > have disarmed HTML message in j56MwKQx036205 from > service@24hourfitness.com > Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages > Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: > to=, delay=00:00:03, xdelay=00:00:00, > mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. > [64.18.6.10], dsn=5.1.1, stat=User unknown > > Uh, i'm really confused as to what is going on here. Why is it coming > into my gateway and my gateway turnin around and relaying it? > I just checked with www.ordb.org, ran their test as well as > www.abuse.net to ensure I wasn't a open relay and i passed with flying > colors. > > I'm confused right now. > > Anyone have any idea? Im annoyed but concerned right now. > > I appreciate it. > > Jason > > Jason Williams wrote: > >> I ran a few quick open-relay tests and I am denying them. >> Either I am way too tired and im missing something blatantly obvious, >> or im just over-reacting. >> >> I appreciate the help. >> >> Jason >> >> Jason Williams wrote: >> >>> Something very odd is happening and im a little concerned and im >>> turning to the boards here for some help. >>> >>> I have a mailgateway running here and so far, it has been perfect. >>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>> >>> Here is a snip: >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> from=, size=1333, class=0, nrcpts=1, >>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>> [xxx.xxx.xx.xx] >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>> stat=queued >>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>> messages, 1899 bytes >>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >>> Starting >>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>> fraud from 205.138.199.146 in j56Mlt20034390 >>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>> and have disarmed HTML message in j56Mlt20034390 from >>> support@monster.com >>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>> messages >>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>> to=, delay=00:00:07, xdelay=00:00:02, >>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>> accepted for delivery) >>> >>> I'm looking at this and it almost seems as if im an open relay!! >>> >>> Ok...great. >>> >>> here is my setup >>> >>> MS: 4-41.3 >>> sendmail: 8.12.11 >>> >>> If I am an open relay, anyone here that can help me out. Email me >>> at liquid.proxy@gmail.com while I determine what the hell is going >>> on. >>> >>> Thanks >>> >>> Jason >>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:17:17 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I figured it out. This should be interesting. I think one of my users here put something on their computer and it was sending mail out. *SIGH* Raylund Lai wrote: > you should examine the email headers, not just the syslog. > > cheers > raylund > > Jason Williams wrote: > >> Alright. Some additional information. This one just came in: >> >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> from=, size=1380, class=0, nrcpts=1, >> msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> to=, delay=00:00:00, mailer=esmtp, pri=31380, >> stat=queued >> Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 >> messages, 1964 bytes >> Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting >> Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: >> Starting >> Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing >> fraud from 205.138.199.146 in j56MwKQx036205 >> Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and >> have disarmed HTML message in j56MwKQx036205 from >> service@24hourfitness.com >> Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 >> messages >> Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: >> to=, delay=00:00:03, xdelay=00:00:00, >> mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. >> [64.18.6.10], dsn=5.1.1, stat=User unknown >> >> Uh, i'm really confused as to what is going on here. Why is it coming >> into my gateway and my gateway turnin around and relaying it? >> I just checked with www.ordb.org, ran their test as well as >> www.abuse.net to ensure I wasn't a open relay and i passed with >> flying colors. >> >> I'm confused right now. >> >> Anyone have any idea? Im annoyed but concerned right now. >> >> I appreciate it. >> >> Jason >> >> Jason Williams wrote: >> >>> I ran a few quick open-relay tests and I am denying them. >>> Either I am way too tired and im missing something blatantly >>> obvious, or im just over-reacting. >>> >>> I appreciate the help. >>> >>> Jason >>> >>> Jason Williams wrote: >>> >>>> Something very odd is happening and im a little concerned and im >>>> turning to the boards here for some help. >>>> >>>> I have a mailgateway running here and so far, it has been perfect. >>>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>>> >>>> Here is a snip: >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> from=, size=1333, class=0, nrcpts=1, >>>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>>> [xxx.xxx.xx.xx] >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>>> stat=queued >>>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>>> messages, 1899 bytes >>>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content >>>> Scanning: Starting >>>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>>> fraud from 205.138.199.146 in j56Mlt20034390 >>>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>>> and have disarmed HTML message in j56Mlt20034390 from >>>> support@monster.com >>>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>>> messages >>>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>>> to=, delay=00:00:07, xdelay=00:00:02, >>>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>>> accepted for delivery) >>>> >>>> I'm looking at this and it almost seems as if im an open relay!! >>>> >>>> Ok...great. >>>> >>>> here is my setup >>>> >>>> MS: 4-41.3 >>>> sendmail: 8.12.11 >>>> >>>> If I am an open relay, anyone here that can help me out. Email me >>>> at liquid.proxy@gmail.com while I determine what the hell is >>>> going on. >>>> >>>> Thanks >>>> >>>> Jason >>>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:17:14 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've seen quite a few of these in the logs since late last week... Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of Service attack detected! Can anyone shed some light? Something I should be concerned about? TIA! Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 00:36:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > I've seen quite a few of these in the logs since late last week... > > Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed > out! > Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of > Service attack detected! > > Can anyone shed some light? Something I should be concerned about? What version of clamAV are you using? > > TIA! > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:59:12 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> I've seen quite a few of these in the logs since late last week... >> >> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >> Scanning: Denial Of Service attack detected! >> >> Can anyone shed some light? Something I should be concerned about? > > What version of clamAV are you using? > MailScanner 4.40.11 ClamAV 0.83 Spamassassin 3.0.2 I know they are a little dated but would that cause the above messages? Thanks, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 02:17:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I've seen quite a few of these in the logs since late last week... >>> >>>Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >>>Scanning: Denial Of Service attack detected! >>> >>>Can anyone shed some light? Something I should be concerned about? >> >>What version of clamAV are you using? >> > > > MailScanner 4.40.11 > ClamAV 0.83 > Spamassassin 3.0.2 > > I know they are a little dated but would that cause the above messages? > Possibly for ClamAV. You should upgrade to 0.85.1. > Thanks, > Ken > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Jun 7 08:02:31 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason, I had a similar situation just last week. It had to do with some kind of setup on a user's Thunderbird. A friend of this user told him how to set up Thunderbird to act as a relay for a different domain than ours, and for some reason, because it was being done from our IPs, sendmail would go merrily along and send it, even though it wasn't supposed to. I never did find out what the user had done to make this happen, and he wasn't savvy enough to be able to tell me. My only option I could think of before I found out what was happening, was to block the domain in MS, and the user finally called and complained. Quoting Jason Williams : > I think I figured it out. > This should be interesting. I think one of my users here put something > on their computer and it was sending mail out. > *SIGH* > > > I don't use Thunderbird yet, so if you find out what and how, I would like to know how your user did it. Thanks Steve Campbell ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Tue Jun 7 08:14:58 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: > I had a similar situation just last week. It had to do with some kind of setup > on a user's Thunderbird. A friend of this user told him how to set up > Thunderbird to act as a relay for a different domain than ours, and for some > reason, because it was being done from our IPs, sendmail would go merrily along > and send it, even though it wasn't supposed to. In my opinion each domain (company) should take care that only well known mailservers in their domain should be able to take the role of a relay mailserver (eg controlled by firewall). This will prevent many virus/spam distributions Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Mon Jun 6 22:09:16 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, my sincere apologies if this is a dead horse that is about to receive another beating, but I have looked through the email archives and my friends at Google were also not able to shed some light on my problem, so I finally thought I would turn to the experts. I will be happy to work with the powers that be to add this to the new Wiki, because I am sure somebody else has wondered the same thing. Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Mon Jun 6 22:43:34 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:56 2006 Subject: Scanning Encapsulated Messages ? Message-ID: I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messages in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 22:47:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:56 2006 Subject: SV: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Indeed. And MS is not alone in this type of behaviour. It's when the parent _never_ reaps the defuncts that one should stop and pay attention... Like with the crummy AIX snmpd thing that I've got missbehaving ATM...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Julian Field Skickat: må 2005-06-06 21:44 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: Latest Stable MailScanner -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >Från: MailScanner mailing list genom Michael H. Martel >Skickat: må 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 22:59:30 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Here is the problem: > We have some clients that continually receive winmail.dat files. > Obviously, it be best if winmail.dat would just go away, but > unfortunately that is not that case ;) What we would like to do, is to > setup the MailScanner so that when the mail is processed it will go > ahead and unpack the winmail.dat file, extract the actual attachment, > scan it for viruses, and the re-attach that to the original email, thus > discarding the original winmail.dat file. Thus the client does not have > to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. > > I looked through the MailScanner.conf and studied the TNEF settings, but > my understanding of them is that they unpack the winmail.dat so that the > file(s) can be scanned, then just sends the original email on it way > with the winmail.dat still attached. I am just hoping to take this one > step further. > > We are currently running MailScanner 4.41.3 on Fedora Core 3. > > Can this be accomplished through MailScanner, or should I even dive down > into setting up a sendmail filter? I am open to any and all suggestions. > Thanks for your help! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Jun 6 23:01:42 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:56 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've currently got spam messages storing as queueu files so that they can be sent in case of a false/positive. I occasionally have file attachments that are named funny and need to be sent to the original recipient. Is there any way to have those stored as queue files as well? As it is, the file is just stored in a directory by the name of the message id and i have to copy it to the local webserver for download. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 23:06:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:56 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > I've currently got spam messages storing as queueu files so that they can > be sent in case of a false/positive. > > I occasionally have file attachments that are named funny and need to be > sent to the original recipient. Is there any way to have those stored as > queue files as well? As it is, the file is just stored in a directory by > the name of the message id and i have to copy it to the local webserver > for download. > Which MTA? If it's sendmail you don't need to worry about the attachments as the the other files look after it for you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 23:27:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> Here is the problem: >> We have some clients that continually receive winmail.dat files. >> Obviously, it be best if winmail.dat would just go away, but >> unfortunately that is not that case ;) What we would like to do, is to >> setup the MailScanner so that when the mail is processed it will go >> ahead and unpack the winmail.dat file, extract the actual attachment, >> scan it for viruses, and the re-attach that to the original email, >> thus discarding the original winmail.dat file. Thus the client does >> not have to bothered with the winmail.dat file. > > > Winmail.dat does not always mean that there is an attachment. It means > that some one who has incorrectly configured their exchange server has > allowed the iused of the Microsoft Rich Text for external emails and the > formatting data is contained in the winmail.dat, not attachments. > > Formatting data like outlook stationery, and horizontal rules and other > formatting data. > > You can safely delete them, but do it with a warning to the folks > running exchange. > > If the email had an attachment and was send from an incorrectly > configured exvchange environment you wouild see 2 attachments, not the > winmail.dat containing the 2nd attachment. > >> >> I looked through the MailScanner.conf and studied the TNEF settings, >> but my understanding of them is that they unpack the winmail.dat so >> that the file(s) can be scanned, then just sends the original email on >> it way with the winmail.dat still attached. I am just hoping to take >> this one step further. >> >> We are currently running MailScanner 4.41.3 on Fedora Core 3. >> >> Can this be accomplished through MailScanner, or should I even dive >> down into setting up a sendmail filter? I am open to any and all >> suggestions. >> Thanks for your help! >> > I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon Jun 6 23:56:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Something very odd is happening and im a little concerned and im turning to the boards here for some help. I have a mailgateway running here and so far, it has been perfect. All of the sudden, im seeing odd stuff from monster.com and yahoo.com. Here is a snip: Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: from=, size=1333, class=0, nrcpts=1, msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: to=, delay=00:00:01, mailer=esmtp, pri=31333, stat=queued Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 messages, 1899 bytes Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: Starting Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud from 205.138.199.146 in j56Mlt20034390 Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and have disarmed HTML message in j56Mlt20034390 from support@monster.com Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: to=, delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted for delivery) I'm looking at this and it almost seems as if im an open relay!! Ok...great. here is my setup MS: 4-41.3 sendmail: 8.12.11 If I am an open relay, anyone here that can help me out. Email me at liquid.proxy@gmail.com while I determine what the hell is going on. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:00:10 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ran a few quick open-relay tests and I am denying them. Either I am way too tired and im missing something blatantly obvious, or im just over-reacting. I appreciate the help. Jason Jason Williams wrote: > Something very odd is happening and im a little concerned and im > turning to the boards here for some help. > > I have a mailgateway running here and so far, it has been perfect. All > of the sudden, im seeing odd stuff from monster.com and yahoo.com. > > Here is a snip: > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > from=, size=1333, class=0, nrcpts=1, > msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > to=, delay=00:00:01, mailer=esmtp, pri=31333, > stat=queued > Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 > messages, 1899 bytes > Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting > Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: > Starting > Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud > from 205.138.199.146 in j56Mlt20034390 > Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and > have disarmed HTML message in j56Mlt20034390 from support@monster.com > Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages > Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: > to=, delay=00:00:07, xdelay=00:00:02, > mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. > [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted > for delivery) > > I'm looking at this and it almost seems as if im an open relay!! > > Ok...great. > > here is my setup > > MS: 4-41.3 > sendmail: 8.12.11 > > If I am an open relay, anyone here that can help me out. Email me at > liquid.proxy@gmail.com while I determine what the hell is going on. > > Thanks > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:09:32 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alright. Some additional information. This one just came in: Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: from=, size=1380, class=0, nrcpts=1, msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: to=, delay=00:00:00, mailer=esmtp, pri=31380, stat=queued Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 messages, 1964 bytes Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: Starting Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud from 205.138.199.146 in j56MwKQx036205 Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and have disarmed HTML message in j56MwKQx036205 from service@24hourfitness.com Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: to=, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. [64.18.6.10], dsn=5.1.1, stat=User unknown Uh, i'm really confused as to what is going on here. Why is it coming into my gateway and my gateway turnin around and relaying it? I just checked with www.ordb.org, ran their test as well as www.abuse.net to ensure I wasn't a open relay and i passed with flying colors. I'm confused right now. Anyone have any idea? Im annoyed but concerned right now. I appreciate it. Jason Jason Williams wrote: > I ran a few quick open-relay tests and I am denying them. > Either I am way too tired and im missing something blatantly obvious, > or im just over-reacting. > > I appreciate the help. > > Jason > > Jason Williams wrote: > >> Something very odd is happening and im a little concerned and im >> turning to the boards here for some help. >> >> I have a mailgateway running here and so far, it has been perfect. >> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >> >> Here is a snip: >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> from=, size=1333, class=0, nrcpts=1, >> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> to=, delay=00:00:01, mailer=esmtp, pri=31333, >> stat=queued >> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >> messages, 1899 bytes >> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >> Starting >> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >> fraud from 205.138.199.146 in j56Mlt20034390 >> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and >> have disarmed HTML message in j56Mlt20034390 from support@monster.com >> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >> messages >> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >> to=, delay=00:00:07, xdelay=00:00:02, >> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >> accepted for delivery) >> >> I'm looking at this and it almost seems as if im an open relay!! >> >> Ok...great. >> >> here is my setup >> >> MS: 4-41.3 >> sendmail: 8.12.11 >> >> If I am an open relay, anyone here that can help me out. Email me >> at liquid.proxy@gmail.com while I determine what the hell is going on. >> >> Thanks >> >> Jason >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jun 7 00:12:31 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] you should examine the email headers, not just the syslog. cheers raylund Jason Williams wrote: > Alright. Some additional information. This one just came in: > > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > from=, size=1380, class=0, nrcpts=1, > msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > to=, delay=00:00:00, mailer=esmtp, pri=31380, > stat=queued > Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 > messages, 1964 bytes > Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting > Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: > Starting > Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud > from 205.138.199.146 in j56MwKQx036205 > Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and > have disarmed HTML message in j56MwKQx036205 from > service@24hourfitness.com > Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages > Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: > to=, delay=00:00:03, xdelay=00:00:00, > mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. > [64.18.6.10], dsn=5.1.1, stat=User unknown > > Uh, i'm really confused as to what is going on here. Why is it coming > into my gateway and my gateway turnin around and relaying it? > I just checked with www.ordb.org, ran their test as well as > www.abuse.net to ensure I wasn't a open relay and i passed with flying > colors. > > I'm confused right now. > > Anyone have any idea? Im annoyed but concerned right now. > > I appreciate it. > > Jason > > Jason Williams wrote: > >> I ran a few quick open-relay tests and I am denying them. >> Either I am way too tired and im missing something blatantly obvious, >> or im just over-reacting. >> >> I appreciate the help. >> >> Jason >> >> Jason Williams wrote: >> >>> Something very odd is happening and im a little concerned and im >>> turning to the boards here for some help. >>> >>> I have a mailgateway running here and so far, it has been perfect. >>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>> >>> Here is a snip: >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> from=, size=1333, class=0, nrcpts=1, >>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>> [xxx.xxx.xx.xx] >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>> stat=queued >>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>> messages, 1899 bytes >>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >>> Starting >>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>> fraud from 205.138.199.146 in j56Mlt20034390 >>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>> and have disarmed HTML message in j56Mlt20034390 from >>> support@monster.com >>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>> messages >>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>> to=, delay=00:00:07, xdelay=00:00:02, >>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>> accepted for delivery) >>> >>> I'm looking at this and it almost seems as if im an open relay!! >>> >>> Ok...great. >>> >>> here is my setup >>> >>> MS: 4-41.3 >>> sendmail: 8.12.11 >>> >>> If I am an open relay, anyone here that can help me out. Email me >>> at liquid.proxy@gmail.com while I determine what the hell is going >>> on. >>> >>> Thanks >>> >>> Jason >>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:17:17 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I figured it out. This should be interesting. I think one of my users here put something on their computer and it was sending mail out. *SIGH* Raylund Lai wrote: > you should examine the email headers, not just the syslog. > > cheers > raylund > > Jason Williams wrote: > >> Alright. Some additional information. This one just came in: >> >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> from=, size=1380, class=0, nrcpts=1, >> msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> to=, delay=00:00:00, mailer=esmtp, pri=31380, >> stat=queued >> Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 >> messages, 1964 bytes >> Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting >> Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: >> Starting >> Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing >> fraud from 205.138.199.146 in j56MwKQx036205 >> Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and >> have disarmed HTML message in j56MwKQx036205 from >> service@24hourfitness.com >> Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 >> messages >> Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: >> to=, delay=00:00:03, xdelay=00:00:00, >> mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. >> [64.18.6.10], dsn=5.1.1, stat=User unknown >> >> Uh, i'm really confused as to what is going on here. Why is it coming >> into my gateway and my gateway turnin around and relaying it? >> I just checked with www.ordb.org, ran their test as well as >> www.abuse.net to ensure I wasn't a open relay and i passed with >> flying colors. >> >> I'm confused right now. >> >> Anyone have any idea? Im annoyed but concerned right now. >> >> I appreciate it. >> >> Jason >> >> Jason Williams wrote: >> >>> I ran a few quick open-relay tests and I am denying them. >>> Either I am way too tired and im missing something blatantly >>> obvious, or im just over-reacting. >>> >>> I appreciate the help. >>> >>> Jason >>> >>> Jason Williams wrote: >>> >>>> Something very odd is happening and im a little concerned and im >>>> turning to the boards here for some help. >>>> >>>> I have a mailgateway running here and so far, it has been perfect. >>>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>>> >>>> Here is a snip: >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> from=, size=1333, class=0, nrcpts=1, >>>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>>> [xxx.xxx.xx.xx] >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>>> stat=queued >>>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>>> messages, 1899 bytes >>>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content >>>> Scanning: Starting >>>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>>> fraud from 205.138.199.146 in j56Mlt20034390 >>>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>>> and have disarmed HTML message in j56Mlt20034390 from >>>> support@monster.com >>>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>>> messages >>>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>>> to=, delay=00:00:07, xdelay=00:00:02, >>>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>>> accepted for delivery) >>>> >>>> I'm looking at this and it almost seems as if im an open relay!! >>>> >>>> Ok...great. >>>> >>>> here is my setup >>>> >>>> MS: 4-41.3 >>>> sendmail: 8.12.11 >>>> >>>> If I am an open relay, anyone here that can help me out. Email me >>>> at liquid.proxy@gmail.com while I determine what the hell is >>>> going on. >>>> >>>> Thanks >>>> >>>> Jason >>>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:17:14 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've seen quite a few of these in the logs since late last week... Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of Service attack detected! Can anyone shed some light? Something I should be concerned about? TIA! Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 00:36:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > I've seen quite a few of these in the logs since late last week... > > Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed > out! > Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of > Service attack detected! > > Can anyone shed some light? Something I should be concerned about? What version of clamAV are you using? > > TIA! > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:59:12 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> I've seen quite a few of these in the logs since late last week... >> >> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >> Scanning: Denial Of Service attack detected! >> >> Can anyone shed some light? Something I should be concerned about? > > What version of clamAV are you using? > MailScanner 4.40.11 ClamAV 0.83 Spamassassin 3.0.2 I know they are a little dated but would that cause the above messages? Thanks, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 02:17:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I've seen quite a few of these in the logs since late last week... >>> >>>Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >>>Scanning: Denial Of Service attack detected! >>> >>>Can anyone shed some light? Something I should be concerned about? >> >>What version of clamAV are you using? >> > > > MailScanner 4.40.11 > ClamAV 0.83 > Spamassassin 3.0.2 > > I know they are a little dated but would that cause the above messages? > Possibly for ClamAV. You should upgrade to 0.85.1. > Thanks, > Ken > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Jun 7 08:02:31 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason, I had a similar situation just last week. It had to do with some kind of setup on a user's Thunderbird. A friend of this user told him how to set up Thunderbird to act as a relay for a different domain than ours, and for some reason, because it was being done from our IPs, sendmail would go merrily along and send it, even though it wasn't supposed to. I never did find out what the user had done to make this happen, and he wasn't savvy enough to be able to tell me. My only option I could think of before I found out what was happening, was to block the domain in MS, and the user finally called and complained. Quoting Jason Williams : > I think I figured it out. > This should be interesting. I think one of my users here put something > on their computer and it was sending mail out. > *SIGH* > > > I don't use Thunderbird yet, so if you find out what and how, I would like to know how your user did it. Thanks Steve Campbell ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Tue Jun 7 08:14:58 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: > I had a similar situation just last week. It had to do with some kind of setup > on a user's Thunderbird. A friend of this user told him how to set up > Thunderbird to act as a relay for a different domain than ours, and for some > reason, because it was being done from our IPs, sendmail would go merrily along > and send it, even though it wasn't supposed to. In my opinion each domain (company) should take care that only well known mailservers in their domain should be able to take the role of a relay mailserver (eg controlled by firewall). This will prevent many virus/spam distributions Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 09:20:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:56 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: Jules works fine for me with 4.42.9 as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thanks for confirming that, it's what I expected. For some reason > someone at work is getting {Disarmed} {Spam?}. The only thing I can > think is that the {Spam?} and {Disarmed} tags are being added by > different servers (which is quite possible with my setup). > > Jeff A. Earickson wrote: > > >>Julian, >> >>With 4.43.2, I am getting >> >>Subject: {Spam?} {Disarmed} blah blah >> >>Looks good to me. >> >>Jeff Earickson >>Colby College >> >>On Sun, 5 Jun 2005, Julian Field wrote: >> >> >>>Date: Sun, 5 Jun 2005 18:45:38 +0100 >>>From: Julian Field >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Spam then Disarmed or Disarmed then Spam? >>> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>Which order are you getting your Subject line tags in? They should have >>>Spam on the front, followed by Disarmed (if it applied, obviously). >>>Which order are you getting them in? >>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.1 (Build 2185) >>> >>>iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC >>>wy4ESasWItMi8akGtnOi15Fs >>>=g3DU >>>-----END PGP SIGNATURE----- >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqSp3BH2WUcUFbZUEQJ+2QCgpnoYzutpp5UCYtN3pBn6yKYCACkAoO5s > MYnhF1jQ4OHKA9Hr+52jFNTl > =+OBI > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Jun 7 09:04:17 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:56 2006 Subject: Useful or not ? Message-ID: Hi! You could match the silent virus list to skip announcements then :) On Mon, 6 Jun 2005, Christiaan den Besten wrote: > You think? > > Then again. A simple cron could look for changes in > /var/spool/MailScanner/VirusSamples/ and notify you. But would you want to be > notified for every new version of Mytob.xxx ? > > bye, > Chris > >> It sounds like an interesting idea, but if it could alert you to them, >> apart >> from just putting it in the logs it would be more useful imho >> >> M >> >> >> >> Mr Michele Neylon >> Blacknight Internet Solutions Ltd >> Hosting, co-location & domains >> http://www.blacknight.ie/ >> Tel. +353 59 9137101 | Fax. +353 59 9146970 >> Tired of your current host? Save 15% when you move to us! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Jun 7 09:49:28 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > I have just upgraded. > > It all seemed to go smoothly. There were no obvious errors when I > restarted MailScanner, and it seems to be scanning and trapping as > normal. For once a "me too" is warranted... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue Jun 7 09:34:44 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:56 2006 Subject: Generic spam plug-in Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 06 June 2005 21:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Generic spam plug-in > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Current thoughts are a function call (with timeout wrapper). > It gets passed the smtp client ip, the sender and the list of > recipients, and a ref to an array of lines holding the entire > message. The function simply returns a number which is added > to the spam score along with the SpamAssassin score. You can > replace SpamAssassin completely by just using the generic > wrapper and setting "Use SpamAssassin = no". If the timeout > happens, the score contribution is just 0. > > I should also provide some sample code which calls an > external program to produce the result score. My code will > probably just output > > smtp client ip address (IPv4 or IPv6) > sender address > recipient address > next recipient address... > blank line > message contents > > It will expect one line of input which will either be the > return code from the program or the contents of the 1 line of > output it produces which should be a number. I'll provide > samples for both, up to you which you use. > > MailScanner.conf controls should be > Use Custom Spam Detector = yes/no > Custom Spam Detector Function = > > That should be all you need. > What do you think? > It becomes difficult to judge between the efficiency of various spam filters if all that comes out at the end is a single score. The default scores provided on SA rules are created using a learning algorithm to choose the most effective weights, and as such would arguably need to be re-calculated if you were going to add another score to it. If you develop as described above you will arguably have produced a SpamAssassin plugin rather than a MailScanner plugin. (the kind of plugin that would be really useful too :) ) I would imagine in mailscanner the architecture would be similar to the RBL checks, where one could have a separate ruleset for responses to messsages flagged by this external agent. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Jun 7 09:38:38 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: Hi, I have just upgraded. It all seemed to go smoothly. There were no obvious errors when I restarted MailScanner, and it seems to be scanning and trapping as normal. > All > I see 3.0.4 is out, anyone tried it with MS yet? > > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains several > important bug fixes and is highly recommended for use over previous > versions. > > SpamAssassin is a mail filter which uses advanced statistical and > heuristic tests to identify spam (also known as unsolicited bulk > email). > > Highlights of the release > ------------------------- > > - Certain invalid "Content-Type" headers would cause SpamAssassin to > incorrectly process parts of the message. > > - Certain long message headers could cause slowness when parsing the > > message. > > - Added in SURBL JP list. > > - URI anti-obfuscation updates. > > - Additional bug fixes. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 09:33:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: All I see 3.0.4 is out, anyone tried it with MS yet? SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains several important bug fixes and is highly recommended for use over previous versions. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release ------------------------- - Certain invalid "Content-Type" headers would cause SpamAssassin to incorrectly process parts of the message. - Certain long message headers could cause slowness when parsing the message. - Added in SURBL JP list. - URI anti-obfuscation updates. - Additional bug fixes. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 09:54:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 -- Clam+SA package updated Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated the ClamAV + SpamAssassin package so it contains the new 3.0.4. You can download it from www.mailscanner.info as usual. On 7 Jun 2005, at 09:49, John Wilcock wrote: > Anthony Peacock wrote: > >> I have just upgraded. It all seemed to go smoothly. There were no >> obvious errors when I restarted MailScanner, and it seems to be >> scanning and trapping as normal. >> > > For once a "me too" is warranted... > > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqVg4xH2WUcUFbZUEQJrjACgjqA/aOV/GfhmJ8SIHZW1XfoWIPIAoPYT OF5Juk9uGj91jvLFQUecBg3P =tC3f -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Tue Jun 7 10:03:27 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:29:56 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey scribbled on 06 June 2005 20:47: > On Mon, 2005-06-06 at 13:39, Jeff A. Earickson wrote: >> On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: >> >>> Date: Mon, 6 Jun 2005 20:16:32 +0100 >>> From: "Michele Neylon :: Blacknight Solutions" >>> >>> I'd love to do something with this, but I wouldn't like to drop the >>> mail entirely, as I know that there would be a silly amount of >>> valid mail dropped if I did. >>> >>> How does it handle shared IPs? >> >> I've seen machines with multiple NICs and IPs, but never heard of >> two machines sharing the same IP. Hunh? > > I think he is referring to the situation where multiple domain names > resolve to the same ip, but the ip can only resolve to one name. I > would have thought this is quite common especially among ISPs. Filtering based on invalid reverse DNS is a _really bad_ idea IMHO. The situation described above will also happen where a company or individual hosts multiple domains on a standard ADSL service, as these often only have one IP address. How many potential customers do you want to loose by rejecting that first contact email? Our management would never allow it, and think what would happen to your job if you rejected an email that could have landed your company a £multi-million contract?!?! A much better way if you have to do something like this is to check that the sending email address actually exists at MTA level, before accepting the delivery. How to do this varies depending on the MTA, but has been discussed fairly recently if you search the archives. Rejecting mail for non-existent mailboxes also helps enormously, without annoying legitimate customers! Finally, before I get taken to task over this I'm sure that there will be occasional false positives generated by this configuration, but they will be far far fewer than would occur using reverse DNS lookups. And if the sender's MUA is that badly configured you'd not be able to respond to them anyway! Best Regards, Dan Harris Senior IT Systems Admin AAC Services Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 7 11:18:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:56 2006 Subject: who is using require_rdns.m4? Message-ID: >> >>> How does it handle shared IPs? >> >> I've seen machines with multiple NICs and IPs, but never heard of two >> machines sharing the same IP. Hunh? > > I think he is referring to the situation where multiple > domain names resolve to the same ip, but the ip can only > resolve to one name. I would have thought this is quite common > especially among ISPs. Cheers > Alisdair Alisdair - spot on - I am It would not be uncommon for there to be 300 domains on the one IP in a shared hosting environment Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jun 7 11:33:41 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:57 2006 Subject: 4.43.2-1 BETA has fixed MCP "Delete" action logging - Thanks! Message-ID: Julian Short note to confirm that 4.43.2-1 BETA has fixed the MCP "Delete" action logging bug that I reported. I am running this BETA release on one of our production MTAs and it seems to be OK. (Sendmail + 4.43.2-1 + SpamAssassin 3.0.2 + Sophos + McAfee + ClamAV) Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:49:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: filename expansion variable question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If it has stored the whole message it is correct to say "the entire message". It should have quarantine the whole thing. On 6 Jun 2005, at 04:44, Andrew wrote: > Hi Everyone, > > I am using the $filename expansion variable in the reports to > specify a > path to a 'stored virus' ... This works 99% of the time, however I > have > just noticed that some times the variable expands to the string "the > entire message" (instead of the actual filename). > > > I am running mailscanner version 4.28.6-1. I checked the changelog, > but could not find anything specific about this problem. Can anyone > tell me if it has been addressed? > > > Kind Regards, > Andrew. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV7wRH2WUcUFbZUEQJ2SQCgtH6Gf2YJKBEEzdDEEGs4yEH5dbwAnRlx BWHv2nlCU+RkedirpeF8HKEz =aNwg -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:52:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What virus scanner are you using? (And if it's Sophos or ClamAV then the module version or the command-line version?) On 6 Jun 2005, at 13:56, Richard Lynch wrote: > I upgraded to the latest stable over the weekend. The infection > messages in the syslog are now formatted like this... > > Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm > Infection: W32/Mytob.EK@mm > > Prior to the upgrade the messages are formatted like this... > > Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/ > incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm > > Note that the full path is missing. Unfortunately, I'm counting on > the old message format in order to tie an infected message back to > the sending site and targeted user. I'm using the message-id to do > that. This is used for reports which I send to customers. Is > there an easy way to return to the old message format? > > Richard Lynch > WVNET > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV8gBH2WUcUFbZUEQLYEACfd/LCqUTFV+Ih9lzhF/aW0nCnIk8Anikk xuO926M/XImn/vH2iDFUK8Ry =HfGx -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:56:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What version? Bcc or Cc or To is irrelevant, they are all just recipients. MailScanner doesn't use the headers. On 6 Jun 2005, at 15:57, Steffan Henke wrote: > On Sun, 29 May 2005, Julian Field wrote: > > >> Found and fixed. This is a bug I accidentally introduced recently >> as a >> result of another change someone wanted. I think I have found them >> all >> now. The scanning was working as intended, but the wrong header was >> being put in. >> > > Julian, > > right now, I noticed that an "X-MailScanner: Found to be clean" is > added > if a domain gets a "Bcc:" of an email, is that an expected behaviour ? > > Let's say the ruleset for scans looks like this: > > To: a.com yes > To: b.com yes > To: default no > > > Now I send an Email To: c.com with a Bcc: b.com . > The email to c.com isn't actually scanned, nonetheless the header > gets added. > > > > Regards, > > Steffan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV9axH2WUcUFbZUEQL89gCfeK+430fzI0O+kLZGTl0QbYqqfBIAn1oD nVV7C1qQ7CjAUGbKvXlUoa6K =01Q3 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Jun 7 12:02:44 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: Martin wrote: > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains > > Highlights of the release > ------------------------- > > - Added in SURBL JP list. Given it's now in the main release, we should be removing the rule from spam.assassin.prefs.conf yes? Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Tue Jun 7 12:28:41 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: On Tue, 7 Jun 2005, Julian Field wrote: > What version? This is 4.42.9-1. > Bcc or Cc or To is irrelevant, they are all just recipients. > MailScanner doesn't use the headers. That's what I thought, so I really don't see why that header is added to an outgoing mail. In addition, I had some problems whitelisting lately, especially from sans.org. Although I have From: *@sans.org yes in my spam.whitelist.rules, these emails are close to being marked as spam: From: The SANS Institute Subject: Internet Storm Center Threat Update, Desktop Security and Other SANS Webcasts in June Precedence: bulk Errors-To: Sender: X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=6.657, benoetigt 7, AWL -2.45, BAYES_99 3.50, DCC_CHECK 4.00, DIGEST_MULTIPLE 0.10, RAZOR2_CHECK 1.51) X-MailScanner-SpamScore: ssssss I am going to whitelist sans.org in the SpamAssassin conf as well, but I don't understand why the whitelisting for these particular mails is not applied. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue Jun 7 12:43:30 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Steffan Henke > >> Bcc or Cc or To is irrelevant, they are all just recipients. >> MailScanner doesn't use the headers. > >That's what I thought, so I really don't see why that header is added >to an outgoing mail. >In addition, I had some problems whitelisting lately, especially from >sans.org. Although I have > >From: *@sans.org yes > >in my spam.whitelist.rules, these emails are close to being marked as >spam: > >From: The SANS Institute What Julian is trying to say, is that MS only knows/looks at the ENVELOPE From (MAIL FROM:) and To (RCPT TO:). The From: that you state above (Webcast@sans.org) is NOT the ENVELOPE From. Check your MTA logs to see the ENVELOPE From, or add the X-MailScanner-Envelope-From: header (configure in MailScanner.conf). >Errors-To: >Sender: > >I am going to whitelist sans.org in the SpamAssassin conf as well, but I >don't understand why the whitelisting for these particular mails is not >applied. Presumably, you should whitelist: From: *@*.sans.org yes The ENVELOPE From is probably bounce@mailings.sans.org (from the mailings.sans.org domain, NOT sans.org). >Regards, > >Steffan Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hard2hold at gmail.com Tue Jun 7 12:52:43 2005 From: hard2hold at gmail.com (Hard Hold) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Saw that MailScanner now supports the panda virus scanner, so I thought I would try it out. I see the update scripts, but nowhere can I find out how to register the free version for updates. Been all over the panda site and google. Maybe I am blind, and it would not be the first time. Does anyone have the link to register the panda linux for updates? I am sorry for the off topic, but could not find anywhere else to turn. Thanks Rob ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jun 7 13:12:01 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stef Morrell > Sent: Tuesday, June 07, 2005 7:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA 3.0.4 > > Martin wrote: > > > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains > > > > Highlights of the release > > ------------------------- > > > > - Added in SURBL JP list. > > Given it's now in the main release, we should be removing the rule from > spam.assassin.prefs.conf yes? > > Stef Yes. The JP_* lines can bee removed. The score has been lowered a bit but I tend to trust the scores assigned by the SA folks until something changes my mind :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 13:34:26 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: Stephen I'm keeping a close eye on that score. Given the 'fun' the bayes scores where in 3.0.2 from the automatic score assignment I've started to view auto assigned scores with a heavy pinch of salt. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Stef Morrell >>Sent: Tuesday, June 07, 2005 7:03 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA 3.0.4 >> >>Martin wrote: >> >> >>>SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains >>> >>>Highlights of the release >>>------------------------- >>> >>> - Added in SURBL JP list. >> >>Given it's now in the main release, we should be removing the rule from >>spam.assassin.prefs.conf yes? >> >>Stef > > > Yes. The JP_* lines can bee removed. > > The score has been lowered a bit but I tend to trust the scores assigned by > the SA folks until something changes my mind :) > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Tue Jun 7 13:36:39 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >What virus scanner are you using? (And if it's Sophos or ClamAV then >the module version or the command-line version?) > > Sorry, I should have mentioned that I'm running F-Prot. I'm also running ClamAV in command line mode. The output from ClamAV does include the full path. -- Rich >On 6 Jun 2005, at 13:56, Richard Lynch wrote: > > > >>I upgraded to the latest stable over the weekend. The infection >>messages in the syslog are now formatted like this... >> >>Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm >>Infection: W32/Mytob.EK@mm >> >>Prior to the upgrade the messages are formatted like this... >> >>Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/ >>incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm >> >>Note that the full path is missing. Unfortunately, I'm counting on >>the old message format in order to tie an infected message back to >>the sending site and targeted user. I'm using the message-id to do >>that. This is used for reports which I send to customers. Is >>there an easy way to return to the old message format? >> >>Richard Lynch >>WVNET >> >> -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "rich.vcf") 13 lines. ] [ Unable to print this part. ] From campbell at cnpapers.com Tue Jun 7 13:41:13 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Beat, Beat Jucker wrote: >> I had a similar situation just last week. It had to do with some >> kind of setup on a user's Thunderbird. A friend of this user told >> him how to set up Thunderbird to act as a relay for a different >> domain than ours, and for some reason, because it was being done >> from our IPs, sendmail would go merrily along and send it, even >> though it wasn't supposed to. > > In my opinion each domain (company) should take care that only well > known mailservers in their domain should be able to take the role of > a relay mailserver (eg controlled by firewall). This will prevent > many virus/spam distributions I agree, but this was happening on my outbound mailserver, so I couldn't control it with the normal solution. This is the user's normal SMTP server, it was set up to only relay for particular domains, but it still relayed for this non-authorized domain. It was also receiving mail for this user in this non-authorized domain. Somewhere, I have a feeling, that there is a setting in my sendmail configuration that says relay for any IP in my IP range. I don't understand the inbound part at all. Any ideas how this may have been implemented? Steve > > Regards > -- Beat > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 13:56:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: 4.43.2-1 BETA has fixed MCP "Delete" action logging - Thanks! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great. Thanks for confirming that. On 7 Jun 2005, at 11:33, Quentin Campbell wrote: > Julian > > Short note to confirm that 4.43.2-1 BETA has fixed the MCP "Delete" > action logging bug that I reported. > > I am running this BETA release on one of our production MTAs and it > seems to be OK. > > (Sendmail + 4.43.2-1 + SpamAssassin 3.0.2 + Sophos + McAfee + ClamAV) > > Thanks > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqWZbhH2WUcUFbZUEQLG9ACeIFkDTI+FubY4QqyLJoXQ575FNq0AmwSp GQsxxTV35OJmGkz3Rr49+GVO =r2JP -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 14:01:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In SweepViruses.pm swap over lines 1920 and 1921. They should currently say: $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New MailScanner::Log::InfoLog($logout); and you probably want MailScanner::Log::InfoLog($logout); $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New instead. On 7 Jun 2005, at 13:36, Richard Lynch wrote: > Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What virus scanner are you using? (And if it's Sophos or ClamAV >> then the module version or the command-line version?) >> >> > Sorry, I should have mentioned that I'm running F-Prot. I'm also > running ClamAV in command line mode. The output from ClamAV does > include the full path. > > -- Rich > > > >> On 6 Jun 2005, at 13:56, Richard Lynch wrote: >> >> >> >>> I upgraded to the latest stable over the weekend. The infection >>> messages in the syslog are now formatted like this... >>> >>> Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm >>> Infection: W32/Mytob.EK@mm >>> >>> Prior to the upgrade the messages are formatted like this... >>> >>> Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/ >>> MailScanner/ incoming/18024/j548EsXL032151/tyve.scr Infection: >>> W32/Mytob.CZ@mm >>> >>> Note that the full path is missing. Unfortunately, I'm counting >>> on the old message format in order to tie an infected message >>> back to the sending site and targeted user. I'm using the >>> message-id to do that. This is used for reports which I send to >>> customers. Is there an easy way to return to the old message >>> format? >>> >>> Richard Lynch >>> WVNET >>> >>> > > > -- > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqWamRH2WUcUFbZUEQKesgCgoZpVrVSt1l5OxWZLkD8+q5gYXqEAn19Q J6TsclMOnXxxbSKooruH2PFN =Mkyz -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jun 7 14:07:57 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Tuesday, June 07, 2005 8:34 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA 3.0.4 > > Stephen > > I'm keeping a close eye on that score. > > Given the 'fun' the bayes scores where in 3.0.2 from the automatic score > assignment I've started to view auto assigned scores with a heavy pinch > of salt. > > -- > Martin Hepworth That a good point. I'll watch the hits on JP_ for the nest few days. For those that care - in spam.assassin.prefs.comf we had scored URIBL_JP_SURBL: score URIBL_JP_SURBL 4.0 It's now scored: score URIBL_JP_SURBL 0 1.539 0 2.462 Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 7 14:09:01 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: Hard Hold wrote: > Saw that MailScanner now supports the panda virus scanner, so I > thought I would try it out. I see the update scripts, but nowhere can > I find out how to register the free version for updates. Been all > over the panda site and google. Maybe I am blind, and it would not be > the first time. Does anyone have the link to register the panda > linux for updates? I am sorry for the off topic, but could not find > anywhere else to turn. > > Thanks > > Rob > AFAIK you need buy a licensed product to get updates... "free" indeed... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hard2hold at gmail.com Tue Jun 7 14:12:39 2005 From: hard2hold at gmail.com (Hard Hold) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/7/05, Steen, Glenn wrote: > Hard Hold wrote: > > Saw that MailScanner now supports the panda virus scanner, so I > > thought I would try it out. I see the update scripts, but nowhere can > > I find out how to register the free version for updates. Been all > > over the panda site and google. Maybe I am blind, and it would not be > > the first time. Does anyone have the link to register the panda > > linux for updates? I am sorry for the off topic, but could not find > > anywhere else to turn. > > > > Thanks > > > > Rob > > > AFAIK you need buy a licensed product to get updates... "free" indeed... > > -- Glenn > looks like you get what you pay for then. ty for the information. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Tue Jun 7 14:47:31 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >In SweepViruses.pm swap over lines 1920 and 1921. >They should currently say: > > $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New > MailScanner::Log::InfoLog($logout); > >and you probably want > > MailScanner::Log::InfoLog($logout); > $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New > >instead. > > Yes, that did it. Thank you. In my copy of SweepViruses.pm it was lines 1902 and 1903. I'm running... > MailScanner -V > ... > This is MailScanner version 4.42.9 Will you be making the same change to the code base or is this a modification that I will have to maintain? I appreciate all of you efforts. -- Rich -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "rich.vcf") 13 lines. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Tue Jun 7 14:46:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:57 2006 Subject: Possible problem with the new panda wrapper Message-ID: Hi Rick & all, I finally had a slow moment to look at your new wrapper script. Lets start out positive: I really like what you've done there. Might be because of the rich comments in a language I actually understand:-), but more likely the nice "sidestep" of terminal issues. Probably comes from you being a real programmer, where I'm just a know-nothing programmer-turned-sysadmin (happened just after the dark ages too:-):). Some "problems" though: Am I correct in that this still will not honour the path given at the end of options? So that saying "." or "./" is virtually the same? Seems to me that MS could do that in ScanBatch, if TryCommercial times out (please correct me if I'm wrong!). Am I correct that you call pavcl once/directory, not once/batch? Would be nice if it was once/batch:). Now for the real problem. When I simulate a batch of more than one message, this detects the "clean second" as the "unclean first". Better that I show what I mean: --------------------------------- [root@mail bbb]# ls -lR .: totalt 8 drwxrwx--- 2 postfix apache 4096 mar 9 18:51 B46B323DAF.66B25/ drwxr-xr-x 2 root root 4096 mar 16 10:55 ZZZZZZZZ.ZZZZ/ ./B46B323DAF.66B25: totalt 8 -rw-rw---- 1 postfix apache 69 mar 9 18:51 eicar.com -rw-rw---- 1 postfix apache 1223 mar 9 18:51 message ./ZZZZZZZZ.ZZZZ: totalt 4 -rw-r--r-- 1 root root 132 mar 16 10:55 message [root@mail bbb]# pwd /var/spool/MailScanner/quarantine/.test/bbb [root@mail bbb]# /root/MailScanner-install-4.42.9/perl-tar/MailScanner-4.42.9/lib/panda-w rapper /usr -nsb -eng -aex -nso -aut -cmp . FOUND:Eicar.Mod##::##message->eicar.com##::##B46B323DAF.66B25##::##/var/ spool/MailScanner/quarantine/.test/bbb FOUND:Eicar.Mod##::##message->eicar.com##::##ZZZZZZZZ.ZZZZ##::##/var/spo ol/MailScanner/quarantine/.test/bbb [root@mail bbb]# cat ZZZZZZZZ.ZZZZ/message Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file [root@mail bbb]# ------------------------------------ As you can see (apart from me not having it actually installed:-), the ZZZZZZZZ.ZZZZ/message file shouldn't be detected, but it is. I've not looked too deeply into why this happens.. Will do so, if this temporary slump in Real Work keeps up:-)... Or you could beat me to it:-). Tell me if you need more info. Best Regards, -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 14:57:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7 Jun 2005, at 14:47, Richard Lynch wrote: Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In SweepViruses.pm swap over lines 1920 and 1921. They should currently say:   $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New   MailScanner::Log::InfoLog($logout); and you probably want   MailScanner::Log::InfoLog($logout);   $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New instead.   Yes, that did it.  Thank you.  In my copy of SweepViruses.pm it was lines 1902 and 1903.  I'm running... > MailScanner -V > ... > This is MailScanner version 4.42.9 Will you be making the same change to the code base or is this a modification that I will have to maintain?  I appreciate all of you efforts. No, don't worry, I've added it to the main code base. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 202bytes. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Tue Jun 7 15:37:52 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:57 2006 Subject: who is using require_rdns.m4? Message-ID: Gang, I've run require_rdns.m4 since about 10 EDT yesterday. In the last 24 hours, I've seen: Yesterday (10 AM to midnight): Total RDNS Fix Reverse DNS: 5889 (5xx fatal error) Total RDNS no resolve: 378 (4xx tempfail) Total RDNS Possible forgery: 4578 (4xx tempfail) Today (since midnight): Total RDNS Fix Reverse DNS: 6327 Total RDNS no resolve: 426 Total RDNS Possible forgery: 4214 The bulk of the "no reverse DNS" fatal rejections came from APNIC numbers. As for the issue of one IP number hosting multiple names, I believe that this test can be eliminated from require_rdns.m4 by removing the line that contains "451 Possibly forged hostname for $1". Per suggestions here, I have done that to my setup. I have heard nothing but silence from our helpdesk since installing require_rdns.m4 yesterday. No complaints or queries. We are a college, and lots of people are gone so it is quiet now anyway. But people howl quickly about email issues. Despite opinions to the contrary here, maybe require_rdns is not such a bad idea for anti-spam. BTW, upgraded to SpamAssassin 3.0.4 with MailScanner 4.43.2. No problems. I commented out the URIBL_JP_SURBL stuff in spam.assassin.prefs.conf as part of this upgrade. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Tue Jun 7 15:41:31 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:57 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, thanks for the responses. Peter, you are sorta right, the winmail.dat file *may* or *may not* contain an attachment. If there is not an attachment, then you are right, I think I am safe to discard it, but if there is an attachment, I would like to reattach it, and discard the original winmail.dat. So I am looking at Message.pm, and at first glance, it looks like maybe I can make some changes to that to do what I want. Obviously this is the brains of the operation. What I am thinking is adding another entry into MailScanner.conf to "Replace TNEF With Contents = Yes", then modifying Message.pm to respect that flag and make the changes. I also see that I can write my own perl and put it in /usr/lib/MailScanner/MailScanner/CustomFunctions. This looks highly promising. Would this be a good place to put a function that does what I want? Is there a simpler way? I am not looking for a step-by-step how do (although that would be awesome :), but just which way to go (and which way not to go) would be highly, highly appreciated. Scott Silva wrote: Peter Russell wrote: Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com 404 303 9900 x105 770 402 7143 (cell) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 16:42:43 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve, Thanks for the heads-up, especially since we are testing out Thunderbird right now. Well, I figured out for the most part what the problem was. It appears one of my users computer is loaded with spyware. *sigh* I was able to watch my server and catch a piece of the mail. When I broke down the headers, the orginating IP address was from my internal network. Which completely threw me off as well as piss me off. Once I unplugged the persons computer from the network, everything was fine. So in essence, that computer turned into a mailserver. Today I will be doing some forensic work on the computer to see just what the hell happened (can you tell that I am still angry?) This is another one of those things that drives me nuts because i've been pushing for months (almost a year really) to tighten down what are users can do, both browsing the internet and installing software. FINALLY! After yesterday, the big wigs said "Wow, that was serious. Maybe we should stop it. Lets do it." Ya, a day late and a dollar short. Anyway, if anyone is curious as to what I find on the computer, shoot me a personal email and i'll give you a full breakdown of what i find. Thanks for the heads up Steve. Jason >Jason, > >I had a similar situation just last week. It had to do with some kind of setup >on a user's Thunderbird. A friend of this user told him how to set up >Thunderbird to act as a relay for a different domain than ours, and for some >reason, because it was being done from our IPs, sendmail would go merrily along >and send it, even though it wasn't supposed to. I never did find out what the >user had done to make this happen, and he wasn't savvy enough to be able to tell >me. My only option I could think of before I found out what was happening, was >to block the domain in MS, and the user finally called and complained. > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 7 17:01:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Steve, > > Thanks for the heads-up, especially since we are testing out Thunderbird > right now. > Well, I figured out for the most part what the problem was. It appears > one of my users computer is loaded with spyware. *sigh* > I was able to watch my server and catch a piece of the mail. When I > broke down the headers, the orginating IP address was from my internal > network. Which completely threw me off as well as piss me off. Once I > unplugged the persons computer from the network, everything was fine. So > in essence, that computer turned into a mailserver. Today I will be > doing some forensic work on the computer to see just what the hell > happened (can you tell that I am still angry?) > > This is another one of those things that drives me nuts because i've > been pushing for months (almost a year really) to tighten down what are > users can do, both browsing the internet and installing software. > FINALLY! After yesterday, the big wigs said "Wow, that was serious. > Maybe we should stop it. Lets do it." Ya, a day late and a dollar short. > > Anyway, if anyone is curious as to what I find on the computer, shoot me > a personal email and i'll give you a full breakdown of what i find. > > Thanks for the heads up Steve. > > Jason > >> Jason, >> >> I had a similar situation just last week. It had to do with some kind >> of setup >> on a user's Thunderbird. A friend of this user told him how to set up >> Thunderbird to act as a relay for a different domain than ours, and >> for some >> reason, because it was being done from our IPs, sendmail would go >> merrily along >> and send it, even though it wasn't supposed to. I never did find out >> what the >> user had done to make this happen, and he wasn't savvy enough to be >> able to tell >> me. My only option I could think of before I found out what was >> happening, was >> to block the domain in MS, and the user finally called and complained. >> >> >> >> > Some of that cr#p gets installed through activex vulnerabilities in IE. The user doesn't have to say yes, as a matter of fact they get no prompt at all, and some gets in even on locked down PC's. It's making me pull out my hair! I have had to do the "cat5-ectomy" on several PC's this year. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Tue Jun 7 17:20:50 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:57 2006 Subject: Do RBL lists check all Received: from x.x.x.x headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For example if your on dialup or dynamic but you setup smarthost it will still show dialup header IP's ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 17:52:44 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not looking to get blasted, but this is about the best list group for getting questions taken care of. Does any one have any suggestion for setting up a Linux spyware filter? Thanks and sorry. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jun 7 18:06:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:57 2006 Subject: Do RBL lists check all Received: from x.x.x.x headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BB wrote: > > For example if your on dialup or dynamic but you setup smarthost it will > still show dialup header IP's Dialup RBLs should only be checked against IPs delivering to a server in trusted_networks. Other RBLs are checked against all RBLs. So in your case you will have FP problems, since I assume your smarthost is running SA, thus trusted, and accepting mail directly from dialup/dynamic client IPs. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 18:14:20 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jfalgout at OGOV.NET Tue Jun 7 18:16:43 2005 From: jfalgout at OGOV.NET (Jeff Falgout) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis said: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware > filter? > > Thanks and sorry. Check out the DansGuardian Antivirus plugin - I use it to scan http traffic using squid and clamav. Clam is starting to add alot of spyware into it's signatures. If you need something right away, you can create your own. In addition, you can also use blacklists to filter out the known spyware sites. www.dansguardian.org http://www.harvest.com.br/asp/afn/dg.nsf or the av plugin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:18:16 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you. These are the types of solutions we have looked at and have used. I am looking more at a gateway product that prevents spyware from even getting to the computer. There are many gateway appliances that do this but I have been unable to find a Linux (free) solution. Thanks. >>> jwilliams@COURTESYMORTGAGE.COM 06/07 1:14 PM >>> I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Tue Jun 7 18:23:41 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: At 12:52 PM 6/7/2005, you wrote: >Not looking to get blasted, but this is about the best list group for >getting questions taken care of. > >Does any one have any suggestion for setting up a Linux spyware filter? > >Thanks and sorry. That's probably not a bad question, but something I've never researched or come upon. I'll be lurking.. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:23:05 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the info. I would not even know where to start to create my own. We are looking at adding the clam to dansguardian. Thanks. >>> jfalgout@OGOV.NET 06/07 1:16 PM >>> David Curtis said: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware > filter? > > Thanks and sorry. Check out the DansGuardian Antivirus plugin - I use it to scan http traffic using squid and clamav. Clam is starting to add alot of spyware into it's signatures. If you need something right away, you can create your own. In addition, you can also use blacklists to filter out the known spyware sites. www.dansguardian.org http://www.harvest.com.br/asp/afn/dg.nsf or the av plugin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 18:22:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: David Obvious answer is not to use IE on windows..... kills 99% of all known spyware dead ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Jun 7 18:22:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:57 2006 Subject: Possible problem with the new panda wrapper Message-ID: Glenn, I replied off list with more detail than here, I didn't notice your message went to the list as well as me. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Tuesday, June 07, 2005 8:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Possible problem with the new panda wrapper > > > Hi Rick & all, > > I finally had a slow moment to look at your new wrapper script. > Lets start out positive: I really like what you've done there. Might > be because of the rich comments in a language I actually understand:-), > but more likely the nice "sidestep" of terminal issues. Probably > comes from you being a real programmer, where I'm just a know-nothing > programmer-turned-sysadmin (happened just after the dark ages too:-):). > > Some "problems" though: > Am I correct in that this still will not honour the path given at the > end of options? So that saying "." or "./" is virtually the > same? Seems to me that MS could do that in ScanBatch, if TryCommercial > times out (please correct me if I'm wrong!). > > Am I correct that you call pavcl once/directory, not once/batch? Would > be nice if it was once/batch:). Done, you should already have a copy of a new version of panda-wrapper, and the required patch to SweepViruses.pm, to try out. Please let me/us know if it's more like what you desire. It will scan the child's entire batch with one call to pavcl > > Now for the real problem. When I simulate a batch of more than one > message, this detects the "clean second" as the "unclean first". Better > that I show what I mean: [..] This was a stupid error on my part. I deleted some debug stuff before sending the last version to Julian and I didn't test it with a batch... I deleted one line too many. I have attached a patch for panda-wrapper that will fix this one line brain spaz. Apply the patch or change the following line in panda-wrapper from: sub scan_virus{ to: sub scan_virus{ # Make sure our Virtual Screen is clean when called. $VirtualScreens = ""; I don't know if/when Julian will incorporate the changes to panda-wrapper and SweepViruses.pm to allow a single call to pavcl for each batch rather than each message. If anyone else wants this change now/soon let me know and I can send it to you or post it here. Again, Sorry for the brain fade on the above error Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "panda-wrapper.diff") ] [ 430bytes. ] [ Unable to print this part. ] From support at spyproductions.com Tue Jun 7 18:27:08 2005 From: support at spyproductions.com (SpyProductions Support Team) Date: Thu Jan 12 21:29:57 2006 Subject: Mailscanner upgrade Message-ID: Hi Everyone, Just upgraded MailScanner here on system I inherited here running Rh 9 and it won't start. I installed all the dependencies that it asked for when I initially installed it, but it still looks like a dependency issue to me.... I'm seeing the following whenever I try to start MailScanner: Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. Compilation failed in require at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. Compilation failed in require at /usr/sbin/MailScanner line 73. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. I scanned the archive and found one issue - IO-stringy, but am lost on the rest Any help would be trully appreciated. Thanks, Darryl Jones System Administrator SpyProductions Achieve Web Success http://spyproductions.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:28:35 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately this is not an option for us right now. I know this will prevent most of the problem, like teaching people safe searching habits, it just will not happen here. >>> martinh@SOLID-STATE-LOGIC.COM 06/07 1:22 PM >>> David Obvious answer is not to use IE on windows..... kills 99% of all known spyware dead ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 18:31:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: David more serviously.. http://www.pcxperience.org/dgvirus/ uses the MaiLScanner AV interface to provide a plugin to DG. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 7 18:25:34 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > I know what you mean. > There is one product i've been looking at and after this incident, > strongly considering using. Two of their products I like. Here is the > website: > > http://www.faronics.com/index.asp > > The two that would help us and let us keep the hair we have are: > > DeepFreeze: > http://www.faronics.com/html/deepfreeze.asp > > AntiExec: > http://www.faronics.com/html/AntiExec.asp > > I may just pony up the money and buy DeepFreeze. > > Hope this helps. > > Jason > > > Scott Silva wrote: > >>>> Some of that cr#p gets installed through activex vulnerabilities in IE. >>>> The user doesn't have to say yes, as a matter of fact they get no >>>> prompt >>>> at all, and some gets in even on locked down PC's. It's making me pull >>>> out my hair! I have had to do the "cat5-ectomy" on several PC's this >>>> year. >>>> >>>> > > You can also have a look at this; http://www.spywareguide.com/blockfile.php I was just starting to look at this today. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Tue Jun 7 18:55:07 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: I am an IT in a school division, and we run deepfreeze on any computer that students use. It has saved us weeks and months of work. Of course, the staff machines are not locked down....oh well, can't have it all :( -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: June 7, 2005 12:14 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: little off topic: Am I an open relay? I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 18:59:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SpyProductions Support Team wrote: > > Hi Everyone, > > Just upgraded MailScanner here on system I inherited here running Rh 9 > and it won't start. I installed all the dependencies that it asked for > when I initially installed it, but it still looks like a dependency > issue to me.... > > I'm seeing the following whenever I try to start MailScanner: > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: > /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > /usr/lib/MailScanner) at > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > BEGIN failed--compilation aborted at > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > Compilation failed in require at /usr/sbin/MailScanner line 73. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > > I scanned the archive and found one issue - IO-stringy, but am lost on > the rest Does indeed look like IO-stringy. This should be installed by the ./install.sh installation script in the MailScanner distribution. Have you tried to upgrade to the latest MailScanner? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp YkbbncsXIfKH4TG5P90VZq0V =bfPr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support at spyproductions.com Tue Jun 7 19:15:11 2005 From: support at spyproductions.com (SpyProductions Support Team) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: I used the RPM dist off of the MailScanner website last week. I just tried the latest version - 4.22.9-1 and it installed without a problem. Tried to crank it up, same issue..... Darryl Jones System Administrator SpyProductions Achieve Web Success http://spyproductions.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Tuesday, June 07, 2005 1:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner upgrade > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > SpyProductions Support Team wrote: > > > > > Hi Everyone, > > > > Just upgraded MailScanner here on system I inherited here > running Rh 9 > > and it won't start. I installed all the dependencies that > it asked for > > when I initially installed it, but it still looks like a dependency > > issue to me.... > > > > I'm seeing the following whenever I try to start MailScanner: > > > > Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: > > /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/5.8.0 > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > > /usr/lib/MailScanner) at > > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > > Compilation failed in require at > > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > > BEGIN failed--compilation aborted at > > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > > Compilation failed in require at /usr/sbin/MailScanner line 73. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > > > > I scanned the archive and found one issue - IO-stringy, but > am lost on > > the rest > > Does indeed look like IO-stringy. This should be installed by the > ./install.sh installation script in the MailScanner > distribution. Have > you tried to upgrade to the latest MailScanner? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp > YkbbncsXIfKH4TG5P90VZq0V > =bfPr > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 19:08:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: Hmm prob fun with RH RPM and NON RH rpm perl module locations (again). see if you can find a RH RPM with the modules you need. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 SpyProductions Support Team wrote: > I used the RPM dist off of the MailScanner website last week. > I just tried the latest version - 4.22.9-1 and it installed without a > problem. Tried to crank it up, same issue..... > > Darryl Jones > System Administrator > SpyProductions > Achieve Web Success > http://spyproductions.com > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Tuesday, June 07, 2005 1:59 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mailscanner upgrade >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >> >>SpyProductions Support Team wrote: >> >> >>> >>>Hi Everyone, >>> >>>Just upgraded MailScanner here on system I inherited here >> >>running Rh 9 >> >>>and it won't start. I installed all the dependencies that >> >>it asked for >> >>>when I initially installed it, but it still looks like a dependency >>>issue to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>/usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/5.8.0 >>>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>/usr/lib/MailScanner) at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>BEGIN failed--compilation aborted at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>Compilation failed in require at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>BEGIN failed--compilation aborted at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>Compilation failed in require at /usr/sbin/MailScanner line 73. >>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>> >>>I scanned the archive and found one issue - IO-stringy, but >> >>am lost on >> >>>the rest >> >>Does indeed look like IO-stringy. This should be installed by the >>./install.sh installation script in the MailScanner >>distribution. Have >>you tried to upgrade to the latest MailScanner? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>YkbbncsXIfKH4TG5P90VZq0V >>=bfPr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >>in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 19:09:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did the installation script produce any errors as it installed the RPMs? Something fairly fundamental didn't work. If you can give me remote ssh access and the root password, I'll take a look for you. Mail me details (off-list!). SpyProductions Support Team wrote: >I used the RPM dist off of the MailScanner website last week. >I just tried the latest version - 4.22.9-1 and it installed without a >problem. Tried to crank it up, same issue..... > >Darryl Jones >System Administrator >SpyProductions >Achieve Web Success >http://spyproductions.com > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Tuesday, June 07, 2005 1:59 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mailscanner upgrade >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >> >>SpyProductions Support Team wrote: >> >> >> >>> >>>Hi Everyone, >>> >>>Just upgraded MailScanner here on system I inherited here >>> >>> >>running Rh 9 >> >> >>>and it won't start. I installed all the dependencies that >>> >>> >>it asked for >> >> >>>when I initially installed it, but it still looks like a dependency >>>issue to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>/usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/5.8.0 >>>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>/usr/lib/MailScanner) at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>BEGIN failed--compilation aborted at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>Compilation failed in require at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>BEGIN failed--compilation aborted at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>Compilation failed in require at /usr/sbin/MailScanner line 73. >>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>> >>>I scanned the archive and found one issue - IO-stringy, but >>> >>> >>am lost on >> >> >>>the rest >>> >>> >>Does indeed look like IO-stringy. This should be installed by the >>./install.sh installation script in the MailScanner >>distribution. Have >>you tried to upgrade to the latest MailScanner? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>YkbbncsXIfKH4TG5P90VZq0V >>=bfPr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >>in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXi8xH2WUcUFbZUEQJkyACgj1eQSE8MVCyuUTIsJRR3sf7EY38AoJjp ZfJ8ZWG/3arp33fimhHlPCmq =Zzut -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 19:21:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But that's why MailScanner rebuilds each of the RPMs before installing them. They should end up in the right place for your system. Martin Hepworth wrote: > Hmm > > prob fun with RH RPM and NON RH rpm perl module locations (again). > > see if you can find a RH RPM with the modules you need. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > SpyProductions Support Team wrote: > >> I used the RPM dist off of the MailScanner website last week. >> I just tried the latest version - 4.22.9-1 and it installed without a >> problem. Tried to crank it up, same issue..... >> >> Darryl Jones >> System Administrator >> SpyProductions >> Achieve Web Success >> http://spyproductions.com >> >> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>> On Behalf Of Julian Field >>> Sent: Tuesday, June 07, 2005 1:59 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Mailscanner upgrade >>> >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> SpyProductions Support Team wrote: >>> >>> >>>> >>>> Hi Everyone, >>>> >>>> Just upgraded MailScanner here on system I inherited here >>> >>> >>> running Rh 9 >>> >>>> and it won't start. I installed all the dependencies that >>> >>> >>> it asked for >>> >>>> when I initially installed it, but it still looks like a dependency >>>> issue to me.... >>>> >>>> I'm seeing the following whenever I try to start MailScanner: >>>> >>>> Starting MailScanner daemons: >>>> incoming sendmail: [ OK ] >>>> outgoing sendmail: [ OK ] >>>> MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>> /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/5.8.0 >>>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>> /usr/lib/MailScanner) at >>>> /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>> BEGIN failed--compilation aborted at >>>> /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>> Compilation failed in require at >>>> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>> BEGIN failed--compilation aborted at >>>> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>> Compilation failed in require at /usr/sbin/MailScanner line 73. >>>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>>> >>>> I scanned the archive and found one issue - IO-stringy, but >>> >>> >>> am lost on >>> >>>> the rest >>> >>> >>> Does indeed look like IO-stringy. This should be installed by the >>> ./install.sh installation script in the MailScanner distribution. >>> Have you tried to upgrade to the latest MailScanner? >>> >>> - -- Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store Professional >>> Support Services at www.MailScanner.biz MailScanner thanks transtec >>> Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.1 (Build 2185) >>> >>> iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>> YkbbncsXIfKH4TG5P90VZq0V >>> =bfPr >>> -----END PGP SIGNATURE----- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXlxRH2WUcUFbZUEQJy9ACfch4JtnJMIW0D2+myZy0Gbow+//wAoMzt sUy1JX4B+pdESq8aZ8vu7C64 =DtwS -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Jun 7 19:31:17 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:58 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IE-SpyAd is not a Linux filter for spyware, but is a big list of sites to be added to the restricted sites zone in IE. The author has a script that will add/remove the said list. You could add the list to the users IE via login batch file. You could lock IE down so the users can't add/remove sites, using group policy. https://netfiles.uiuc.edu/ehowes/www/resource.htm David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Tue Jun 7 20:16:05 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: > Just upgraded MailScanner here on system I inherited here running Rh 9 and > it won't start. I installed all the dependencies that it asked for > when I initially installed it, but it still looks like a dependency issue > to me.... > > I'm seeing the following whenever I try to start MailScanner: > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: Run: perl -MCPAN -e 'install IO::Wrap' That should take care of it for you.... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCpfJ1G4PxJjbMvv0RAv2KAJ94WC1ZdL0B10F9rOmuAPqlTzqYJACfbR94 A1HdImsRPgcihN7k/B9qRes= =nUeu -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 21:40:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It turned out to be the classic UTF8 problem in /etc/sysconfig/i18n, the error message was a red herring. Chris Stone wrote: >* PGP Signed by an unknown key: 06/07/05 at 20:16:05 > >On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: > > >>Just upgraded MailScanner here on system I inherited here running Rh 9 and >>it won't start. I installed all the dependencies that it asked for >>when I initially installed it, but it still looks like a dependency issue >>to me.... >> >>I'm seeing the following whenever I try to start MailScanner: >> >>Starting MailScanner daemons: >>incoming sendmail: [ OK ] >>outgoing sendmail: [ OK ] >>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >> >> > >Run: perl -MCPAN -e 'install IO::Wrap' > >That should take care of it for you.... > >* Unknown Key >* 0x36CCBEFD (L) > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqYGJhH2WUcUFbZUEQIfUACgn1T0FYqfnMYaUv+LFvqbLyIumdgAoJH9 cCTDW6ONLlhS28Q9rWI9Dlc/ =C6L6 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 7 21:57:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SV: Possible problem with the new panda wrapper Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brain fades happen. Even to the best. Will test and report back tomorrow. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Rick Cooper Skickat: ti 2005-06-07 19:22 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Possible problem with the new panda wrapper Glenn, I replied off list with more detail than here, I didn't notice your message went to the list as well as me. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Tuesday, June 07, 2005 8:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Possible problem with the new panda wrapper > > > Hi Rick & all, > > I finally had a slow moment to look at your new wrapper script. > Lets start out positive: I really like what you've done there. Might > be because of the rich comments in a language I actually understand:-), > but more likely the nice "sidestep" of terminal issues. Probably > comes from you being a real programmer, where I'm just a know-nothing > programmer-turned-sysadmin (happened just after the dark ages too:-):). > > Some "problems" though: > Am I correct in that this still will not honour the path given at the > end of options? So that saying "." or "./" is virtually the > same? Seems to me that MS could do that in ScanBatch, if TryCommercial > times out (please correct me if I'm wrong!). > > Am I correct that you call pavcl once/directory, not once/batch? Would > be nice if it was once/batch:). Done, you should already have a copy of a new version of panda-wrapper, and the required patch to SweepViruses.pm, to try out. Please let me/us know if it's more like what you desire. It will scan the child's entire batch with one call to pavcl > > Now for the real problem. When I simulate a batch of more than one > message, this detects the "clean second" as the "unclean first". Better > that I show what I mean: [..] This was a stupid error on my part. I deleted some debug stuff before sending the last version to Julian and I didn't test it with a batch... I deleted one line too many. I have attached a patch for panda-wrapper that will fix this one line brain spaz. Apply the patch or change the following line in panda-wrapper from: sub scan_virus{ to: sub scan_virus{ # Make sure our Virtual Screen is clean when called. $VirtualScreens = ""; I don't know if/when Julian will incorporate the changes to panda-wrapper and SweepViruses.pm to allow a single call to pavcl for each batch rather than each message. If anyone else wants this change now/soon let me know and I can send it to you or post it here. Again, Sorry for the brain fade on the above error Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin at MICA.NET Tue Jun 7 23:34:59 2005 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:29:58 2006 Subject: New version of msre (MailScanner Ruleset Editor) available: 0.2.1 Message-ID: Hello, For anyone interested, I have just updated my MailScanner Ruleset Editor (msre). This is a bug fix release, I fixed a few issues that would cause the rulesets to get messed up w/multiple actions (like "store notify"). For more information on msre: http://msre.sourceforge.net Or to see what has been fixed/changed, you can view the changelog at: http://sourceforge.net/project/shownotes.php?release_id=333373 k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 8 08:40:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: Classic as in old - well a year ago I guess....In computing terms thats ancient ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It turned out to be the classic UTF8 problem in /etc/sysconfig/i18n, the > error message was a red herring. > > Chris Stone wrote: > > >>* PGP Signed by an unknown key: 06/07/05 at 20:16:05 >> >>On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: >> >> >> >>>Just upgraded MailScanner here on system I inherited here running Rh 9 and >>>it won't start. I installed all the dependencies that it asked for >>>when I initially installed it, but it still looks like a dependency issue >>>to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>> >>> >> >>Run: perl -MCPAN -e 'install IO::Wrap' >> >>That should take care of it for you.... >> >>* Unknown Key >>* 0x36CCBEFD (L) >> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqYGJhH2WUcUFbZUEQIfUACgn1T0FYqfnMYaUv+LFvqbLyIumdgAoJH9 > cCTDW6ONLlhS28Q9rWI9Dlc/ > =C6L6 > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Wed Jun 8 08:51:15 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: Is that one file or two different files. In WindoZE you can create a file with a ',' in the filename. That could be why it has been blocked. Because of the length of the single file. Christo -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Craig White Sent: 08 June 2005 03:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: confusing message {Virus Scanned} # rpm -qa mailscanner mailscanner-4.40.5-1 One of my users reports this error... Our e-mail content detector has just been triggered by a message you sent: To: obscured_email_address Subject: Homeowners Financial Date: Tue Jun 7 12:00:04 2005 One or more of the attachments (Payroll Adjust.doc, Payroll Adjust-1.doc) are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files to avoid this constraint. The virus detector said this about the message: Report: Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Payroll Adjust.doc) Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Payroll Adjust-1.doc) --- Is this a .doc filetype problem? It complains about filename lengths but these seem sufficiently short to me. Not knowing what else to do, I have added to filename.rules.conf allow \.doc$ - - anywhere else I should be looking? Thanks Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 10:32:31 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: Possible problem with the new panda wrapper Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Brain fades happen. Even to the best. > Will test and report back tomorrow. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Rick Cooper > Skickat: ti 2005-06-07 19:22 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: Possible problem with the new panda wrapper > Glenn, > > I replied off list with more detail than here, I didn't notice your > message went to the > list as well as me. Yep - started as "just for Rick", then thought I'd alert any users too. Apart from this message, I think well save everyone else the trouble to hit delete by keeping it off-list:-). Look below for more. >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Steen, Glenn Sent: Tuesday, June 07, 2005 8:47 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Possible problem with the new panda wrapper >> >> (snip) >> Am I correct that you call pavcl once/directory, not once/batch? >> Would be nice if it was once/batch:). > > Done, you should already have a copy of a new version of > panda-wrapper, and the required patch to SweepViruses.pm, to try out. > Please let me/us know if it's more like what you desire. It will scan > the child's entire batch with one call to pavcl Has some problems, that *might* affect the "once/dir" case too... As mentioned in my private mail to you, we need initialize the term so that pavcl only sees the "huge tty". >> >> Now for the real problem. When I simulate a batch of more than one >> message, this detects the "clean second" as the "unclean first". >> Better that I show what I mean: > [..] > > This was a stupid error on my part. I deleted some debug stuff before > sending the last version to Julian and I didn't test it with a > batch... I deleted one line too many. I have attached a patch for > panda-wrapper that will fix this one line brain spaz. > > Apply the patch or change the following line in panda-wrapper from: > sub scan_virus{ > to: > > sub scan_virus{ > # Make sure our Virtual Screen is clean when called. > $VirtualScreens = ""; > > I don't know if/when Julian will incorporate the changes to > panda-wrapper and SweepViruses.pm to allow a single call to pavcl for > each batch rather than each message. If anyone else wants this change > now/soon let me know and I can send it to you or post it here. > > Again, Sorry for the brain fade on the above error > > Rick This patch makes the "stock wrapper" work ok, but ... It might still "prettify" the outpu so that you lose the message ID. So, any users of panda should keep a sharp eye on the logs for strangeness like "..." etc. Best regards -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 10:36:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: admin@thenamegame.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >(snip) Julian, Could you please drop this fluffhead too? Really annoying with people who set up things they seem to be unable to rightly use. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Wed Jun 8 15:28:43 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. On 8 Jun 2005, at 10:36, Steen, Glenn wrote: > admin@thenamegame.com wrote: > >> The message you sent requires that you verify that you >> are a real live human being and not a spam source. >> >> To complete this verification, simply reply to this message and leave >> the subject line intact. >> >> The headers of the message sent from your address are show below: >> >> From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >> (snip) >> > > Julian, > > Could you please drop this fluffhead too? Really annoying with > people who set up things they seem to be unable to rightly use. > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqcAoRH2WUcUFbZUEQLwWgCg+Tkw7kcsSr+LObXQvQ/QlHz91pwAoNfT PqdKefkIqr+pwfhcUMsSI0iO =UJyU -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 16:01:03 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christo Bezuidenhout wrote: > Is that one file or two different files. In WindoZE you can create a file > with a ',' in the filename. That could be why it has been blocked. Because > of the length of the single file. > > Christo > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Craig White > Sent: 08 June 2005 03:22 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: confusing message {Virus Scanned} > > # rpm -qa mailscanner > mailscanner-4.40.5-1 > > One of my users reports this error... > > Our e-mail content detector has just been triggered by a message you > sent: > To: obscured_email_address > Subject: Homeowners Financial > Date: Tue Jun 7 12:00:04 2005 > > One or more of the attachments (Payroll Adjust.doc, Payroll > Adjust-1.doc) are on the list of unacceptable attachments for this site and > will not have been delivered. > > Consider renaming the files to avoid this constraint. > > The virus detector said this about the message: > Report: Report: MailScanner: Very long filenames are good signs of attacks > against Microsoft e-mail packages (Payroll Adjust.doc) > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (Payroll Adjust-1.doc) > --- > > Is this a .doc filetype problem? It complains about filename lengths but > these seem sufficiently short to me. > > Not knowing what else to do, I have added to filename.rules.conf > > allow \.doc$ - - > It is hitting the rule "deny .{150,}" But that is looking for a lot of characters after the first dot. Although the error message shows a short file name, some of the messages get "sanitized" filenames. You need to look at the original message to see whats up. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 16:28:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: Scott Silva wrote: > Christo Bezuidenhout wrote: >> Is that one file or two different files. In WindoZE you can create a >> file with a ',' in the filename. That could be why it has been >> blocked. Because of the length of the single file. >> >> Christo >> >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Craig White Sent: 08 June 2005 03:22 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: confusing message {Virus Scanned} >> >> # rpm -qa mailscanner >> mailscanner-4.40.5-1 >> >> One of my users reports this error... >> >> Our e-mail content detector has just been triggered by a message you >> sent: >> To: obscured_email_address >> Subject: Homeowners Financial >> Date: Tue Jun 7 12:00:04 2005 >> >> One or more of the attachments (Payroll Adjust.doc, Payroll >> Adjust-1.doc) are on the list of unacceptable attachments for this >> site and will not have been delivered. >> >> Consider renaming the files to avoid this constraint. >> >> The virus detector said this about the message: >> Report: Report: MailScanner: Very long filenames are good signs of >> attacks against Microsoft e-mail packages (Payroll Adjust.doc) >> Report: MailScanner: Very long filenames are good signs of attacks >> against Microsoft e-mail packages (Payroll Adjust-1.doc) >> --- >> >> Is this a .doc filetype problem? It complains about filename lengths >> but these seem sufficiently short to me. >> >> Not knowing what else to do, I have added to filename.rules.conf >> >> allow \.doc$ - - >> > > It is hitting the rule "deny .{150,}" But that is looking for a lot of > characters after the first dot. > Although the error message shows a short file name, some of the > messages get "sanitized" filenames. You need to look at the original > message to see whats up. > > I might be totally off base, but isn't this likely to be your regular spam/scam/trojan/whatever? Just from looking at the subject and purported content... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed Jun 8 16:56:56 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dipswitch, Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. On 6/8/05, Steen, Glenn wrote: admin@thenamegame.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >(snip) Julian, Could you please drop this fluffhead too? Really annoying with people who set up things they seem to be unable to rightly use. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jun 8 17:04:40 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BB wrote: > Dipswitch, ^^^^^^^^^^^ Quite a way to attract people's attention?? > > Fix the mailling list. Why do I get bounced messages. The message > eventually posts. I receive MailScanner mail lists. Could you be more specific? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed Jun 8 17:12:47 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ^^^^^^^^^^^ Quite a way to attract people's attention?? I agree Drew. BB, If the list makes you so upset that you need to resort to tactics like that, then maybe you need to find another list. I for one find the information in this list very useful, to say the least. To have a few misconfigured autoresponders spew junk mail every once in while is not that big of a deal. Especially, when you can just post to the admins (politely) and have it taken care of. Sean Drew Marshall wrote: > BB wrote: > >> Dipswitch, > > > ^^^^^^^^^^^ Quite a way to attract people's attention?? > >> >> Fix the mailling list. Why do I get bounced messages. The message >> eventually posts. I receive MailScanner mail lists. > > > Could you be more specific? > > Drew > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Wed Jun 8 17:20:02 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Are the ~/.spamassassin/user_pref settings ignored when using spamassassin from within mailscanner? If I'm reading the mailscanner.conf file correctly, only the /root/.spamassassin/user_pref file will be consulted when using sendmail. I have some people that are getting a lot of foreign language spam and I was hoping to use the ok_languages setting to limit this spam on an individual bases. We get a lot of legitimate foreign language email so I can't do this at the global level. If this ~/.spamassassin/user_pref approach won't work, is there another alternative. TIA, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 17:15:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > BB wrote: > >> Dipswitch, > > > ^^^^^^^^^^^ Quite a way to attract people's attention?? > >> >> Fix the mailling list. Why do I get bounced messages. The message >> eventually posts. I receive MailScanner mail lists. > > > Could you be more specific? > > Drew > > I just don't reply to them. The messages still seem to post, and even though they add to the irritation score, sooner or later they will be hit by a clue-by-4. I might reply if "I" asked for help, but if giving of your time and hard fought learning requires verification, then forget it! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From avieira at REIT.UP.PT Wed Jun 8 17:52:28 2005 From: avieira at REIT.UP.PT (Anabela Vieira) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] estão ai? ----- Original Message ----- From: "Tom Combs" To: Sent: Wednesday, June 08, 2005 5:20 PM Subject: Individual user spamassassin settings? > Hi, > > Are the ~/.spamassassin/user_pref settings ignored when using spamassassin > from within mailscanner? If I'm reading the mailscanner.conf file > correctly, only the /root/.spamassassin/user_pref file will be consulted > when using sendmail. > > I have some people that are getting a lot of foreign language spam and I > was hoping to use the ok_languages setting to limit this spam on an > individual bases. We get a lot of legitimate foreign language email so I > can't do this at the global level. If this ~/.spamassassin/user_pref > approach won't work, is there another alternative. > > TIA, Tom Combs > > -- > Tom Combs E-mail: combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 8 18:23:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tom Combs wrote: > Hi, > Tom, Please don't hijack a discussion. Using a threaded view, your message is with others from march... More chances not being seen. Hijacking also makes it confusing to follow the hijacked thread. This is not only valid for Tom... Regards, Ugo > > TIA, Tom Combs > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 8 18:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner always calls SpamAssassin as the same user. Most of the things people normally want (score threshold, blacklist, whitelist) can be implemented from MailScanner's end. You should be able to get your spam id success rate up to about 98% even without ok_languages, with careful configuration. Tom Combs wrote: > Hi, > > Are the ~/.spamassassin/user_pref settings ignored when using > spamassassin from within mailscanner? If I'm reading the > mailscanner.conf file correctly, only the > /root/.spamassassin/user_pref file will be consulted when using sendmail. > > I have some people that are getting a lot of foreign language spam and > I was hoping to use the ok_languages setting to limit this spam on an > individual bases. We get a lot of legitimate foreign language email so > I can't do this at the global level. If this ~/.spamassassin/user_pref > approach won't work, is there another alternative. > > TIA, Tom Combs > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 8 19:06:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The way it works is this. A condition of joining this mailing list, particularly if you ask for help from anyone, is that you configure your challenge/response system to permit mail from the mailing list *before* you join. If I get any verification requests from these systems when I post to the list, their membership will be temporarily suspended (using the "NOMAIL" flag). They can reset this themselves, but hopefully it will prod them into asking why they have been suspended. At which point I will take the time to explain. If anyone else gets a challenge mail, they are welcome to contact me off-list and I will do the same. The mailing list is the wrong place for discussions about challenge/response systems. If you want to rant about them, do so elsewhere (you will find anonymous@ecs.soton.ac.uk quite a good address to rant at; it is very understanding, if a little unresponsive :-) Anyone mailing *me* asking for help is also expected to permit mail from me before asking for my time and effort, which I give for free. Anyone not doing this will (a) not get the response they wanted, and (b) may well get a tirade of abuse from me if I have had a bad day and feel like venting at someone. Only if I am feeling particularly kind, and they have asked a very good question (or pointed out a bug or other problem that is my fault) will I respond positively to their challenge/response system. Thus spake root. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Jun 8 19:19:21 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB Sent: Wednesday, June 08, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. Not to drag this into infinity, but here's my 2 Questions o' the Day: #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is beyond my comprehension. #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see all that junk. I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 8 20:15:10 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: On Wednesday, June 08, 2005 8:07 PM Julian Field wrote: > Thus spake root. ROTFL... Thanks. Nice end of the day! :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 20:15:04 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The way it works is this. > > A condition of joining this mailing list, particularly if you ask for > help from anyone, is that you configure your challenge/response system > to permit mail from the mailing list *before* you join. > If I get any verification requests from these systems when I post to the > list, their membership will be temporarily suspended (using the "NOMAIL" > flag). They can reset this themselves, but hopefully it will prod them > into asking why they have been suspended. At which point I will take the > time to explain. If anyone else gets a challenge mail, they are welcome > to contact me off-list and I will do the same. > > The mailing list is the wrong place for discussions about > challenge/response systems. If you want to rant about them, do so > elsewhere (you will find anonymous@ecs.soton.ac.uk quite a good address > to rant at; it is very understanding, if a little unresponsive :-) > > Anyone mailing *me* asking for help is also expected to permit mail from > me before asking for my time and effort, which I give for free. Anyone > not doing this will (a) not get the response they wanted, and (b) may > well get a tirade of abuse from me if I have had a bad day and feel like > venting at someone. Only if I am feeling particularly kind, and they > have asked a very good question (or pointed out a bug or other problem > that is my fault) will I respond positively to their challenge/response > system. > > Thus spake root. > And the users saw that it was good! All hail root!! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 20:17:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - PSCGi wrote: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB > Sent: Wednesday, June 08, 2005 11:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ > > Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. > > Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. > > Not to drag this into infinity, but here's my 2 Questions o' the Day: > > #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is > beyond my comprehension. > > #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see > all that junk. > > > I--I That might explain it. I also post and read through Gmane. And I often get replies in regular mail, not just on list. Maybe Gmane is generating the extra traffic and causing his challenge system to fire? -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jun 8 22:47:06 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: > Maybe Gmane is generating the extra traffic and causing his challenge > system to fire? Who cares? Root hath spoken All hail root Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 23:18:00 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SV: Your email requires verification garbage... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Might've been me.... This is where being non-native to the english language comes in handy.... Most abuse simply don't register in my interpreter:). Anyway, since the almighty has spoken, I will be sure to follow the part about taking this type off thing off-list next time. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Dave Duffner - PSCGi Skickat: on 2005-06-08 20:19 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Your email requires verification garbage... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB Sent: Wednesday, June 08, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. Not to drag this into infinity, but here's my 2 Questions o' the Day: #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is beyond my comprehension. #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see all that junk. I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 23:40:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>Maybe Gmane is generating the extra traffic and causing his challenge >>system to fire? > > > Who cares? > > Root hath spoken > > All hail root > All hail root! grep "humble submission" /var/log/messages -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 00:26:45 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have implmented the SQL bayes as per the wiki entry http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql (very easy to follow, thanks very much) I have 3 servers all using the one sql bayes db. Should i implement Persistant Connections, as per the link at the bottom of the wiki page? Does this mean that currently each new scan has to create a new connection to the database and with persistant connections only one connection/authentication is made until interuption? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 00:40:59 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I have implmented the SQL bayes as per the wiki entry > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > (very easy to follow, thanks very much) Thank you, i hope to contribute further to the wiki. > > I have 3 servers all using the one sql bayes db. > > Should i implement Persistant Connections, as per the link at the bottom > of the wiki page? > > Does this mean that currently each new scan has to create a new > connection to the database and with persistant connections only one > connection/authentication is made until interuption? > > TIA > Pete a mis-interpretation on my part, the BayesStore SQL.pm already uses persistent connections to the database (though user_prefs and probably AWL_SQL doesn't). I have removed this part from the wiki. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 00:52:14 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > a mis-interpretation on my part, the BayesStore SQL.pm already uses > persistent connections to the database (though user_prefs and probably > AWL_SQL doesn't). I have removed this part from the wiki. > > - dhawal Thanks for that. Something i have noticed. All sa --lint tests worked fine. I see the autolearn=spam/notspam but i dont see bayes getting used during message processing :( IS there anything else i need to do to make it work? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:03:37 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> >> a mis-interpretation on my part, the BayesStore SQL.pm already uses >> persistent connections to the database (though user_prefs and probably >> AWL_SQL doesn't). I have removed this part from the wiki. >> >> - dhawal > > Thanks for that. > > Something i have noticed. All sa --lint tests worked fine. I see the > autolearn=spam/notspam but i dont see bayes getting used during message > processing :( > > IS there anything else i need to do to make it work? > Did you comment out the following lines in spam.assassin.prefs.conf bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0660 also you mention --lint worked fine, but what exactly does it say? i would double-check every required change once again. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:14:59 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >>> >>> >>> a mis-interpretation on my part, the BayesStore SQL.pm already uses >>> persistent connections to the database (though user_prefs and >>> probably AWL_SQL doesn't). I have removed this part from the wiki. >>> >>> - dhawal >> >> >> Thanks for that. >> >> Something i have noticed. All sa --lint tests worked fine. I see the >> autolearn=spam/notspam but i dont see bayes getting used during >> message processing :( >> >> IS there anything else i need to do to make it work? >> > > Did you comment out the following lines in spam.assassin.prefs.conf > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0660 > > also you mention --lint worked fine, but what exactly does it say? i > would double-check every required change once again. > > - dhawal Yep added the other lines from your guide, commented out the baove 2 and then did a lint using that config file and it appears to work. Nothing in lint is marked as failed. I wonder how the username bit works, because if i use the lint test in mailwatch i get a different result as it appears as though is using the apache credentials to connect, which have no access and therefore i get a <200 spams error. SHould the username in the sql DB security be *@localhost or *@remotehost ? debug: bayes: Using username: root debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 6 debug: running uri tests; score so far=0.126 debug: bayes corpus size: nspam = 19137, nham = 35279 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1118275789 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes: tok_get_all: Token Count: 20 debug: bayes token 'somewhat' => 0.0798823885826036 debug: bayes: score = 0.36410136776969 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9592ab8)) debug: Razor2 is available debug: tests=BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:24:59 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Dhawal Doshy wrote: > >> Peter Russell wrote: >> >>>> >>>> >>>> a mis-interpretation on my part, the BayesStore SQL.pm already uses >>>> persistent connections to the database (though user_prefs and >>>> probably AWL_SQL doesn't). I have removed this part from the wiki. >>>> >>>> - dhawal >>> >>> >>> >>> Thanks for that. >>> >>> Something i have noticed. All sa --lint tests worked fine. I see the >>> autolearn=spam/notspam but i dont see bayes getting used during >>> message processing :( >>> >>> IS there anything else i need to do to make it work? >>> >> >> Did you comment out the following lines in spam.assassin.prefs.conf >> bayes_path /etc/MailScanner/bayes/bayes >> bayes_file_mode 0660 >> >> also you mention --lint worked fine, but what exactly does it say? i >> would double-check every required change once again. >> >> - dhawal > > > Yep added the other lines from your guide, commented out the baove 2 and > then did a lint using that config file and it appears to work. Nothing > in lint is marked as failed. I wonder how the username bit works, > because if i use the lint test in mailwatch i get a different result as > it appears as though is using the apache credentials to connect, which > have no access and therefore i get a <200 spams error. SHould the > username in the sql DB security be *@localhost or *@remotehost ? > > debug: bayes: Using username: root > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 6 > > > debug: running uri tests; score so far=0.126 > debug: bayes corpus size: nspam = 19137, nham = 35279 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1118275789 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes: tok_get_all: Token Count: 20 > debug: bayes token 'somewhat' => 0.0798823885826036 > debug: bayes: score = 0.36410136776969 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9592ab8)) > debug: Razor2 is available > > > debug: > tests=BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > Here 'localhost' ought to be changed to the server_name that is hosting your database (make sure the server_name is resolvable either via dns or /etc/hosts), unless the database and SA are on the same server. bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter bayes_sql_username sa_user bayes_sql_password sa_password Also what does a MailScanner debug for SA have to report? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:33:58 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> > > Here 'localhost' ought to be changed to the server_name that is hosting > your database (make sure the server_name is resolvable either via dns or > /etc/hosts), unless the database and SA are on the same server. > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter > bayes_sql_username sa_user > bayes_sql_password sa_password > > Also what does a MailScanner debug for SA have to report? > > - dhawal That output is from DB and MailScanner on the same machine. I had already tried using the machine name and the fqdn. From MaiLScanner debug i get the following. debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 4 debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 When using the root from the shell i get I am using the same spam.assassin.prefs.conf because i have /etc/mail/spamassassin/local.cf symlinked to /etc/MailScanner/spam.assassin.prefs.conf debug: bayes: Using username: root debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 6 debug: running uri tests; score so far=0.126 debug: bayes corpus size: nspam = 19137, nham = 35279 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:46:28 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >>> >> >> Here 'localhost' ought to be changed to the server_name that is >> hosting your database (make sure the server_name is resolvable either >> via dns or /etc/hosts), unless the database and SA are on the same >> server. >> >> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >> bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter >> bayes_sql_username sa_user >> bayes_sql_password sa_password >> >> Also what does a MailScanner debug for SA have to report? >> >> - dhawal > > > That output is from DB and MailScanner on the same machine. I had > already tried using the machine name and the fqdn. > > From MaiLScanner debug i get the following. > > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 4 ** This is the likely problem ** > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 **** > > When using the root from the shell i get I am using the same > spam.assassin.prefs.conf because i have /etc/mail/spamassassin/local.cf > symlinked to /etc/MailScanner/spam.assassin.prefs.conf > > > debug: bayes: Using username: root > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 6 > > > debug: running uri tests; score so far=0.126 > debug: bayes corpus size: nspam = 19137, nham = 35279 > You could probably try the backup / restore once again OR your next option is sa-learn.. Take all your ham (regular non-spam mail) sa-learn --ham -p /path/to/spam.assassin.prefs.conf --mbox ham.mbox Take all your spam sa-learn --spam -p /path/to/spam.assassin.prefs.conf --mbox spam.mbox The above commands vary slightly if you are using Maildirs - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:54:56 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK Thanks. But note. That the exact same Database produces a different results about the amount fo ham or spam depending on where you launch the lint from. IN MailScanner debug or mailwatch debug it says 36 nspams from shell account as root it shows 19000 nspam. We store no mail on the gateway, this is a agteway from Exchange and Domino. I still have the text dumps of the original bayes DBs. I will persevere with looking at MYSQL permissions. thanks Pete Dhawal Doshy wrote: > Peter Russell wrote: > >>>> >>> >>> Here 'localhost' ought to be changed to the server_name that is >>> hosting your database (make sure the server_name is resolvable either >>> via dns or /etc/hosts), unless the database and SA are on the same >>> server. >>> >>> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >>> bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter >>> bayes_sql_username sa_user >>> bayes_sql_password sa_password >>> >>> Also what does a MailScanner debug for SA have to report? >>> >>> - dhawal >> >> >> >> That output is from DB and MailScanner on the same machine. I had >> already tried using the machine name and the fqdn. >> >> From MaiLScanner debug i get the following. >> >> debug: bayes: Database connection established >> debug: bayes: found bayes db version 3 >> debug: bayes: Using userid: 4 > > > ** This is the likely problem ** > >> debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB >> < 200 > > **** > >> >> When using the root from the shell i get I am using the same >> spam.assassin.prefs.conf because i have >> /etc/mail/spamassassin/local.cf symlinked to >> /etc/MailScanner/spam.assassin.prefs.conf >> >> >> debug: bayes: Using username: root >> debug: bayes: Database connection established >> debug: bayes: found bayes db version 3 >> debug: bayes: Using userid: 6 >> >> >> debug: running uri tests; score so far=0.126 >> debug: bayes corpus size: nspam = 19137, nham = 35279 >> > > You could probably try the backup / restore once again OR your next > option is sa-learn.. > > Take all your ham (regular non-spam mail) > sa-learn --ham -p /path/to/spam.assassin.prefs.conf --mbox ham.mbox > > Take all your spam > sa-learn --spam -p /path/to/spam.assassin.prefs.conf --mbox spam.mbox > > The above commands vary slightly if you are using Maildirs > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:59:56 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > OK Thanks. But note. That the exact same Database produces a different > results about the amount fo ham or spam depending on where you launch > the lint from. > > IN MailScanner debug or mailwatch debug it says 36 nspams from shell > account as root it shows 19000 nspam. > > We store no mail on the gateway, this is a agteway from Exchange and > Domino. > > I still have the text dumps of the original bayes DBs. > > I will persevere with looking at MYSQL permissions. > > thanks > Pete > From sql/README.bayes: If you do not see the following lines something is likely to be misconfigured debug: bayes: Database connection established debug: bayes: Using username: This being your case using MailScanner > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 4 > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 MailScanner doesn't seem to be using the BayesSQL as mentioned in the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) available to the user MS in running under? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 02:52:41 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >> OK Thanks. But note. That the exact same Database produces a different >> results about the amount fo ham or spam depending on where you launch >> the lint from. >> >> IN MailScanner debug or mailwatch debug it says 36 nspams from shell >> account as root it shows 19000 nspam. >> >> We store no mail on the gateway, this is a agteway from Exchange and >> Domino. >> >> I still have the text dumps of the original bayes DBs. >> >> I will persevere with looking at MYSQL permissions. >> >> thanks >> Pete >> > > From sql/README.bayes: If you do not see the following lines something > is likely to be misconfigured > > debug: bayes: Database connection established > debug: bayes: Using username: > > This being your case using MailScanner > > debug: bayes: Database connection established > > debug: bayes: found bayes db version 3 > > debug: bayes: Using userid: 4 > > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB > < 200 > > MailScanner doesn't seem to be using the BayesSQL as mentioned in the > sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > available to the user MS in running under? > Yeah when i run as root is works great when i log in as postfix (or use the mailscanner debug) it doesnt work. I can connect to the database using the credentials in the sa.prefs file sa_user and localhost from the shell. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 06:34:54 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Gmail and MailScanner Message-ID: Is Gmail using MailScanner for their spam detection? I sent an email from one of my Gmail accounts and it bounced. When I looked at the headers in the bounce message, there were lines in there exactly like I expect from MY MailScanner boxen: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-PSN-MailScanner-Information: Please contact the ISP for more information X-PSN-MailScanner: Found to be clean Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jun 9 08:06:33 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Hi Pete, You need to add the line: 'bayes_sql_override_username root' to spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the same database (similar to having the bayes files in the users home directory) so if you run sa-learn as postfix you'll get different results - this will also cause problems if you try and learn anything through MailWatch. You can manually 'see' which user you imported your files based bayes data into by connecting to the database that you created and running: mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; +----+----------+------------+-----------+-------------+ | id | username | spam_count | ham_count | token_count | +----+----------+------------+-----------+-------------+ | 2 | root | 190707 | 168166 | 124113 | | 3 | apache | 0 | 0 | 0 | +----+----------+------------+-----------+-------------+ 2 rows in set (0.02 sec) It's probably worth putting this into the wiki - I would recommend setting the override _before_ the old data is imported as it saves hassle later. Hope this helps. Kind regards, Steve. On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > Dhawal Doshy wrote: > > Peter Russell wrote: > > > >> OK Thanks. But note. That the exact same Database produces a different > >> results about the amount fo ham or spam depending on where you launch > >> the lint from. > >> > >> IN MailScanner debug or mailwatch debug it says 36 nspams from shell > >> account as root it shows 19000 nspam. > >> > >> We store no mail on the gateway, this is a agteway fr > OM b1om Exchange and > >> Domino. > >> > >> I still have the text dumps of the original bayes DBs. > >> > >> I will persevere with looking at MYSQL permissions. > >> > >> thanks > >> Pete > >> > > > > From sql/README.bayes: If you do not see the following lines something > > is likely to be misconfigured > > > > debug: bayes: Database connection established > > debug: bayes: Using username: > > > > This being your case using MailScanner > > > debug: bayes: Database connection established > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Using userid: 4 > > > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB > > < 200 > > > > MailScanner doesn't seem to be using the BayesSQL as mentioned in the > > sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > > available to the user MS in running under? > > > > Yeah when i run as root is works great when i log in as postfix (or use > the mailscanner debug) it doesnt work. I can connect to the database > using the credentials in the sa.prefs file sa_user and localhost from > the shell. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 9 09:19:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Gmail and MailScanner Message-ID: Mike not that I know of - depends on who's using the X-PSN header....maybe the people you sent the email to..? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Kercher wrote: > Is Gmail using MailScanner for their spam detection? > > I sent an email from one of my Gmail accounts and it bounced. When I looked > at the headers in the bounce message, there were lines in there exactly like > I expect from MY MailScanner boxen: > > Mime-Version: 1.0 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: quoted-printable > Content-Disposition: inline > X-PSN-MailScanner-Information: Please contact the ISP for more information > X-PSN-MailScanner: Found to be clean > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 10:47:50 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you fixed it instantly. Working beautifully now. Much appreciated. Pete Steve Freegard wrote: > Hi Pete, > > You need to add the line: 'bayes_sql_override_username root' to > spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the > same database (similar to having the bayes files in the users home > directory) so if you run sa-learn as postfix you'll get different > results - this will also cause problems if you try and learn anything > through MailWatch. > > You can manually 'see' which user you imported your files based bayes > data into by connecting to the database that you created and running: > > mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; > +----+----------+------------+-----------+-------------+ > | id | username | spam_count | ham_count | token_count | > +----+----------+------------+-----------+-------------+ > | 2 | root | 190707 | 168166 | 124113 | > | 3 | apache | 0 | 0 | 0 | > +----+----------+------------+-----------+-------------+ > 2 rows in set (0.02 sec) > > It's probably worth putting this into the wiki - I would recommend setting the override _before_ the old data is imported as it saves hassle later. > > Hope this helps. > > Kind regards, > Steve. > > > On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > >>Dhawal Doshy wrote: >> >>>Peter Russell wrote: >>> >>> >>>>OK Thanks. But note. That the exact same Database produces a different >>>>results about the amount fo ham or spam depending on where you launch >>>>the lint from. >>>> >>>>IN MailScanner debug or mailwatch debug it says 36 nspams from shell >>>>account as root it shows 19000 nspam. >>>> >>>>We store no mail on the gateway, this is a agteway fr >> >>OM b1om Exchange and >> >>>>Domino. >>>> >>>>I still have the text dumps of the original bayes DBs. >>>> >>>>I will persevere with looking at MYSQL permissions. >>>> >>>>thanks >>>>Pete >>>> >>> >>> From sql/README.bayes: If you do not see the following lines something >>>is likely to be misconfigured >>> >>>debug: bayes: Database connection established >>>debug: bayes: Using username: >>> >>>This being your case using MailScanner >>> > debug: bayes: Database connection established >>> > debug: bayes: found bayes db version 3 >>> > debug: bayes: Using userid: 4 >>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB >>>< 200 >>> >>>MailScanner doesn't seem to be using the BayesSQL as mentioned in the >>>sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>available to the user MS in running under? >>> >> >>Yeah when i run as root is works great when i log in as postfix (or use >>the mailscanner debug) it doesnt work. I can connect to the database >>using the credentials in the sa.prefs file sa_user and localhost from >>the shell. >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 11:58:04 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Steve for the excellent insight, i have amended the wiki accordingly. Do have a look at the wiki entry if you can spare some time. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql - dhawal Pete Russell wrote: > Thank you fixed it instantly. Working beautifully now. > > Much appreciated. > > Pete > > Steve Freegard wrote: > >> Hi Pete, >> >> You need to add the line: 'bayes_sql_override_username root' to >> spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the >> same database (similar to having the bayes files in the users home >> directory) so if you run sa-learn as postfix you'll get different >> results - this will also cause problems if you try and learn anything >> through MailWatch. >> >> You can manually 'see' which user you imported your files based bayes >> data into by connecting to the database that you created and running: >> >> mysql> SELECT id, username, spam_count, ham_count, token_count FROM >> bayes_vars; >> +----+----------+------------+-----------+-------------+ >> | id | username | spam_count | ham_count | token_count | >> +----+----------+------------+-----------+-------------+ >> | 2 | root | 190707 | 168166 | 124113 | >> | 3 | apache | 0 | 0 | 0 | >> +----+----------+------------+-----------+-------------+ >> 2 rows in set (0.02 sec) >> >> It's probably worth putting this into the wiki - I would recommend >> setting the override _before_ the old data is imported as it saves >> hassle later. >> >> Hope this helps. >> >> Kind regards, >> Steve. >> >> >> On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: >> >>> Dhawal Doshy wrote: >>> >>>> Peter Russell wrote: >>>> >>>> >>>>> OK Thanks. But note. That the exact same Database produces a >>>>> different results about the amount fo ham or spam depending on >>>>> where you launch the lint from. >>>>> >>>>> IN MailScanner debug or mailwatch debug it says 36 nspams from >>>>> shell account as root it shows 19000 nspam. >>>>> >>>>> We store no mail on the gateway, this is a agteway fr >>> >>> >>> OM b1om Exchange and >>> >>>>> Domino. >>>>> >>>>> I still have the text dumps of the original bayes DBs. >>>>> >>>>> I will persevere with looking at MYSQL permissions. >>>>> >>>>> thanks >>>>> Pete >>>>> >>>> >>>> From sql/README.bayes: If you do not see the following lines >>>> something is likely to be misconfigured >>>> >>>> debug: bayes: Database connection established >>>> debug: bayes: Using username: >>>> >>>> This being your case using MailScanner >>>> > debug: bayes: Database connection established >>>> > debug: bayes: found bayes db version 3 >>>> > debug: bayes: Using userid: 4 >>>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes >>>> DB < 200 >>>> >>>> MailScanner doesn't seem to be using the BayesSQL as mentioned in >>>> the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>> available to the user MS in running under? >>>> >>> >>> Yeah when i run as root is works great when i log in as postfix (or >>> use the mailscanner debug) it doesnt work. I can connect to the >>> database using the credentials in the sa.prefs file sa_user and >>> localhost from the shell. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jun 9 13:27:38 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Hi Dhawal, I've amended the wiki entry - I think that 'bayes_sql_override_username' should always be set as it is analogous to having 'bayes_path' and 'bayes_file_mode' set when using the dbm store. Cheers, Steve. On Thu, 2005-06-09 at 16:28 +0530, Dhawal Doshy wrote: > Thanks Steve for the excellent insight, i have amended the wiki accordingly. > > Do have a look at the wiki entry if you can spare some time. > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > > - dhawal > > Pete Russell wrote: > > Thank you fixed it instantly. Working beautifully now. > > > > Much appreciated. > > > > Pete > > > > Steve Freegard wrote: > > > >> Hi Pete, > >> > >> You need to add the line: 'bayes_sql_override_username root' to > >> spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the > >> same database (similar to having the bayes files in the users home > >> directory) so if you run sa-learn as postfix you'll get different > >> results - this will also cause problems if you try and learn anything > >> through MailWatch. > >> > >> You can manually 'see' which user you imported your files based bayes > >> data into by connecting to the database that you created and running: > >> > >> mysql> SELECT id, username, spam_count, ham_count, token_count FROM > >> bayes_vars; > >> +----+----------+------------+-----------+-------------+ > >> | id | username | spam_count | ham_count | token_count | > >> +----+----------+------------+-----------+-------------+ > >> | 2 | root | 190707 | 168166 | 124113 | > >> | 3 | apache | 0 | 0 | 0 | > >> +----+----------+------------+-----------+-------------+ > >> 2 rows in set (0.02 sec) > >> > >> It's probably worth putting this into the wiki - I would recommend > >> setting the override _before_ the old data is imported as it saves > >> hassle later. > >> > >> Hope this helps. > >> > >> Kind regards, > >> Steve. > >> > >> > >> On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > >> > >>> Dhawal Doshy wrote: > >>> > >>>> Peter Russell wrote: > >>>> > >>>> > >>>>> OK Thanks. But note. That the exact same Database produces a > >>>>> different results about the amount fo ham or spam depending on > >>>>> where you launch the lint from. > >>>>> > >>>>> IN MailScanner debug or mailwatch debug it says 36 nspams from > >>>>> shell account as root it shows 19000 nspam. > >>>>> > >>>>> We store no mail on the gateway, this is a agteway fr > >>> > >>> > >>> OM b1om Exchange and > >>> > >>>>> Domino. > >>>>> > >>>>> I still have the text dumps of the original bayes DBs. > >>>>> > >>>>> I will persevere with looking at MYSQL permissions. > >>>>> > >>>>> thanks > >>>>> Pete > >>>>> > >>>> > >>>> From sql/README.bayes: If you do not see the following lines > >>>> something is likely to be misconfigured > >>>> > >>>> debug: bayes: Database connection established > >>>> debug: bayes: Using username: > >>>> > >>>> This being your case using MailScanner > >>>> > debug: bayes: Database connection established > >>>> > debug: bayes: found bayes db version 3 > >>>> > debug: bayes: Using userid: 4 > >>>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes > >>>> DB < 200 > >>>> > >>>> MailScanner doesn't seem to be using the BayesSQL as mentioned in > >>>> the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > >>>> available to the user MS in running under? > >>>> > >>> > >>> Yeah when i run as root is works great when i log in as postfix (or > >>> use the mailscanner debug) it doesnt work. I can connect to the > >>> database using the credentials in the sa.prefs file sa_user and > >>> localhost from the shell. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Thu Jun 9 13:51:51 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:58 2006 Subject: OT: mbox back into queue files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ive got a bit of a problem where mail was being delievered into a local account rather than being forwarded onto the real mail server. Is there a way of converting the mail back into qf/df files and re-deliver. Sorry for the OT post. Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 9 13:55:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: OT: mbox back into queue files Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "sendmail -t" is your friend for this job. On 9 Jun 2005, at 13:51, Paul Houselander wrote: > Hi > > Ive got a bit of a problem where mail was being delievered into a > local > account rather than being forwarded onto the real mail server. > > Is there a way of converting the mail back into qf/df files and re- > deliver. > > Sorry for the OT post. > > Thanks > > Paul > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqg8QhH2WUcUFbZUEQJBowCfd8B+flC7zhybZbg9Q/oFlLBZY5YAoLa6 JxWQXhEc9f01RJ4po/qFTWcL =F+bo -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 13:59:49 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ONe last question. When using the --restore option is replaces the data in the database, rather than append. When you use --import is does nothing. How does one consolidate 3 bayes DB i currently have? Its not hugely important i guess, just be nice. Ta for you help guys, big improvement having the single bayes DB between the 3 servers. Pete Steve Freegard wrote: > Hi Dhawal, > > I've amended the wiki entry - I think that 'bayes_sql_override_username' > should always be set as it is analogous to having 'bayes_path' and > 'bayes_file_mode' set when using the dbm store. > > Cheers, > Steve. > > On Thu, 2005-06-09 at 16:28 +0530, Dhawal Doshy wrote: > >>Thanks Steve for the excellent insight, i have amended the wiki accordingly. >> >>Do have a look at the wiki entry if you can spare some time. >>http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >> >>- dhawal >> >>Pete Russell wrote: >> >>>Thank you fixed it instantly. Working beautifully now. >>> >>>Much appreciated. >>> >>>Pete >>> >>>Steve Freegard wrote: >>> >>> >>>>Hi Pete, >>>> >>>>You need to add the line: 'bayes_sql_override_username root' to >>>>spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the >>>>same database (similar to having the bayes files in the users home >>>>directory) so if you run sa-learn as postfix you'll get different >>>>results - this will also cause problems if you try and learn anything >>>>through MailWatch. >>>> >>>>You can manually 'see' which user you imported your files based bayes >>>>data into by connecting to the database that you created and running: >>>> >>>>mysql> SELECT id, username, spam_count, ham_count, token_count FROM >>>>bayes_vars; >>>>+----+----------+------------+-----------+-------------+ >>>>| id | username | spam_count | ham_count | token_count | >>>>+----+----------+------------+-----------+-------------+ >>>>| 2 | root | 190707 | 168166 | 124113 | >>>>| 3 | apache | 0 | 0 | 0 | >>>>+----+----------+------------+-----------+-------------+ >>>>2 rows in set (0.02 sec) >>>> >>>>It's probably worth putting this into the wiki - I would recommend >>>>setting the override _before_ the old data is imported as it saves >>>>hassle later. >>>> >>>>Hope this helps. >>>> >>>>Kind regards, >>>>Steve. >>>> >>>> >>>>On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: >>>> >>>> >>>>>Dhawal Doshy wrote: >>>>> >>>>> >>>>>>Peter Russell wrote: >>>>>> >>>>>> >>>>>> >>>>>>>OK Thanks. But note. That the exact same Database produces a >>>>>>>different results about the amount fo ham or spam depending on >>>>>>>where you launch the lint from. >>>>>>> >>>>>>>IN MailScanner debug or mailwatch debug it says 36 nspams from >>>>>>>shell account as root it shows 19000 nspam. >>>>>>> >>>>>>>We store no mail on the gateway, this is a agteway fr >>>>> >>>>> >>>>>OM b1om Exchange and >>>>> >>>>> >>>>>>>Domino. >>>>>>> >>>>>>>I still have the text dumps of the original bayes DBs. >>>>>>> >>>>>>>I will persevere with looking at MYSQL permissions. >>>>>>> >>>>>>>thanks >>>>>>>Pete >>>>>>> >>>>>> >>>>>>From sql/README.bayes: If you do not see the following lines >>>>>>something is likely to be misconfigured >>>>>> >>>>>>debug: bayes: Database connection established >>>>>>debug: bayes: Using username: >>>>>> >>>>>>This being your case using MailScanner >>>>>> >>>>>>>debug: bayes: Database connection established >>>>>>>debug: bayes: found bayes db version 3 >>>>>>>debug: bayes: Using userid: 4 >>>>>>>debug: bayes: Not available for scanning, only 36 spam(s) in Bayes >>>>>> >>>>>>DB < 200 >>>>>> >>>>>>MailScanner doesn't seem to be using the BayesSQL as mentioned in >>>>>>the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>>>>available to the user MS in running under? >>>>>> >>>>> >>>>>Yeah when i run as root is works great when i log in as postfix (or >>>>>use the mailscanner debug) it doesnt work. I can connect to the >>>>>database using the credentials in the sa.prefs file sa_user and >>>>>localhost from the shell. >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 9 14:29:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Steve Freegard wrote: > Hi Dhawal, > > I've amended the wiki entry - I think that > 'bayes_sql_override_username' should always be set as it is analogous > to having 'bayes_path' and 'bayes_file_mode' set when using the dbm > store. > > Cheers, > Steve. > (snip) Minor issue Steve (assuming you were the one who did that:-), Setting the ... like that prevent the **...** tags from being interpreted. Could you (or whoever did it) amend that? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 14:30:51 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: I've been seeing this behavior on just one of my MS boxes. Periodically, the same emails get scanned over and over and over. They are always HS Spam and my HS Spam action is delete. For some reason they just never get removed from mqueue.in: Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], reject=550 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR2 3.50, HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: Starting Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, SpamAssassin (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam messages Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam messages Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsD001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsA001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsC001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwoco031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwocn031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59CMh4H026742 actions are delete These end up driving the load on the machine to over 5.x and the box starts to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, sophossavi and clamavmodule. OS is RHEL 3U4. Any thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 14:34:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: mbox back into queue files Message-ID: Paul Houselander <> scribbled on Thursday, June 09, 2005 7:52 AM: > Hi > > Ive got a bit of a problem where mail was being delievered into a > local account rather than being forwarded onto the real mail server. > > Is there a way of converting the mail back into qf/df files and > re-deliver. > > Sorry for the OT post. > > Support MailScanner development - buy the book off the website! 'formail -Y -s /usr/sbin/sendmail user@new.address < /var/spool/mail/user' should do the trick. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 9 14:45:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Run MailScanner on them in debug mode. You may find it is crashing when it tries to remove them, and then gets re-spawned so scans them again. On 9 Jun 2005, at 14:30, Mike Kercher wrote: > I've been seeing this behavior on just one of my MS boxes. > Periodically, > the same emails get scanned over and over and over. They are > always HS Spam > and my HS Spam action is delete. For some reason they just never get > removed from mqueue.in: > > Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam > messages > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, > arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], > reject=550 > 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 > > Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from > 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin > (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, > DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, > HELO_DYNAMIC_IPADDR2 3.50, > HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, > RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, > URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) > > Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from > 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin > (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, > DIGEST_MULTIPLE > 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > 1.51, > RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) > > Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: > Starting > Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to > abby.com is > spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 > 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST > 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, > RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from > 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, > SpamAssassin > (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, > URIBL_SBL > 1.00) > Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam > messages > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to > abby.com is > spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST > 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, > RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam > messages > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsD001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsA001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsC001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwoco031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwocn031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59CMh4H026742 actions are delete > > These end up driving the load on the machine to over 5.x and the > box starts > to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, > sophossavi and > clamavmodule. OS is RHEL 3U4. Any thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqhICxH2WUcUFbZUEQJemACdEcgAof7VsH8MEyxS5wb50J0ISMgAoKte YuugM3sBnGAhB7uKwWFa4ker =eME8 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Thu Jun 9 14:48:59 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: We had the same problem and what we did it to disable phishing (seemed to help) and we set the lock type to posix instead of flock. Have a nice day!!! Danny Mike Kercher To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Mails Stuck in mqueue.in? 06/09/2005 09:30 AM Please respond to MailScanner mailing list I've been seeing this behavior on just one of my MS boxes. Periodically, the same emails get scanned over and over and over. They are always HS Spam and my HS Spam action is delete. For some reason they just never get removed from mqueue.in: Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], reject=550 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR2 3.50, HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: Starting Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, SpamAssassin (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam messages Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam messages Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsD001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsA001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsC001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwoco031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwocn031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59CMh4H026742 actions are delete These end up driving the load on the machine to over 5.x and the box starts to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, sophossavi and clamavmodule. OS is RHEL 3U4. Any thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 15:52:36 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: Julian Field <> scribbled on Thursday, June 09, 2005 8:46 AM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Run MailScanner on them in debug mode. You may find it is crashing > when it tries to remove them, and then gets re-spawned so scans them > again. > > On 9 Jun 2005, at 14:30, Mike Kercher wrote: > >> I've been seeing this behavior on just one of my MS boxes. >> Periodically, >> the same emails get scanned over and over and over. They are always >> HS Spam and my HS Spam action is delete. For some reason they just >> never get removed from mqueue.in: >> >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam >> messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: >> message >> j59Cwocq031622 actions are delete >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message >> j59CVtDm027874 actions are delete >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message >> j59D9tYw001212 actions are delete Next time it happens, I'll restart MS in debug and post the results here. Thanks Julian. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 9 16:17:41 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy said: > Peter Russell wrote: >> I have implmented the SQL bayes as per the wiki entry >> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >> (very easy to follow, thanks very much) > > Thank you, i hope to contribute further to the wiki. > Just to add my thanks too. I implimented SQL bayes and it works nicely, thanks. The only thing I would suggest Postfix users watch is the user that they upload the database as. I had an issue where Bayes was not used by Postfix due to insufficient samples. On investigation I had uploaded my db as another user. I su'ed to the Postfix user and re-loaded and lo, it works great. The other point to also consider is bayes expiry (Which I only considered when I had my 2 MS boxes both auto expiring (At different times) which really wasn't required :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 9 16:23:35 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall said: > Dhawal Doshy said: >> Peter Russell wrote: >>> I have implmented the SQL bayes as per the wiki entry >>> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >>> (very easy to follow, thanks very much) >> >> Thank you, i hope to contribute further to the wiki. >> > Just to add my thanks too. I implimented SQL bayes and it works nicely, > thanks. The only thing I would suggest Postfix users watch is the user > that they upload the database as. I had an issue where Bayes was not used > by Postfix due to insufficient samples. On investigation I had uploaded my > db as another user. I su'ed to the Postfix user and re-loaded and lo, it > works great. > > The other point to also consider is bayes expiry (Which I only considered > when I had my 2 MS boxes both auto expiring (At different times) which > really wasn't required :-) > > Drew And then I read the rest of the thread.... Now where did I put my 4x... -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/