From james_gray at ocs.com Tue Mar 1 01:11:59 2005 From: james_gray at ocs.com (James Gray) Date: Thu Jan 12 21:28:45 2006 Subject: [messed] up Perl? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 1 Mar 2005 06:43 am, michele wrote: > On Mon, 2005-02-28 at 20:39 +0100, Wietse Muizelaar wrote: > > Hi, > > > > I seem to have a fucked up perl system, and I'm not sure on how to fix > > this > > > > :) > > Before you get a slap from anyone else I would recommend you refer to > your Perl as "screwed up", "b0rk" or any variation you wish, however the > usage of expletives is generally frowned upon Plus expletives get caught by my spamassassin rules and dumped. I pulled this one out of quarantine. Expletives have no place in a professional forum. -- James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Mar 1 09:01:06 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:45 2006 Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA Message-ID: I've sent this problem to the mailinglist before but at the time no solution for the problem. I'm using the tarball of install-Clam-SA version to update SpamAssassin and some other modules. However, it seems that the check in the script is not working properly, it keeps reporting that the latest version is already installed when in fact it is not: Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. [root@lgw install-Clam-SA]# spamassassin --version SpamAssassin version 3.0.0 running on Perl version I suspect that the script may do this for other modules as well. I do not have 2 installations of perl in place, already checked that. Any idea where the problem is or how I can force the script to re-install everything? Thanks!! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 1 09:11:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: Does it do rar extraction by default???? Looking at the docs I'm not sure it does. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Peter Bonivart wrote: > >> Martin Hepworth wrote: >> >>> on newer clam versions I believe this is clamd.conf. Both the daemon and >>> non-daemon versions now use the same defaults file I believe. >> >> >> >> They renamed the file from clamav.conf to clamd.conf to lessen the >> confusion about what it configured. It only configures clamd, not >> clamscan. > > > So what configures clamscan? Just the MailScanner -wrapper script? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 09:24:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ClamAV can do it. So just use clamav or clamavmodule in your list of virus scanners. Martin Hepworth wrote: > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Peter Bonivart wrote: >> >>> Martin Hepworth wrote: >>> >>>> on newer clam versions I believe this is clamd.conf. Both the >>>> daemon and >>>> non-daemon versions now use the same defaults file I believe. >>> >>> >>> >>> >>> They renamed the file from clamav.conf to clamd.conf to lessen the >>> confusion about what it configured. It only configures clamd, not >>> clamscan. >> >> >> >> So what configures clamscan? Just the MailScanner -wrapper script? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Mar 1 09:30:38 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:45 2006 Subject: New virus?? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info From martinh at SOLID-STATE-LOGIC.COM Tue Mar 1 09:38:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: Julian no beta info on the downloads web page... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > ClamAV can do it. So just use clamav or clamavmodule in your list of > virus scanners. > > Martin Hepworth wrote: > >> Does it do rar extraction by default???? Looking at the docs I'm not >> sure it does. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> Peter Bonivart wrote: >>> >>>> Martin Hepworth wrote: >>>> >>>>> on newer clam versions I believe this is clamd.conf. Both the >>>>> daemon and >>>>> non-daemon versions now use the same defaults file I believe. >>>> >>>> >>>> >>>> >>>> >>>> They renamed the file from clamav.conf to clamd.conf to lessen the >>>> confusion about what it configured. It only configures clamd, not >>>> clamscan. >>> >>> >>> >>> >>> So what configures clamscan? Just the MailScanner -wrapper script? >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 09:43:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:45 2006 Subject: ANNOUNCE: MailScanner stable release 4.39.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable version, 4.39.5. This release contains some more configuration options for users of the 'clamavmodule' virus scanner, and some more improvements to the phishing net. It also contains a 'starter list' of sites to stop false alarms from the phishing net. There are also quite a few bug-fixes. You can download it as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - If the AttachmentWarning message put into a message is empty (zero-length) then the empty attachment won't be added to the message at all. - Added scanning of PE's by default to clamavmodule scanner. - Added feature when IP address in a ruleset has all 4 numbers, so that a full string match is done against the client IP, not a substring match. - Added support for output from latest F-Prot and archive bomb detection. - Set all virus scanners to SUPPORTED so no tweaking needed by users. - Added 4 new configuration options for setting all ClamAV settings when using the "clamavmodule" scanner: ClamAVmodule Maximum Recursion Level ClamAVmodule Maximum Files ClamAVmodule Maximum File Size ClamAVmodule Maximum Compression Ratio - Phishing net now traps website names containing unicode characters. * Fixes * - Corrected problem with tags that have no text contents and no . - 2 minor typos in the Swedish reports. - Changed check_MailScanner to check_mailscanner in cron job. - Fixed problem where files with no extension, inside a zip file, were extracted with ".dat" added onto the end of them. - Fixed problem with phishing net being confused by some malformed URLs. - Syslog calls are forced to 8-bit characters. - Fixed problems with nested input queues not being used consistently. - Custom Function reader no longer includes Debian dpkg files it should ignore. - Fixed problems with messages being rebuilt just because they contain or . - Fixed problems with some messages with sendmail nested input queue but flat output queue. - Fixed problem where an infected spam message containing a broken zip file could break MailScanner when delivered as an RFC-822 attachment to a new message. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 09:03:46 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had the same problem. For me it only worked when I removed my spamassassin instalation and then installed again using the tarball version. ----- Original Message ----- From: "Remco Barendse" To: Sent: Tuesday, March 01, 2005 6:01 AM Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA > I've sent this problem to the mailinglist before but at the time no > solution for the problem. > > I'm using the tarball of install-Clam-SA version to update SpamAssassin > and some other modules. > > However, it seems that the check in the script is not working properly, it > keeps reporting that the latest version is already installed when in fact > it is not: > > Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. > > [root@lgw install-Clam-SA]# spamassassin --version > SpamAssassin version 3.0.0 > running on Perl version > > > I suspect that the script may do this for other modules as well. I do not > have 2 installations of perl in place, already checked that. > > Any idea where the problem is or how I can force the script to re-install > everything? > > Thanks!! > Remco > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 09:05:03 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patrik.runald at F-SECURE.COM Tue Mar 1 09:55:47 2005 From: patrik.runald at F-SECURE.COM (Runald, Patrik) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Hi. This is one of the three new Bagle variants found this morning. All three have been seeded this morning. Regards, Patrik > I have just started to receive the following warnings. It appears that only Bitdefender > currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). > > Anyone else seeing it?? > > The following e-mails were found to have: Bad Filename Detected : Virus Detected > Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 > Recipient: belfast@boys-brigade.org.uk > Subject: > MessageID: j215N9QK011410 > Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip > Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe > MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) > No programs allowed (prs_03.exe) > Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe > MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) > No programs allowed (prs_03.exe) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Tue Mar 1 10:13:07 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? {Virus Scanned} Message-ID: AVP detects it as MessageID: j216HARt001752 Report: [newprice.zip] prs_03.exe: Infected: Email-Worm.Win32.Bagle.bd [AVP] This avp is part of the F-Secure Suite.   From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 11:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? {Virus Scanned} I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: mailto:David.While@UCE.AC.UK David While To: mailto:MAILSCANNER@JISCMAIL.AC.UK MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir).   Anyone else seeing it??   The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: mailto:xxxx@xxxxxxxxxxIP xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: mailto:belfast@boys-brigade.org.uk belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe)   -- MailScanner Email Virus Scanner www.mailscanner.info www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ http://www.mailscanner.biz/maq/ ) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Mar 1 11:21:10 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 10:41:04 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thats true... There is no free update for the free version... See the Panda's answer to a message I send them: Right now, Panda Freeware is not entitled to updates for being a freeware version. As the fact that our freeware users are not able to update the virus signature file is also a big concern for us, we requested some time ago a change in this process that would allow you to work with an actualised antivirus. Thanks for your interest in our products and sending us your comments. ----- Original Message ----- From: "Paul Welsh" To: Sent: Monday, February 28, 2005 8:42 PM Subject: Re: Best value anti-virus programs > I may have another candidate for best value anti-virus program, Panda > Antivirus for Linux, which is being given away for free - see > http://www.pandasoftware.com/download/linux/linux.asp. > > Problem is, I can find nothing on Panda's web site to explain how one > obtains updated virus signature files without paying for a subscription. I > guess the thing to do is to purchase their PC product Panda Titanium > Antivirus 2005 for £24 from Amazon and that way you'll get a username and > password in order to download updates for a year. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Mar 1 11:39:17 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Oops, jotti.org identified it as Bagle.bl too. Must learn to read... Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: 01 March 2005 11:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 12:33:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Did more or less the same and got an extra.dat from McAfee that identifies at least two (different) types as "W32/Bagle.dldr (ED) virus", while still missing the third variant we've gotten (so far). Of course submitted that one too. Boy am I glad for BitDefender today... Got the first ones "heuristically" as "BehavesLike:Win32.SiteHijack" and (after a virus update either Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... And these would have gotten through (well, most at least, since Clam would have gotten the "Trojan.Bagle.BE" as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: den 1 mars 2005 12:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patrik.runald at F-SECURE.COM Tue Mar 1 12:53:34 2005 From: patrik.runald at F-SECURE.COM (Runald, Patrik) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: It's been a busy morning. All in all we've found five new variants of Bagle two of which could be considered trojans and not e-mail worms as they don't actively spread via e-mail. Some AV vendors might detect some of them using the same name for two or more variants. Regards, Patrik --- Patrik Runald, Technical Manager F-Secure UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, March 01, 2005 12:34 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? Did more or less the same and got an extra.dat from McAfee that identifies at least two (different) types as "W32/Bagle.dldr (ED) virus", while still missing the third variant we've gotten (so far). Of course submitted that one too. Boy am I glad for BitDefender today... Got the first ones "heuristically" as "BehavesLike:Win32.SiteHijack" and (after a virus update either Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... And these would have gotten through (well, most at least, since Clam would have gotten the "Trojan.Bagle.BE" as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: den 1 mars 2005 12:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 12:55:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm, well... I for one got a bit miffed by that "strategic sales maneuver" by Panda. Since AV is never better than its updates, calling it free without giving away the updates is just plain ...unprintable... BTW, I saw your question to BD on their user list, and their answer. AFAICS that clears any questions about the state of the updates for BD (I'm not including it here... If you'd like to do so Paul, please do at your discretion). ... It further makes plain their "sales pitch" for their "BD for " products, which are MailScanner "workalikes" AFAICS. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 1 mars 2005 00:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Best value anti-virus programs > > > I may have another candidate for best value anti-virus program, Panda > Antivirus for Linux, which is being given away for free - see > http://www.pandasoftware.com/download/linux/linux.asp. > > Problem is, I can find nothing on Panda's web site to explain how one > obtains updated virus signature files without paying for a > subscription. I > guess the thing to do is to purchase their PC product Panda Titanium > Antivirus 2005 for £24 from Amazon and that way you'll get a > username and > password in order to download updates for a year. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 13:05:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Thats true... There is no free update for the free version... > See the Panda's answer to a message I send them: > > Right now, Panda Freeware is not entitled to updates for > being a freeware version. > As the fact that our freeware users are not able to update > the virus signature file is also a big concern for us, we > requested some time ago a change in this process that would > allow you to work with an actualised antivirus. > Thanks for your interest in our products and sending us your comments. > > > ----- Original Message ----- > From: "Paul Welsh" > To: > Sent: Monday, February 28, 2005 8:42 PM > Subject: Re: Best value anti-virus programs > > >> I may have another candidate for best value anti-virus program, Panda >> Antivirus for Linux, which is being given away for free - see >> http://www.pandasoftware.com/download/linux/linux.asp. >> >> Problem is, I can find nothing on Panda's web site to explain how one >> obtains updated virus signature files without paying for a > subscription. > I >> guess the thing to do is to purchase their PC product Panda Titanium >> Antivirus 2005 for £24 from Amazon and that way you'll get a >> username and password in order to download updates for a year. >> I went down the paid route with them about 18 months ago. It was painful. It made me cry. You try to contact them and you get back a response which bears no relation to your query. One might try to argue that it was a language issue, but considering that I tried dealing with them in 3 different countries I finally concluded that they were simply "stupid". I asked for information on accessing the updates etc., which I had paid for. They refunded my credit card. Mad! Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 13:16:18 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bitdefender on FreeBSD didnt detect any of them, BD on rhel4 detected loads :( ANyone using Bitdefender on Freebsdd wanna give me any off list tips? Runald, Patrik wrote: > It's been a busy morning. All in all we've found five new variants of > Bagle two of which could be > considered trojans and not e-mail worms as they don't actively spread > via e-mail. Some AV vendors > might detect some of them using the same name for two or more variants. > > Regards, > Patrik > > --- > Patrik Runald, > Technical Manager > F-Secure UK > > > ------------------------------------------------------------------------ > *From:* MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > *On Behalf Of *Steen, Glenn > *Sent:* Tuesday, March 01, 2005 12:34 PM > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > Did more or less the same and got an extra.dat from McAfee that > identifies at > least two (different) types as "W32/Bagle.dldr (ED) virus", while > still missing the > third variant we've gotten (so far). Of course submitted that one too. > > Boy am I glad for BitDefender today... Got the first ones > "heuristically" as > "BehavesLike:Win32.SiteHijack" and (after a virus update either > Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... > And these would have gotten > through (well, most at least, since Clam would have gotten the > "Trojan.Bagle.BE" > as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. > > -- Glenn > > -----Original Message----- > *From:* MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] *On Behalf Of *Randal, Phil > *Sent:* den 1 mars 2005 12:21 > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > We've received a couple of dozen since around 01:30 GMT. > > I've submitted a sample to virustotal.com, jotti.org, clamav.net > and McAfee's webimmune.net. > > virustotal.com identifies it as W32.Bagle.bg (Kapersky), > W32/Bagle.bl (F-Prot). > > virusscan.jotti.org calls it various things - > Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). > > webimmune.net detected it heuristically as a Bagle variant, but > McAfee's latest daily test DATs didn't pick it up. > > Well done Bitdefender. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > ------------------------------------------------------------------------ > *From:* MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] *On Behalf Of *Roger Jochem > *Sent:* 01 March 2005 09:05 > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > I'm receiving lots of this warnings too, only from > bitdefender... > > ----- Original Message ----- > *From:* David While > *To:* MAILSCANNER@JISCMAIL.AC.UK > > *Sent:* Tuesday, March 01, 2005 6:30 AM > *Subject:* New virus?? > > I have just started to receive the following warnings. > It appears that only Bitdefender currently spots this > virus (I run Bitdefender, ClamAV, F-Prot and Antivir). > > Anyone else seeing it?? > > > The following e-mails were found to have: Bad Filename > Detected : Virus Detected > > Sender: xxxx@xxxxxxxxxxIP > Address: 65.116.165.251 > > Recipient: belfast@boys-brigade.org.uk > > > Subject: > > MessageID: j215N9QK011410 > > Report: Bitdefender: Found virus > BehavesLike:Win32.SiteHijack in file price_new.zip > > Bitdefender: Found virus BehavesLike:Win32.SiteHijack in > file prs_03.exe > > MailScanner: Executable DOS/Windows programs are > dangerous in email (prs_03.exe) > > No programs allowed (prs_03.exe) > > Report: Bitdefender: Found virus > BehavesLike:Win32.SiteHijack in file prs_03.exe > > MailScanner: Executable DOS/Windows programs are > dangerous in email (prs_03.exe) > > No programs allowed (prs_03.exe) > > > > -- > > MailScanner > > Email Virus Scanner > > _www.mailscanner.info_ > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the > website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 13:16:31 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: It's been a while since I've been on the list, and probably time I update my mailscanner installation, but it's been running pretty well for quite some time. Lately I've had some DNS problems, where my DNS server, bind 9, stops resolving correctly. Restarting the service seems to resolve it for an undetermined amount of time before it happens again. In troubleshooting this I found that I am getting tons of these entires in the messages log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' I've googled and searched mailscanner's archive but so far haven't found a resolution. I commented these out of spam.lists.conf and reloaded MailScanner but that didn't seem to be causing it. #RFC-IGNORANT-DSN dsn.rfc-ignorant.org. #RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. #RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. #RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. #RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. Can anyone tell me how to properly stop these messages? I've seen a way to ignore them, but I'd rather stop them from happening in the first place. Any help is appreciated. James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 13:43:51 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have bitdefender installed in Freebsd and it appears to work ok if you for 'bdc' in the shell. But none of the wrapper scripts work. I have downloaded latest tar of MS and extract the wrapper and i get the same result when run from the shell. And BD doesnt appear to work from within MailLScanner either. running bitdefender-wrapper or running /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc produces the same results. -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc cat: /tmp/log.bdc.3202: No such file or directory rm: /tmp/log.bdc.3202: No such file or directory Running the clam av command from virus.scanners seems to work perfectly. /usr/local/libexec/MailScanner/clamav-wrapper /usr/local Any ideas what i need to do get this working? Thanks in advance Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 14:11:55 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: > Hello, > >> this I found that I am getting tons of these entires in the messages >> log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > > ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: > http://lists.megacity.org/pipermail/rfci-discuss/2004-October/ > 003094.html > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score > RCVD_IN_RFCI 0.0 > You need to define it first or it will break :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Mar 1 15:51:59 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:46 2006 Subject: Reports not attached after upgrade to 4.39.5 Message-ID: Hi guys, I've just upgraded from 4.38.9 to 4.39.5. As part of my testing I sent myself an EICAR and noted that I didn't get the normal attachment with the "we found blah virus" and "quarantined it here" and what have you. I didn't have this problem with 4.38.9 so I'm guessing I've missed a step or made a stupid mistake. I've run upgrade_MailScanner_conf, copied my rules and reports directories and run upgrade_languages_conf (in that order!). Any help appreciated. Stef Stefan Morrell | Operations Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 14:18:46 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: On Tue, 2005-03-01 at 09:11, Michele Neylon :: Blacknight Solutions wrote: > > Hello, > > > >> this I found that I am getting tons of these entires in the messages > >> log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > > > > ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: > > http://lists.megacity.org/pipermail/rfci-discuss/2004-October/ > > 003094.html > > > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score > > RCVD_IN_RFCI 0.0 > > > You need to define it first or it will break :) > What do you mean define it first? Thanks, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 14:19:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: Try /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . .... And (looking at SweepViruses.pm) perhaps /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc --arc --mail --all . ... Still no go? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell > Sent: den 1 mars 2005 14:44 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: bitdefender FreeBSD > > > I have bitdefender installed in Freebsd and it appears to > work ok if you > for 'bdc' in the shell. But none of the wrapper scripts work. I have > downloaded latest tar of MS and extract the wrapper and i get the same > result when run from the shell. And BD doesnt appear to work > from within > MailLScanner either. > > running bitdefender-wrapper > or running > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > produces the same results. > > -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > cat: /tmp/log.bdc.3202: No such file or directory > rm: /tmp/log.bdc.3202: No such file or directory > > Running the clam av command from virus.scanners seems to work > perfectly. > > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local > > > Any ideas what i need to do get this working? > > Thanks in advance > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Tue Mar 1 14:26:06 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Update /usr/local/etc/MailScanner/virus.scanners/conf. For bitdefender set the WorkingDir to /usr/local/bdc instead of /opt/bdc. This is assuming you are using the 'beta' port of bdc for FreeBSD, which is installed in /usr/local/bdc. Adri. > -----Original Message----- > From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] > Sent: 01 March, 2005 15:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bitdefender FreeBSD > > > Try > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . > > .... And (looking at SweepViruses.pm) perhaps > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > --arc --mail > --all . > > ... Still no go? > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell > > Sent: den 1 mars 2005 14:44 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: bitdefender FreeBSD > > > > > > I have bitdefender installed in Freebsd and it appears to > > work ok if you > > for 'bdc' in the shell. But none of the wrapper scripts work. I have > > downloaded latest tar of MS and extract the wrapper and i > get the same > > result when run from the shell. And BD doesnt appear to work > > from within > > MailLScanner either. > > > > running bitdefender-wrapper > > or running > > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > > produces the same results. > > > > -su-2.05b# > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > > cat: /tmp/log.bdc.3202: No such file or directory > > rm: /tmp/log.bdc.3202: No such file or directory > > > > Running the clam av command from virus.scanners seems to work > > perfectly. > > > > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local > > > > > > Any ideas what i need to do get this working? > > > > Thanks in advance > > Pete > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 13:24:02 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Virus notifications Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, all! I found my problem with the top viruses not being shown in MailWatch for Mailscanner. If I disable virus notifications for the administrator, or put a rule ignoring virus like Bagle, Klez, and others, this viruses are not shown as top virus in MailWatch. And if I disable my MailScanner rule, I receive toons of useless messages in my mailbox. In my rule I was sending myself only viruses found from and inside sender, and unusual viruses, not the common one (klez, bagle, and others). Is there some way MailWatch still records all viruses for statistics purpose, and MailScanner send me a warning only for the virus I defined in the notices.rules? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 16:45:45 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: >>> RCVD_IN_RFCI 0.0 >>> >> You need to define it first or it will break :) >> > > What do you mean define it first? > If you want to refer to a DNS check in spam.assassin.prefs.conf it needs to be defined in spam.lists.conf otherwise linting the rules will fail :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From piper at HRZ.UNI-MARBURG.DE Tue Mar 1 14:33:55 2005 From: piper at HRZ.UNI-MARBURG.DE (Andreas Piper) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: > > score RCVD_IN_RFCI 0.0 > > You need to define it first or it will break :) sorry, as it seems to be used, I did assume it to be defined. It should be found in the SpamAssassin rules files, for my system (Debian with SA 2.64) e.g. RCVD_IN_RFCI is defined at /usr/share/spamassassin/20_dnsbl_tests.cf I reckon it's not anymore there in SA 3, so another solution would be to upgrade MS / SA ? Regards, Andreas Piper -- ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 17:20:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>>>RCVD_IN_RFCI 0.0 >>>> >>>> >>>> >>>You need to define it first or it will break :) >>> >>> >>> >>What do you mean define it first? >> >> >> >If you want to refer to a DNS check in spam.assassin.prefs.conf it needs to >be defined in spam.lists.conf otherwise linting the rules will fail :) > > No it doesn't. The DNS checks done by SpamAssassin are totally independent of spam.lists.conf. In SpamAssassin 3 this rule has been renamed and you now need # JKF 01/03/2005 - rfcignorant list is dead score RCVD_IN_RFC_IPWHOIS 0 in spam.assassin.prefs.conf. You will need to restart MailScanner after making this change. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 15:03:17 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: On Tue, 2005-03-01 at 09:33, Andreas Piper wrote: > > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: > > > score RCVD_IN_RFCI 0.0 > > > > You need to define it first or it will break :) > > sorry, > as it seems to be used, I did assume it to be defined. > > It should be found in the SpamAssassin rules files, for my system (Debian with > SA 2.64) e.g. RCVD_IN_RFCI is defined > at /usr/share/spamassassin/20_dnsbl_tests.cf > Looks like it's in there for me already. Everything seems to be working ok after make the change in the conf too. Thanks for the help. James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue Mar 1 13:54:58 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of James Pifer > >Lately I've had some DNS problems, where my DNS server, bind 9, stops >resolving correctly. Restarting the service seems to resolve it for an >undetermined amount of time before it happens again. In troubleshooting >this I found that I am getting tons of these entires in the messages >log: >lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > >Can anyone tell me how to properly stop these messages? I've seen a way >to ignore them, but I'd rather stop them from happening in the first >place. > >Any help is appreciated. Put this in your named.conf: logging { category lame-servers { null; }; }; (see Bv9ARM.ch06.html in your bind/doc/arm dir) >James Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From piper at HRZ.UNI-MARBURG.DE Tue Mar 1 13:54:59 2005 From: piper at HRZ.UNI-MARBURG.DE (Andreas Piper) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, > this I found that I am getting tons of these entires in the messages > log: > lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: http://lists.megacity.org/pipermail/rfci-discuss/2004-October/003094.html To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score RCVD_IN_RFCI 0.0 Regards, Andreas Piper ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 17:43:16 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all! Analysing my MailWatch for MailScanner reports, I found a graphic that shows the Top 10 Mail Relays. Should this graphic show other servers than my own? In my case the graphic is showing some other servers, one of them, the smtp.jiscmail.ac.uk server. Is that correct? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Tue Mar 1 17:54:54 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: >Hello all! > >Analysing my MailWatch for MailScanner reports, I found a graphic that shows >the Top 10 Mail Relays. Should this graphic show other servers than my own? >In my case the graphic is showing some other servers, one of them, the >smtp.jiscmail.ac.uk server. Is that correct? > >Regards > >Roger Jochem > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > Considering that all of the user group mail for mailscanner comes from that destination. Yes it will show that.. but yes mine shows me my mail svr, and all of my backup and a few others. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Mar 1 18:36:20 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You also need to update the /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to update. Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || "/usr/local/bdc". Cheers Raylund ----- Original Message ----- From: "Adri Koppes" To: Sent: Tuesday, March 01, 2005 9:26 AM Subject: Re: bitdefender FreeBSD > Update /usr/local/etc/MailScanner/virus.scanners/conf. > For bitdefender set the WorkingDir to /usr/local/bdc instead of /opt/bdc. > This is assuming you are using the 'beta' port of bdc for FreeBSD, which > is > installed in /usr/local/bdc. > > Adri. > > >> -----Original Message----- >> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >> Sent: 01 March, 2005 15:20 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: bitdefender FreeBSD >> >> >> Try >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >> >> .... And (looking at SweepViruses.pm) perhaps >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> --arc --mail >> --all . >> >> ... Still no go? >> >> -- Glenn >> >> > -----Original Message----- >> > From: MailScanner mailing list >> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >> > Sent: den 1 mars 2005 14:44 >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: bitdefender FreeBSD >> > >> > >> > I have bitdefender installed in Freebsd and it appears to >> > work ok if you >> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >> > downloaded latest tar of MS and extract the wrapper and i >> get the same >> > result when run from the shell. And BD doesnt appear to work >> > from within >> > MailLScanner either. >> > >> > running bitdefender-wrapper >> > or running >> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> > produces the same results. >> > >> > -su-2.05b# >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> > cat: /tmp/log.bdc.3202: No such file or directory >> > rm: /tmp/log.bdc.3202: No such file or directory >> > >> > Running the clam av command from virus.scanners seems to work >> > perfectly. >> > >> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >> > >> > >> > Any ideas what i need to do get this working? >> > >> > Thanks in advance >> > Pete >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 18:45:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the reply! ----- Original Message ----- From: "Christopher J Ford" To: Sent: Tuesday, March 01, 2005 2:54 PM Subject: Re: Mail Relays > Roger Jochem wrote: > > >Hello all! > > > >Analysing my MailWatch for MailScanner reports, I found a graphic that shows > >the Top 10 Mail Relays. Should this graphic show other servers than my own? > >In my case the graphic is showing some other servers, one of them, the > >smtp.jiscmail.ac.uk server. Is that correct? > > > >Regards > > > >Roger Jochem > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > Considering that all of the user group mail for mailscanner comes from > that destination. Yes it will show that.. but yes mine shows me my mail > svr, and all of my backup and a few others. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 19:03:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You don't need to do this. The spec for the -autoupdate scripts is that they should be called with the installation directory as a parameter on the command-line. This is done for you so long as you use the update_virus_scanners script. Raylund Lai wrote: > You also need to update the > /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to > update. > Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || > "/usr/local/bdc". > > Cheers > Raylund > ----- Original Message ----- > From: "Adri Koppes" > To: > Sent: Tuesday, March 01, 2005 9:26 AM > Subject: Re: bitdefender FreeBSD > > >> Update /usr/local/etc/MailScanner/virus.scanners/conf. >> For bitdefender set the WorkingDir to /usr/local/bdc instead of >> /opt/bdc. >> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >> is >> installed in /usr/local/bdc. >> >> Adri. >> >> >>> -----Original Message----- >>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>> Sent: 01 March, 2005 15:20 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: bitdefender FreeBSD >>> >>> >>> Try >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>> >>> .... And (looking at SweepViruses.pm) perhaps >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> --arc --mail >>> --all . >>> >>> ... Still no go? >>> >>> -- Glenn >>> >>> > -----Original Message----- >>> > From: MailScanner mailing list >>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>> > Sent: den 1 mars 2005 14:44 >>> > To: MAILSCANNER@JISCMAIL.AC.UK >>> > Subject: bitdefender FreeBSD >>> > >>> > >>> > I have bitdefender installed in Freebsd and it appears to >>> > work ok if you >>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>> > downloaded latest tar of MS and extract the wrapper and i >>> get the same >>> > result when run from the shell. And BD doesnt appear to work >>> > from within >>> > MailLScanner either. >>> > >>> > running bitdefender-wrapper >>> > or running >>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> > produces the same results. >>> > >>> > -su-2.05b# >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> > cat: /tmp/log.bdc.3202: No such file or directory >>> > rm: /tmp/log.bdc.3202: No such file or directory >>> > >>> > Running the clam av command from virus.scanners seems to work >>> > perfectly. >>> > >>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>> > >>> > >>> > Any ideas what i need to do get this working? >>> > >>> > Thanks in advance >>> > Pete >>> > >>> > ------------------------ MailScanner list ------------------------ >>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> > 'leave mailscanner' in the body of the email. >>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at MINTRA.COM Tue Mar 1 20:44:22 2005 From: john at MINTRA.COM (John Adams) Date: Thu Jan 12 21:28:46 2006 Subject: Mail vanishes after hitting first MTA Message-ID: Users have complained that incoming mail is going missing with no bounce back. We checked our DNS and all the other issues (there is a secondary mx mail server but users fetch mail from this so it is not disappearing there) The emails are received by the server, we know this because a DotFoward file has been created for a user and the mails are getting forwarded correctly, to his blackberry. The dot foward is in the correct format with the leading fowardslash which makes a copy to the local user then fowards on to another account. Since most emails are correctly working as expected, showing both in the local user's mbox as well as in the forwarded account. We suspect there is somthing unique about the missing emails. looking in the mail log we noticed there are errors that include the domains from the missing emails. such as a lost mail from example.com machine foo[18123]: j1L42COt018123: lost input channel from xyz.example.com [123.123.123.123] to Daemon0 after rcpt As this is not even showing up in the mailwatch interface, we cannot figure out why it is not being delivered correctly. The best example being an mail (an enquiry for a large contact) which was cc to his workmate. did not come through to his mail box or to the workmate but was forwarded to the blackberry. Help please I don't want to see these people moving to MS exchange John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 20:56:19 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] None of those changed the output at all. :( Steen, Glenn wrote: > Try > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . > > .... And (looking at SweepViruses.pm) perhaps > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc --arc --mail > --all . > > ... Still no go? > > -- Glenn > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>Sent: den 1 mars 2005 14:44 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: bitdefender FreeBSD >> >> >>I have bitdefender installed in Freebsd and it appears to >>work ok if you >>for 'bdc' in the shell. But none of the wrapper scripts work. I have >>downloaded latest tar of MS and extract the wrapper and i get the same >>result when run from the shell. And BD doesnt appear to work >>from within >>MailLScanner either. >> >>running bitdefender-wrapper >>or running >>/usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>produces the same results. >> >>-su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>cat: /tmp/log.bdc.3202: No such file or directory >>rm: /tmp/log.bdc.3202: No such file or directory >> >>Running the clam av command from virus.scanners seems to work >>perfectly. >> >>/usr/local/libexec/MailScanner/clamav-wrapper /usr/local >> >> >>Any ideas what i need to do get this working? >> >>Thanks in advance >>Pete >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:02:22 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have downloaded the latest tar package and temporarily moved in the new scripts for virus.scanner.conf, bitdefender-wrapper and still not working. I already had tried to add the line for the path to bitdefender, this didnt help either. This works fine from the command line - but in the wrapper is dont work at all :( bdc /opt/bdc Julian Field wrote: > You don't need to do this. The spec for the -autoupdate scripts is that > they should be called with the installation directory as a parameter on > the command-line. This is done for you so long as you use the > update_virus_scanners script. > > Raylund Lai wrote: > >> You also need to update the >> /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to >> update. >> Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || >> "/usr/local/bdc". >> >> Cheers >> Raylund >> ----- Original Message ----- >> From: "Adri Koppes" >> To: >> Sent: Tuesday, March 01, 2005 9:26 AM >> Subject: Re: bitdefender FreeBSD >> >> >>> Update /usr/local/etc/MailScanner/virus.scanners/conf. >>> For bitdefender set the WorkingDir to /usr/local/bdc instead of >>> /opt/bdc. >>> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >>> is >>> installed in /usr/local/bdc. >>> >>> Adri. >>> >>> >>>> -----Original Message----- >>>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>>> Sent: 01 March, 2005 15:20 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: bitdefender FreeBSD >>>> >>>> >>>> Try >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>>> >>>> .... And (looking at SweepViruses.pm) perhaps >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> --arc --mail >>>> --all . >>>> >>>> ... Still no go? >>>> >>>> -- Glenn >>>> >>>> > -----Original Message----- >>>> > From: MailScanner mailing list >>>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>>> > Sent: den 1 mars 2005 14:44 >>>> > To: MAILSCANNER@JISCMAIL.AC.UK >>>> > Subject: bitdefender FreeBSD >>>> > >>>> > >>>> > I have bitdefender installed in Freebsd and it appears to >>>> > work ok if you >>>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>>> > downloaded latest tar of MS and extract the wrapper and i >>>> get the same >>>> > result when run from the shell. And BD doesnt appear to work >>>> > from within >>>> > MailLScanner either. >>>> > >>>> > running bitdefender-wrapper >>>> > or running >>>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > produces the same results. >>>> > >>>> > -su-2.05b# >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > cat: /tmp/log.bdc.3202: No such file or directory >>>> > rm: /tmp/log.bdc.3202: No such file or directory >>>> > >>>> > Running the clam av command from virus.scanners seems to work >>>> > perfectly. >>>> > >>>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>>> > >>>> > >>>> > Any ideas what i need to do get this working? >>>> > >>>> > Thanks in advance >>>> > Pete >>>> > >>>> > ------------------------ MailScanner list ------------------------ >>>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> > 'leave mailscanner' in the body of the email. >>>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:03:47 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: Sa-learn tricks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Using sa-learn for this is well documented in the mailling list archives and the faq on www.mailscanner.info Good luck Pete Sanjay K. Patel wrote: > Although this is a bit of topic I was hoping someone here might have a > answer. I want to send spam not caught by mailscanner back to the server for > sa-learn to learn the spam. The question is "does sa-learn learn the content > of the spam or the headers also?". My concern is that all the headers will > have my info since I am forwarding it and I don't want sa-learn to think I > am a spammer. > > Also has anyone noticed that the Outlook junk filter catch's almost all the > spam that makes it through. I think it uses keywords which is pretty weak > but makes it easier for me to set a rule that forwards anything that hits > that folder to go back to the server. > > SKP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Mar 1 21:05:06 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:46 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. Clam does RAR v2 internally. The Clam wrapper is prepared for using an external unpacker as well, you just have to check the path and uncomment it. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:16:13 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, is there a small chance that there is something wrong with the wrapper? I do #bdc --log=/tmp/log.$$ /opt/bdc; cat /tmp/log.$$ and it works fine. Which bdc returns /usr/bin/bdc Julian Field wrote: > You don't need to do this. The spec for the -autoupdate scripts is that > they should be called with the installation directory as a parameter on > the command-line. This is done for you so long as you use the > update_virus_scanners script. > > Raylund Lai wrote: > >> You also need to update the >> /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to >> update. >> Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || >> "/usr/local/bdc". >> >> Cheers >> Raylund >> ----- Original Message ----- >> From: "Adri Koppes" >> To: >> Sent: Tuesday, March 01, 2005 9:26 AM >> Subject: Re: bitdefender FreeBSD >> >> >>> Update /usr/local/etc/MailScanner/virus.scanners/conf. >>> For bitdefender set the WorkingDir to /usr/local/bdc instead of >>> /opt/bdc. >>> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >>> is >>> installed in /usr/local/bdc. >>> >>> Adri. >>> >>> >>>> -----Original Message----- >>>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>>> Sent: 01 March, 2005 15:20 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: bitdefender FreeBSD >>>> >>>> >>>> Try >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>>> >>>> .... And (looking at SweepViruses.pm) perhaps >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> --arc --mail >>>> --all . >>>> >>>> ... Still no go? >>>> >>>> -- Glenn >>>> >>>> > -----Original Message----- >>>> > From: MailScanner mailing list >>>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>>> > Sent: den 1 mars 2005 14:44 >>>> > To: MAILSCANNER@JISCMAIL.AC.UK >>>> > Subject: bitdefender FreeBSD >>>> > >>>> > >>>> > I have bitdefender installed in Freebsd and it appears to >>>> > work ok if you >>>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>>> > downloaded latest tar of MS and extract the wrapper and i >>>> get the same >>>> > result when run from the shell. And BD doesnt appear to work >>>> > from within >>>> > MailLScanner either. >>>> > >>>> > running bitdefender-wrapper >>>> > or running >>>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > produces the same results. >>>> > >>>> > -su-2.05b# >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > cat: /tmp/log.bdc.3202: No such file or directory >>>> > rm: /tmp/log.bdc.3202: No such file or directory >>>> > >>>> > Running the clam av command from virus.scanners seems to work >>>> > perfectly. >>>> > >>>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>>> > >>>> > >>>> > Any ideas what i need to do get this working? >>>> > >>>> > Thanks in advance >>>> > Pete >>>> > >>>> > ------------------------ MailScanner list ------------------------ >>>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> > 'leave mailscanner' in the body of the email. >>>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 21:29:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: Mail vanishes after hitting first MTA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This sounds like it is a problem with your MTA. MailScanner doesn't get involved in SMTP service or mail delivery at all. However, is the .forward file forwarding mail to a MailScanner server, or has the mail gone through MailScanner by the time it gets there? John Adams wrote: >Users have complained that incoming mail is going missing with no bounce >back. > >We checked our DNS and all the other issues (there is a secondary mx mail >server but users fetch mail from this so it is not disappearing there) > >The emails are received by the server, we know this because >a DotFoward file has been created for a user and the mails are getting >forwarded correctly, to his blackberry. > >The dot foward is in the correct format with the leading fowardslash >which makes a copy to the local user then fowards on to another account. > >Since most emails are correctly working as expected, showing both in the >local user's mbox as well as in the forwarded account. We suspect there >is >somthing unique about the missing emails. > >looking in the mail log we noticed there are errors that include the >domains from the missing emails. such as a lost mail from example.com > >machine foo[18123]: j1L42COt018123: lost input channel from >xyz.example.com >[123.123.123.123] to Daemon0 after rcpt > >As this is not even showing up in the mailwatch interface, we cannot >figure >out why it is not being delivered correctly. > >The best example being an mail (an enquiry for a large contact) which was >cc >to his workmate. did not come through to his mail box or to the workmate >but >was forwarded to the blackberry. > >Help please I don't want to see these people moving to MS exchange > >John > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jdavis at CS.ARIZONA.EDU Tue Mar 1 21:39:56 2005 From: jdavis at CS.ARIZONA.EDU (Jim Davis) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Works like a champ here: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] user 62 vol0 - 12191640 36700160 372177 - 62 user 201 vol0 - 11116156 15728640 351243 - 201 user 302 vol0 - 12004712 15728640 138326 - 302 user 120 vol0 - 1152712 1433600 21719 - 120 user * vol0 - 0 10485760 0 - * user 0 vol0 - 1618396 - 28904 - user 28 vol0 - 1899520 10485760 51438 - user 100 vol0 - 10287992 10485760 277366 - user 18 vol0 - 765192 10485760 18082 - user 103 vol0 - 8879732 10485760 38968 - user 150 vol0 - 2866020 10485760 122742 - user 298 vol0 - 831288 10485760 63949 - user 105 vol0 - 2983680 10485760 163715 - user 1858 vol0 - 118980 10485760 3254 - user 17 vol0 - 929388 10485760 46820 - user 265 vol0 - 1161868 10485760 55097 - user 278 vol0 - 1336408 10485760 23841 - user 245 vol0 - 257540 10485760 18248 - user 603 vol0 - 1492840 10485760 193337 - user 114 vol0 - 398720 10485760 12935 - user 14 vol0 - 1497856 10485760 54897 - user 41 vol0 - 1642852 10485760 28679 - user 128 vol0 - 4319712 10485760 63666 - user 235 vol0 - 150800 10485760 5860 - user 258 vol0 - 10219884 10485760 63858 - user 2154 vol0 - 374332 10485760 20848 - user 638 vol0 - 231708 10485760 23350 - user 57 vol0 - 1519604 10485760 24742 - user 240 vol0 - 70836 10485760 2038 - user 304 vol0 - 690348 10485760 18679 - user 222 vol0 - 3543520 10485760 98208 - user 233 vol0 - 18984 10485760 2217 - user 285 vol0 - 444804 10485760 9536 - user 104 vol0 - 8189696 10485760 67186 - user 155 vol0 - 291464 10485760 967 - user 63 vol0 - 556304 10485760 6410 - user 108 vol0 - 1733828 10485760 36350 - user 241 vol0 - 212172 10485760 34868 - user 262 vol0 - 433696 10485760 8345 - user 67 vol0 - 2400928 10485760 50252 - user 117 vol0 - 221652 10485760 7367 - user 234 vol0 - 140892 10485760 3346 - user 72 vol0 - 2370408 10485760 50024 - user 600 vol0 - 304124 10485760 9215 - user 12 vol0 - 839460 10485760 18475 - user 190 vol0 - 751388 10485760 58637 - user 307 vol0 - 79960 10485760 293 - user 15 vol0 - 946444 10485760 23692 - user 52 vol0 - 207656 10485760 9463 - user 199 vol0 - 369300 10485760 14002 - user 157 vol0 - 238012 10485760 28579 - user 203 vol0 - 648132 10485760 16754 - user 226 vol0 - 313948 10485760 10915 - user 111 vol0 - 2826168 10485760 17220 - user 249 vol0 - 288 10485760 72 - user 1055 vol0 - 195672 10485760 11329 - user 3086 vol0 - 690072 10485760 23462 - user 802 vol0 - 357380 10485760 59881 - user 209 vol0 - 535048 10485760 39309 - user 243 vol0 - 588956 10485760 61911 - user 1969 vol0 - 36728 10485760 2138 - user 122 vol0 - 493532 10485760 7238 - user 294 vol0 - 40764 10485760 12926 - user 2677 vol0 - 1489192 10485760 18181 - user 1738 vol0 - 80328 10485760 2787 - user 269 vol0 - 1528692 10485760 24300 - user 113 vol0 - 3474744 10485760 49705 - user 989 vol0 - 10344 10485760 260 - user 2489 vol0 - 1968636 10485760 6580 - user 257 vol0 - 705276 10485760 10918 - user 266 vol0 - 1217824 10485760 12084 - user 64 vol0 - 265996 10485760 18045 - user 94 vol0 - 573772 10485760 8540 - user 22 vol0 - 137872 10485760 1342 - user 164 vol0 - 18536 10485760 692 - user 1167 vol0 - 30568 10485760 1856 - user 61 vol0 - 122744 10485760 4087 - user 206 vol0 - 167068 10485760 7097 - user 26 vol0 - 15044 10485760 3306 - user 1696 vol0 - 1144 10485760 39 - user 268 vol0 - 797028 10485760 12849 - user 2696 vol0 - 117320 10485760 95 - user 1070 vol0 - 48668 10485760 4303 - user 299 vol0 - 346168 10485760 8914 - user 2405 vol0 - 6464 10485760 1095 - user 314 vol0 - 377592 10485760 6650 - user 290 vol0 - 120204 10485760 4359 - user 286 vol0 - 80 10485760 1 - user 99 vol0 - 1518536 10485760 11331 - user 65534 vol0 - 330356 10485760 3158 - user 191 vol0 - 46736 10485760 5499 - user 273 vol0 - 9688772 10485760 14603 - user 151 vol0 - 8253884 10485760 40953 - user 75 vol0 - 505048 10485760 15153 - user 2675 vol0 - 3076 10485760 658 - user 134 vol0 - 160904 10485760 1341 - user 225 vol0 - 227560 10485760 5015 - user 79 vol0 - 32336 10485760 2128 - user 282 vol0 - 50536 10485760 4584 - user 261 vol0 - 1292 10485760 125 - user 2408 vol0 - 1028 10485760 5920 - user 123 vol0 - 112940 10485760 8806 - user 107 vol0 - 104544 10485760 1553 - user 1030 vol0 - 84828 10485760 2187 - user 4017 vol0 - 65548 10485760 323 - user 301 vol0 - 12980 10485760 1869 - user 2492 vol0 - 34052 10485760 2027 - user 320 vol0 - 242052 10485760 10825 - user 118 vol0 - 1784896 10485760 1585 - user 685 vol0 - 100656 10485760 25879 - user 1782 vol0 - 34988 10485760 499 - user 2700 vol0 - 262728 10485760 2720 - user 2680 vol0 - 10056 10485760 273 - user 695 vol0 - 2412 10485760 302 - user 324 vol0 - 279244 10485760 5368 - user 247 vol0 - 10384 10485760 1406 - user 106 vol0 - 177268 10485760 8161 - user 654 vol0 - 186008 10485760 224 - user 186 vol0 - 44748 10485760 1403 - user 166 vol0 - 1288 10485760 109 - user 1455 vol0 - 204356 10485760 1463 - user 194 vol0 - 127728 10485760 10907 - user 162 vol0 - 42536 10485760 2731 - user 1173 vol0 - 85488 10485760 9628 - user 328 vol0 - 81388 10485760 579 - user 2988 vol0 - 53732 10485760 213 - user 82 vol0 - 199836 10485760 930 - user 198 vol0 - 73672 10485760 4079 - user 4099 vol0 - 155916 10485760 673 - user 604 vol0 - 89132 10485760 2172 - user 23 vol0 - 343380 10485760 4064 - user 4016 vol0 - 4704 10485760 765 - user 221 vol0 - 472088 10485760 1818 - user 1 vol0 - 37280 10485760 437 - user 607 vol0 - 56908 10485760 845 - user 292 vol0 - 105100 10485760 3079 - user 181 vol0 - 41492 10485760 2537 - user 141 vol0 - 14544 10485760 473 - user 224 vol0 - 45848 10485760 1087 - user 612 vol0 - 34564 10485760 3737 - user 665 vol0 - 188484 10485760 72 - user 196 vol0 - 1796376 10485760 2375 - user 6 vol0 - 130244 10485760 3134 - user 152 vol0 - 20676 10485760 170 - user 289 vol0 - 47304 10485760 207 - user 102 vol0 - 4076 10485760 1733 - user 281 vol0 - 55316 10485760 515 - user 853 vol0 - 27760 10485760 1432 - user 49 vol0 - 20552 10485760 1079 - user 2493 vol0 - 62804 10485760 1777 - user 254 vol0 - 24208 10485760 1104 - user 2081 vol0 - 564 10485760 91 - user 1091 vol0 - 10404 10485760 263 - user 293 vol0 - 13816 10485760 178 - user 4045 vol0 - 138024 10485760 3832 - user 667 vol0 - 10688 10485760 315 - user 2331 vol0 - 171988 10485760 461 - user 80 vol0 - 29520 10485760 866 - user 29 vol0 - 17700 10485760 87 - user 251 vol0 - 116020 10485760 2532 - user 280 vol0 - 644 10485760 69 - user 274 vol0 - 8916 10485760 725 - user 116 vol0 - 126620 10485760 126 - user 1659 vol0 - 2736 10485760 238 - user 2693 vol0 - 35720 10485760 44 - user 1100 vol0 - 146332 10485760 16 - user 2549 vol0 - 0 10485760 1 - user 295 vol0 - 281300 10485760 186 - user 231 vol0 - 56 10485760 7 - user 639 vol0 - 4692 10485760 190 - user 65 vol0 - 86820 10485760 917 - user 615 vol0 - 1668 10485760 11 - user 1692 vol0 - 580 10485760 4 - user 112 vol0 - 109736 10485760 126 - user 1800 vol0 - 257788 10485760 89 - user 296 vol0 - 880 10485760 26 - user 2398 vol0 - 2160 10485760 26 - user 133 vol0 - 13644 10485760 467 - user 2461 vol0 - 11888 10485760 84 - user 2423 vol0 - 35540 10485760 329 - user 641 vol0 - 10688 10485760 625 - user 3000 vol0 - 25540 10485760 79 - user 1877 vol0 - 3720 10485760 58 - user 1407 vol0 - 2552 10485760 92 - user 2490 vol0 - 13988 10485760 498 - user 1672 vol0 - 64 10485760 15 - user 4005 vol0 - 8148 10485760 61 - user 229 vol0 - 4972 10485760 1099 - user 524 vol0 - 60 10485760 2 - user 621 vol0 - 27468 10485760 2134 - user 876 vol0 - 5728 10485760 103 - user 220 vol0 - 3388 10485760 452 - user 144 vol0 - 4860 10485760 345 - user 1418 vol0 - 1204 10485760 304 - user 1863 vol0 - 304 10485760 66 - user 275 vol0 - 2908 10485760 358 - user 2294 vol0 - 8 10485760 2 - user 838 vol0 - 28 10485760 5 - user 303 vol0 - 4 10485760 1 - user 2385 vol0 - 4 10485760 1 - user 1661 vol0 - 32 10485760 9 - user 287 vol0 - 180 10485760 22 - user 14957 vol0 - 4 10485760 1 - user 17359 vol0 - 16 10485760 1 - user 18915 vol0 - 16 10485760 1 - user 8206 vol0 - 20 10485760 1 - user 13848 vol0 - 8 10485760 1 - user 19706 vol0 - 8 10485760 1 - user 16564 vol0 - 16 10485760 1 - user 633 vol0 - 410328 10485760 190 - user 2100 vol0 - 24 10485760 4 - user 184 vol0 - 337980 10485760 41 - user 10000 vol0 - 272 10485760 27 - user 4092 vol0 - 0 10485760 1 - user 327 vol0 - 37216 10485760 281 - user 2 vol0 - 356 10485760 11 - user 242 vol0 - 17440 10485760 351 - user 90 vol0 - 216 10485760 12 - user 238 vol0 - 652 10485760 16 - user 758 vol0 - 2804 10485760 255 - user 2494 vol0 - 84 10485760 5 - user 635 vol0 - 5740 10485760 102 - user 1610 vol0 - 972 10485760 173 - user 101 vol0 - 136 10485760 8 - user 1161 vol0 - 372 10485760 30 - user 4018 vol0 - 152 10485760 68 - user 1378 vol0 - 152 10485760 42 - user 1477 vol0 - 0 10485760 1 - user 602 vol0 - 664 10485760 38 - user 2979 vol0 - 780 10485760 42 - user 4 vol0 - 4 10485760 34 - user 98 vol0 - 28852 10485760 42 - user 1759 vol0 - 6408 10485760 144 - user 12903 vol0 - 8 10485760 1 - user 4027 vol0 - 2004 10485760 11 - user 501 vol0 - 1524 10485760 212 - user 4038 vol0 - 0 10485760 1 - user 1736 vol0 - 4 10485760 1 - user 8822 vol0 - 160 10485760 10 - user 944 vol0 - 180 10485760 28 - user 264 vol0 - 16012 10485760 78 - user 223 vol0 - 220 10485760 32 - user 1000 vol0 - 764 10485760 154 - user 500 vol0 - 3096 10485760 236 - user 310 vol0 - 8 10485760 2 - user 74 vol0 - 12 10485760 2 - user 727 vol0 - 8 10485760 2 - user 12781 vol0 - 12 10485760 1 - user 78 vol0 - 2500 10485760 374 - user 208 vol0 - 12 10485760 7 - user 738 vol0 - 124 10485760 13 - user 852 vol0 - 464 10485760 91 - user 1401 vol0 - 676 10485760 113 - user 73 vol0 - 2100 10485760 33 - user 629 vol0 - 12 10485760 2 - user 609 vol0 - 2496 10485760 126 - user 148 vol0 - 38968 10485760 12 - user 1623 vol0 - 8 10485760 6 - user 951 vol0 - 988 10485760 70 - user 130 vol0 - 36 10485760 3 - user 4012 vol0 - 20192 10485760 203 - user 2744 vol0 - 32 10485760 8 - user 1655 vol0 - 36 10485760 3 - user 1693 vol0 - 40 10485760 10 - user 1622 vol0 - 176 10485760 43 - user 1735 vol0 - 196 10485760 13 - user 4026 vol0 - 146076 10485760 17 - user 713 vol0 - 16 10485760 4 - user 511 vol0 - 0 10485760 1 - user 3 vol0 - 8 10485760 6 - user 827 vol0 - 4 10485760 1 - user 1551 vol0 - 4 10485760 1 - user 58 vol0 - 12 10485760 4 - user 1092 vol0 - 0 10485760 1 - user 1180 vol0 - 4 10485760 1 - user 1521 vol0 - 4 10485760 1 - user 1896 vol0 - 40 10485760 5 - user 983 vol0 - 4 10485760 1 - user 2389 vol0 - 152 10485760 6 - user 311 vol0 - 608 10485760 33 - user 360 vol0 - 24 10485760 1 - user 2658 vol0 - 12 10485760 4 - user 89 vol0 - 52 10485760 11 - user 1001 vol0 - 56 10485760 13 - user 2684 vol0 - 7920 10485760 10 - user 8933 vol0 - 12 10485760 1 - user 613 vol0 - 19500 10485760 44 - user 2368 vol0 - 800 10485760 21 - user 390 vol0 - 40 10485760 12 - user 205 vol0 - 0 10485760 5 - user 60001 vol0 - 572 10485760 3 - user 2993 vol0 - 100 10485760 14 - user 4010 vol0 - 9220 10485760 22 - user 1446 vol0 - 108 10485760 30 - user 722 vol0 - 1432 10485760 90 - user 1826 vol0 - 2900 10485760 48 - user 1198 vol0 - 56 10485760 4 - user 1635 vol0 - 4 10485760 1 - user 43 vol0 - 12 10485760 3 - user 1140 vol0 - 696 10485760 13 - user 4009 vol0 - 712 10485760 79 - user 896 vol0 - 4 10485760 1 - user 284 vol0 - 1056 10485760 35 - user 902 vol0 - 0 10485760 1 - user 4008 vol0 - 1296 10485760 7 - user 2141 vol0 - 4 10485760 1 - user 4011 vol0 - 12 10485760 7 - user 121 vol0 - 0 10485760 1 - user 512 vol0 - 72 10485760 11 - user 1569 vol0 - 0 10485760 1 - user 1371 vol0 - 4 10485760 1 - user 1120 vol0 - 0 10485760 1 - user 1346 vol0 - 8 10485760 2 - user 844 vol0 - 0 10485760 1 - user 790 vol0 - 0 10485760 1 - user 1146 vol0 - 0 10485760 1 - user 4088 vol0 - 28 10485760 10 - user 200 vol0 - 5540 10485760 2 - user 700 vol0 - 8 10485760 4 - user 2122 vol0 - 0 10485760 1 - user 1721 vol0 - 12 10485760 3 - user 1950 vol0 - 4 10485760 1 - user 5173 vol0 - 12 10485760 1 - user 4933 vol0 - 16 10485760 1 - user 2554 vol0 - 128 10485760 7 - user 1604 vol0 - 4 10485760 1 - user 93 vol0 - 0 10485760 1 - user 666 vol0 - 12 10485760 4 - user 1963 vol0 - 288 10485760 1 - user 1450 vol0 - 4 10485760 1 - user 60 vol0 - 0 10485760 1 - user 187 vol0 - 40 10485760 2 - user 366 vol0 - 4 10485760 1 - user 924 vol0 - 164 10485760 31 - user 1730 vol0 - 4 10485760 1 - user 270 vol0 - 0 10485760 3 - user 2455 vol0 - 4 10485760 1 - user 9300 vol0 - 8 10485760 1 - user 1049 vol0 - 8 10485760 2 - user 1364 vol0 - 8 10485760 2 - user 650 vol0 - 0 10485760 1 - user 2692 vol0 - 572 10485760 2 - user 538 vol0 - 24 10485760 8 - user 9581 vol0 - 12 10485760 1 - user 2439 vol0 - 4 10485760 1 - user 129 vol0 - 4 10485760 1 - user 237 vol0 - 8 10485760 2 - user 1052 vol0 - 4 10485760 1 - user 1076 vol0 - 20 10485760 1 - user 2018 vol0 - 0 10485760 2 - user 1680 vol0 - 4 10485760 1 - user 1519 vol0 - 12 10485760 3 - user 2999 vol0 - 0 10485760 1 - user 502 vol0 - 184 10485760 25 - user 787 vol0 - 40 10485760 5 - user 765 vol0 - 4 10485760 1 - user 165 vol0 - 16 10485760 4 - user 291 vol0 - 8 10485760 4 - user 2442 vol0 - 0 10485760 1 - user 1875 vol0 - 8 10485760 1 - user 4028 vol0 - 500 10485760 9 - user 693 vol0 - 576 10485760 15 - user 95 vol0 - 0 10485760 1 - user 1433 vol0 - 4 10485760 1 - user 916 vol0 - 32 10485760 1 - user 970 vol0 - 16 10485760 2 - user 507 vol0 - 72 10485760 10 - user 1973 vol0 - 8 10485760 1 - user 3423 vol0 - 8 10485760 1 - user 219 vol0 - 132 10485760 2 - user 4025 vol0 - 0 10485760 1 - user 4024 vol0 - 16 10485760 1 - user 87 vol0 - 4 10485760 1 - user 1839 vol0 - 0 10485760 0 - ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jdavis at CS.ARIZONA.EDU Tue Mar 1 21:47:39 2005 From: jdavis at CS.ARIZONA.EDU (Jim Davis) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, now that I've turned off the random attachment generator... let's try that again: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] Script started on Tue Mar 1 14:34:45 2005 bash-2.05b$ uname -a FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: Mon Jun 14 13:29:05 MST 2004 root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 bash-2.05b$ grep bitdefender virus.scanners.conf virus.scanners.conf.sample virus.scanners.conf:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc virus.scanners.conf.sample:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc /t // // BDC scan report // // Time: Tue Mar 1 14:36:00 2005 // Command line: --log=/tmp/log.bdc.80779 /tmp // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 // Total signatures: 101521 // /tmp/mkcf ok [...] Results: Folders :49 Files :2446 Packed :25 Infected files :0 Suspect files :0 Warnings :0 I/O errors :54 Files/second :135 Scan time :00:00:18 bash-2.05b$ exit Script done on Tue Mar 1 14:36:38 2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 22:30:05 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, changed virus.scanners.conf to this and it works now . Now i having iussue sgetting it going on RHEL4 :( cheers. Jim Davis wrote: > Ok, now that I've turned off the random attachment generator... let's > try that again: > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > Script started on Tue Mar 1 14:34:45 2005 > bash-2.05b$ uname -a > FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: Mon Jun 14 13:29:05 MST 2004 root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 > bash-2.05b$ grep bitdefender virus.scanners.conf virus.scanners.conf.sample > virus.scanners.conf:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc > virus.scanners.conf.sample:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc /t > // > // BDC scan report > // > // Time: Tue Mar 1 14:36:00 2005 > // Command line: --log=/tmp/log.bdc.80779 /tmp > // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) > // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 > // Total signatures: 101521 > // > > /tmp/mkcf ok > [...] > > Results: > Folders :49 > Files :2446 > Packed :25 > Infected files :0 > Suspect files :0 > Warnings :0 > I/O errors :54 > Files/second :135 > Scan time :00:00:18 > > > bash-2.05b$ exit > > Script done on Tue Mar 1 14:36:38 2005 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Tue Mar 1 23:33:56 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:46 2006 Subject: RBLs (I Need help! :P ) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First off I need to thank Julian because w/o MailScanner i'd still be in crap loads of spam. But off that subject. The RBLS in the config file. I dont quite get it? I mean I know what they do I think?, But what is the SPAM LIST = (blahblah) and SPAM DOMAIN LIST = It says see the "Spam List Definitions" but that doesnt explain very well what can go there or what should go. And I do have the BOOK btw. maybe I missed it? I did SEE it but it said once again see the Spam List Definitions.. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Mar 1 23:48:14 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:46 2006 Subject: RBLs (I Need help! :P ) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christopher J Ford wrote: > But off that subject. The RBLS in the config file. I dont quite get it? > I mean I know what they do I think?, But what is the SPAM LIST = > (blahblah) and SPAM DOMAIN LIST = > > It says see the "Spam List Definitions" but that doesnt explain very > well what can go there > or what should go. And I do have the BOOK btw. maybe I missed it? I did > SEE it but it said once again see the Spam List Definitions.. The "Spam List" contains the short names for the lists defined in spam.lists.conf, see left column in that file. The difference between spam lists and spam domain lists are that the latter works with domain names, not ip addresses of the mail servers. If you use SpamAssassin I would recommend you to not use spam lists at all from MS. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Wed Mar 2 02:48:50 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:46 2006 Subject: prob after upgrading MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I just upgrade MailScanner to 4-39.5-1 and when i start MAilScanner, it complains about HTML/TokeParser.pm, is this a sign of bad perl compiler? (ie two instances), i just get rid of the perl binary 5.8.5 and replaces with the old perl 5.8.0, but still i have the same problem. i install HTML::TokeParser from cpan and i have this failed tests t/entities.t t/headparser.t t/uentities.t anyone have an idea on how to work with kind of prob? Thanks in advance Nats ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 03:53:57 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD - solved FSBD and RHEL4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Change to the latest scriptes (mine were 4.29 verisons) and BDC will work as it should in freebsd. RHEL4 requires compat-libstdc++3.3 tpo be installed. Available from the RHELAS4 channel on the rhn. hope this is usefull to some one else :) Pete Peter Russell wrote: > Thanks, changed virus.scanners.conf to this and it works now . > > Now i having iussue sgetting it going on RHEL4 :( > > cheers. > > Jim Davis wrote: > >> Ok, now that I've turned off the random attachment generator... let's >> try that again: >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> >> Script started on Tue Mar 1 14:34:45 2005 >> bash-2.05b$ uname -a >> FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: >> Mon Jun 14 13:29:05 MST 2004 >> root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 >> bash-2.05b$ grep bitdefender virus.scanners.conf >> virus.scanners.conf.sample >> virus.scanners.conf:bitdefender >> /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc >> virus.scanners.conf.sample:bitdefender >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper >> /usr/local/bdc /t >> // >> // BDC scan report >> // >> // Time: Tue Mar 1 14:36:00 2005 >> // Command line: --log=/tmp/log.bdc.80779 /tmp >> // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) >> // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 >> // Total signatures: 101521 >> // >> >> /tmp/mkcf ok >> [...] >> >> Results: >> Folders :49 >> Files :2446 >> Packed :25 >> Infected files :0 >> Suspect files :0 >> Warnings :0 >> I/O errors :54 >> Files/second :135 >> Scan time :00:00:18 >> >> >> bash-2.05b$ exit >> >> Script done on Tue Mar 1 14:36:38 2005 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 04:02:58 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IN the past i remember some one haviong a cool script/command that would show you stats on infections? I ahve a mailscanner machine on a PC that is suffering badly with heaps of viruses and i would love to know how to find out how many or what type of infections etc? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at ocs.com Wed Mar 2 04:20:17 2005 From: james_gray at ocs.com (James Gray) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > IN the past i remember some one haviong a cool script/command that would > show you stats on infections? > > I ahve a mailscanner machine on a PC that is suffering badly with heaps > of viruses and i would love to know how to find out how many or what > type of infections etc? Are you thinking of the "vnames.pl" script which produces a bullet-list of viruses caught and a tally for each infection? http://web.csma.biz/apps/vnames.shtml HTH, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 08:23:56 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:46 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS again. This last happened with 4.35.11-1 back in December. It was fixed by updating to the latest RedHat AS/ES 3 kernel. I have not updated the kernel since I installed 4.38.9-1 which worked OK. I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. Locking has been defaulting to "flock". Changing it to "posix" does not stop the re-scanning of the same messages. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 08:43:07 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] thanks - thats good, pity it emails instead of out to the screen. Anyone have any idea what the settings are for bitdefender? Pete James Gray wrote: > On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > >>IN the past i remember some one haviong a cool script/command that would >>show you stats on infections? >> >>I ahve a mailscanner machine on a PC that is suffering badly with heaps >>of viruses and i would love to know how to find out how many or what >>type of infections etc? > > > Are you thinking of the "vnames.pl" script which produces a bullet-list of > viruses caught and a tally for each infection? > > http://web.csma.biz/apps/vnames.shtml > > HTH, > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 10:13:56 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: In addition to the locking problem I reported with 4.39.5 I also note that the MailScanner processes are becoming "defunct". There is no indication of a problem in the MailScanner log. However the "messages" file is repeatedly logging: Mar 2 10:06:49 cheviot7 root: Process did not exit cleanly, returned 25 with signal 0 Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 02 March 2005 08:24 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: 4.39.5-1 - is sendmail locking broken again? > >With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS >again. This last happened with 4.35.11-1 back in December. It was fixed >by updating to the latest RedHat AS/ES 3 kernel. > >I have not updated the kernel since I installed 4.38.9-1 which worked >OK. > >I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. > >Locking has been defaulting to "flock". Changing it to "posix" does not >stop the re-scanning of the same messages. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:08:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Switch into Debug mode and see what it says. Quentin Campbell wrote: >In addition to the locking problem I reported with 4.39.5 I also note >that the MailScanner processes are becoming "defunct". There is no >indication of a problem in the MailScanner log. > >However the "messages" file is repeatedly logging: > >Mar 2 10:06:49 cheviot7 root: Process did not exit cleanly, returned 25 >with signal 0 > > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 02 March 2005 08:24 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: 4.39.5-1 - is sendmail locking broken again? >> >>With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS >>again. This last happened with 4.35.11-1 back in December. It was fixed >>by updating to the latest RedHat AS/ES 3 kernel. >> >>I have not updated the kernel since I installed 4.38.9-1 which worked >>OK. >> >>I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. >> >>Locking has been defaulting to "flock". Changing it to "posix" does not >>stop the re-scanning of the same messages. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get its own." >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 11:19:03 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: J >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 11:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Switch into Debug mode and see what it says. > [snip] Julian You won't believe this but I am seeing the same problem that you fixed yesterday and incorporated into 4.39.5! I have checked Message.pm to make sure the fix is there. I am debugging MailScanner with just one job in the queue. It is not the same one (with the broken zip file) that I tested 4.39.5 with late yesterday before putting it into production. I am seeing in Debug mode: [root@cheviot7 mqueue.in]# check_mailscanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock Can't call method "print" on an undefined value at /usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. [root@cheviot7 mqueue.in]# Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Wed Mar 2 11:15:13 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi guys, has any one bought the MailScanner in US, how many days it takes to ship over there. I am pretty confused whether I should ask for shipment in India or in US. Can anybody give me an approximate time frame. I need it shipped in 3 weeks, will I get the delivery in US in that duration. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== It doesn't matter who you are, it's what you do that takes you far ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:33:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In which case please send me the message, together with a list of exactly what configuration changes you have made from the default installation. Quentin Campbell wrote: >J > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:08 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Switch into Debug mode and see what it says. >> >> >> >[snip] > >Julian > >You won't believe this but I am seeing the same problem that you fixed >yesterday and incorporated into 4.39.5! I have checked Message.pm to >make sure the fix is there. > >I am debugging MailScanner with just one job in the queue. It is not the >same one (with the broken zip file) that I tested 4.39.5 with late >yesterday before putting it into production. > >I am seeing in Debug mode: > >[root@cheviot7 mqueue.in]# check_mailscanner >Starting MailScanner... >In Debugging mode, not forking... >SA bayes lock is /root/.spamassassin/bayes.lock >Bayes lock is at /root/.spamassassin/bayes.lock >Can't call method "print" on an undefined value at >/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. >[root@cheviot7 mqueue.in]# > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 11:31:46 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant .org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As far as I can check (see /usr/share/spamassassin/20_dnsbl_tests.cf and /usr/share/spamassassin/50_scores.cf) this has already been disabled in SA 3.01 and up. Adri. > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 01 March, 2005 18:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Maybe OT: lame server resolving > 'x.x.x.x.ipwhois.rfc-ignorant.org' > > > Michele Neylon :: Blacknight Solutions wrote: > > >>>>RCVD_IN_RFCI 0.0 > >>>> > >>>> > >>>> > >>>You need to define it first or it will break :) > >>> > >>> > >>> > >>What do you mean define it first? > >> > >> > >> > >If you want to refer to a DNS check in > spam.assassin.prefs.conf it needs to > >be defined in spam.lists.conf otherwise linting the rules > will fail :) > > > > > No it doesn't. The DNS checks done by SpamAssassin are totally > independent of spam.lists.conf. In SpamAssassin 3 this rule has been > renamed and you now need > > # JKF 01/03/2005 - rfcignorant list is dead > score RCVD_IN_RFC_IPWHOIS 0 > > in spam.assassin.prefs.conf. > > You will need to restart MailScanner after making this change. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:32:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you mean the book? It should take about 5 days in the US (theoretically) and 2 to 3 weeks worldwide. P.S. Like your sig, it's more true than most people realise :-) Rakesh wrote: > Hi guys, > > has any one bought the MailScanner in US, how many days it takes to ship > over there. I am pretty confused whether I should ask for shipment in > India or in US. Can anybody give me an approximate time frame. I need it > shipped in 3 weeks, will I get the delivery in US in that duration. > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > It doesn't matter who you are, it's what you do that takes you far > ======================================================================== -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:38:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please apply these 2 patches: -----SNIP----- --- Message.pm.old 2005-03-01 09:01:52.000000000 +0000 +++ Message.pm 2005-03-02 11:36:01.000000000 +0000 @@ -840,6 +840,8 @@ 'X-Mailer' => undef, Data => \@original)); + # Prune all the dead branches off the tree + PruneEntityTree($bounce); # Stringify the message and send it -- this could be VERY large! my $bouncetext = $bounce->stringify; #print STDERR "Spam bounce message is this:\n$bouncetext"; -----SNIP----- -----SNIP----- --- MCPMessage.pm.old 2005-01-27 11:39:46.000000000 +0000 +++ MCPMessage.pm 2005-03-02 11:36:24.000000000 +0000 @@ -545,6 +545,8 @@ Data => \@original)); # Stringify the message and send it -- this could be VERY large! + # Prune all the dead branches off the tree + PruneEntityTree($bounce); my $bouncetext = $bounce->stringify; #print STDERR "Spam bounce message is this:\n$bouncetext"; if ($bouncetext) { -----SNIP----- Let me know if these help. Quentin Campbell wrote: >J > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:08 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Switch into Debug mode and see what it says. >> >> >> >[snip] > >Julian > >You won't believe this but I am seeing the same problem that you fixed >yesterday and incorporated into 4.39.5! I have checked Message.pm to >make sure the fix is there. > >I am debugging MailScanner with just one job in the queue. It is not the >same one (with the broken zip file) that I tested 4.39.5 with late >yesterday before putting it into production. > >I am seeing in Debug mode: > >[root@cheviot7 mqueue.in]# check_mailscanner >Starting MailScanner... >In Debugging mode, not forking... >SA bayes lock is /root/.spamassassin/bayes.lock >Bayes lock is at /root/.spamassassin/bayes.lock >Can't call method "print" on an undefined value at >/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. >[root@cheviot7 mqueue.in]# > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 11:33:11 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I received it in Brazil in less than 3 weeks... I imagine in US the deliver is much faster than that... ----- Original Message ----- From: "Rakesh" To: Sent: Wednesday, March 02, 2005 8:15 AM Subject: shipment time for the MailScanner book > Hi guys, > > has any one bought the MailScanner in US, how many days it takes to ship > over there. I am pretty confused whether I should ask for shipment in > India or in US. Can anybody give me an approximate time frame. I need it > shipped in 3 weeks, will I get the delivery in US in that duration. > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > It doesn't matter who you are, it's what you do that takes you far > ======================================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:06:44 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 11:33 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >In which case please send me the message, together with a list of >exactly what configuration changes you have made from the default >installation. > [snip] Julian The same configuration change as before is causing the problem. It is the default "deliver attachment" action in %rules-dir%/Spam_Actions.rules. If I just make that action "deliver" then 4.39.5 works OK. The message's qf/df files that will repeat the problem can be found at ftp://unix.ncl.ac.uk/pub/users/nqgc. They are the ones with QID j21Kcajg023214. This message is both spam and carries a virus so in that regard it is similar to the previous message that caused problems with 4.39.4. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 12:12:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:33 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>In which case please send me the message, together with a list of >>exactly what configuration changes you have made from the default >>installation. >> >> >> >[snip] > >Julian > >The same configuration change as before is causing the problem. It is >the default "deliver attachment" action in >%rules-dir%/Spam_Actions.rules. > >If I just make that action "deliver" then 4.39.5 works OK. > >The message's qf/df files that will repeat the problem can be found at >ftp://unix.ncl.ac.uk/pub/users/nqgc. They are the ones with QID >j21Kcajg023214. > >This message is both spam and carries a virus so in that regard it is >similar to the previous message that caused problems with 4.39.4. > > Did my patches help? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:15:04 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [snip] >Did my patches help? Julian Am about to try them. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 12:24:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh, and with "deliver attachment" I can't reproduce the problem :-( Quentin Campbell wrote: >[snip] > > >>Did my patches help? >> >> > >Julian > >Am about to try them. > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:42:49 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 12:24 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Oh, and with "deliver attachment" I can't reproduce the problem :-( > [snip] Julian The patches to Message.pm and MCPMessage.pm make no difference. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 13:23:56 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Martin Hepworth > Sent: Tuesday, March 01, 2005 4:12 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > It's important to note that ClamAV only supports RAR v2, so the answer is: Uncomment the ScanRar line in the config file but pass the --unrar[=FULLPATH] option (and of course have the latest unrar) if you really want to handle rar files because v2 is quite old and not likely to be used much anymore. If you are using clamavmodule then you cannot use the external unrar (which is why I patch my MS versions with specific unrar code/function every release). Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 13:28:59 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick, Have you send you patches of to Julian?? There might be more people interested to have unrar functionality in MailScanner. Adri. > -----Original Message----- > From: Rick Cooper [mailto:rcooper@DWFORD.COM] > Sent: 02 March, 2005 14:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Martin Hepworth > > Sent: Tuesday, March 01, 2005 4:12 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Beta release 4.39.4 > > > > > > Does it do rar extraction by default???? Looking at the docs I'm not > > sure it does. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > It's important to note that ClamAV only supports RAR v2, so > the answer is: > > Uncomment the ScanRar line in the config file > > but pass the --unrar[=FULLPATH] option (and of course have > the latest unrar) > if you really want to handle rar files because v2 is quite old and not > likely to be used much anymore. If you are using clamavmodule then you > cannot use the external unrar (which is why I patch my MS > versions with > specific unrar code/function every release). > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 14:02:53 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Adri Koppes > Sent: Wednesday, March 02, 2005 8:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Rick, > > Have you send you patches of to Julian?? > There might be more people interested to have unrar functionality in > MailScanner. > > Adri. > Yes, I sent several last year (you will see part of the Unrar code commented out in Message.pm) and he used a few but did not use (I sent five or six): Logging the actual recipient(s) in the log (standard does host only), as well as the subject in a fairly easy to parse format, all the new stuff is placed at the end of the standard log line. UnpackRar code that function does the same as the UnPackZip function does. Is used if unrar is somewhere on your path, skipped if it is not. This also allows the filename/type checks to work the same as with zip files Code to handle archives with duplicate file names as the archive (nested also). I am not sure if Julian ever worked this out himself or not, I never saw mention of it again after I pointed out the MS would skip this condition. For instance if an attachment File.Zip contains a file named File.Zip MS will skip it and not unpack it (because it thinks it already did). My work around is not elegant (I prepend a time stamp to the file name). The problem with this approach is it would break some file name checks, if they are very specific, but it gets the file checked at least. I also wrote a patch that allows you to have different file name/type rules/rulesets for files contained within archives as opposed to just disabling unpacking and checking archives if you need to pass certain files in archives that you do not pass raw. I can understand why he skipped the logging thing, it changes the entire format of the spam logging line, but with that information I can send myself reports of what was tagged as spam that include the sender, recipients, scoring information and subject, and ninety out of a hundred times I don't have to bother looking at the message to determine if it truly is spam or not. I also know he is not in favor of having two sets of file name/type rules, one for raw and one for archives, because he fears it would be to complicated for some admins... So I understand that one. I can understand the code to handle file names that are duplicated within an archive (the file name/type checks) but it seems a big hole in security to me. I never heard why he didn't use the Unpack Rar code, and I never understood why it wasn't used. So I just make new patches every time a new release comes out, I apply them and propagate the patched version to all my mail servers. Kind of sucks when there are a lot of major changes though. I wish they were all in there so I didn't have to mess with it, but I think Julian has pretty good vision so I am sure there is a good reason why they didn't "make the cut", perhaps they are just to specific to my needs/wants Rick > > -----Original Message----- > > From: Rick Cooper [mailto:rcooper@DWFORD.COM] > > Sent: 02 March, 2005 14:24 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Beta release 4.39.4 > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Martin Hepworth > > > Sent: Tuesday, March 01, 2005 4:12 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Beta release 4.39.4 > > > > > > > > > Does it do rar extraction by default???? Looking at the docs I'm not > > > sure it does. > > > > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > It's important to note that ClamAV only supports RAR v2, so > > the answer is: > > > > Uncomment the ScanRar line in the config file > > > > but pass the --unrar[=FULLPATH] option (and of course have > > the latest unrar) > > if you really want to handle rar files because v2 is quite old and not > > likely to be used much anymore. If you are using clamavmodule then you > > cannot use the external unrar (which is why I patch my MS > > versions with > > specific unrar code/function every release). > > > > Rick > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:14:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found and fixed. My recursion code was utter rubbish :-) Please apply the attached patch to Message.pm. Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 12:24 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Oh, and with "deliver attachment" I can't reproduce the problem :-( >> >> >> >[snip] > >Julian > >The patches to Message.pm and MCPMessage.pm make no difference. > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.5KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:18:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I always try to at least reply, but good ideas do get lost sometimes. The unrar code would require another timeout wrapper round it, which I would have to copy from elsewhere, so it isn't trivial. I can't remember if I came up with a solution to the duplicated filenames problem or not, it was quite a long time ago. Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Adri Koppes >>Sent: Wednesday, March 02, 2005 8:29 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Beta release 4.39.4 >> >> >>Rick, >> >>Have you send you patches of to Julian?? >>There might be more people interested to have unrar functionality in >>MailScanner. >> >>Adri. >> >> >> > >Yes, I sent several last year (you will see part of the Unrar code commented >out in Message.pm) and he used a few but did not use (I sent five or six): > > Logging the actual recipient(s) in the log (standard does host only), as >well as the subject in a fairly easy > to parse format, all the new stuff is placed at the end of the standard log >line. > > UnpackRar code that function does the same as the UnPackZip function does. >Is used if unrar is > somewhere on your path, skipped if it is not. This also allows the >filename/type checks to work > the same as with zip files > > Code to handle archives with duplicate file names as the archive (nested >also). I am not sure if Julian > ever worked this out himself or not, I never saw mention of it again after >I pointed out the MS would > skip this condition. For instance if an attachment File.Zip contains a file >named File.Zip MS will skip > it and not unpack it (because it thinks it already did). My work around is >not elegant > (I prepend a time stamp to the file name). The problem with this approach >is it would break some file > name checks, if they are very specific, but it gets the file checked at >least. > >I also wrote a patch that allows you to have different file name/type >rules/rulesets for files contained within archives as opposed to just >disabling unpacking and checking archives if you need to pass certain files >in archives that you do not pass raw. > >I can understand why he skipped the logging thing, it changes the entire >format of the spam logging line, but with that information I can send myself >reports of what was tagged as spam that include the sender, recipients, >scoring information and subject, and ninety out of a hundred times I don't >have to bother looking at the message to determine if it truly is spam or >not. > >I also know he is not in favor of having two sets of file name/type rules, >one for raw and one for archives, because he fears it would be to >complicated for some admins... So I understand that one. > >I can understand the code to handle file names that are duplicated within an >archive (the file name/type checks) but it seems a big hole in security to >me. > >I never heard why he didn't use the Unpack Rar code, and I never understood >why it wasn't used. > >So I just make new patches every time a new release comes out, I apply them >and propagate the patched version to all my mail servers. Kind of sucks when >there are a lot of major changes though. I wish they were all in there so I >didn't have to mess with it, but I think Julian has pretty good vision so I >am sure there is a good reason why they didn't "make the cut", perhaps they >are just to specific to my needs/wants > >Rick > > > >>>-----Original Message----- >>>From: Rick Cooper [mailto:rcooper@DWFORD.COM] >>>Sent: 02 March, 2005 14:24 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Beta release 4.39.4 >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>Behalf Of Martin Hepworth >>>>Sent: Tuesday, March 01, 2005 4:12 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Beta release 4.39.4 >>>> >>>> >>>>Does it do rar extraction by default???? Looking at the docs I'm not >>>>sure it does. >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>It's important to note that ClamAV only supports RAR v2, so >>>the answer is: >>> >>> Uncomment the ScanRar line in the config file >>> >>>but pass the --unrar[=FULLPATH] option (and of course have >>>the latest unrar) >>>if you really want to handle rar files because v2 is quite old and not >>>likely to be used much anymore. If you are using clamavmodule then you >>>cannot use the external unrar (which is why I patch my MS >>>versions with >>>specific unrar code/function every release). >>> >>>Rick >>> >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 14:23:42 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Seems a dumb question, but how do I make a rule to deny files with the names: price8.zip price2.zip price.zip price*\.zip$ is not working. What is the correct sintax? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 14:25:04 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, If you have time, it would be nice to integrate the UnpackRar functions. I get quite a few rar files as attachments and can't automatically scan them for executable content, bad file types etc. My current solution is far from elegant. I just block the .rar extension. I never found out why it wouldn't block on filetype, eventhough I have added the type to filetype.rules.conf as: deny RAR No RAR Archives No RAR Archives allowed The blocked messages+attachtments are then quarantined and I can manually check before relasing them to the user, if he requests them. Best regards, Adri. > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 02 March, 2005 15:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > I always try to at least reply, but good ideas do get lost sometimes. > The unrar code would require another timeout wrapper round it, which I > would have to copy from elsewhere, so it isn't trivial. > I can't remember if I came up with a solution to the duplicated > filenames problem or not, it was quite a long time ago. > > Rick Cooper wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Adri Koppes > >>Sent: Wednesday, March 02, 2005 8:29 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Beta release 4.39.4 > >> > >> > >>Rick, > >> > >>Have you send you patches of to Julian?? > >>There might be more people interested to have unrar functionality in > >>MailScanner. > >> > >>Adri. > >> > >> > >> > > > >Yes, I sent several last year (you will see part of the > Unrar code commented > >out in Message.pm) and he used a few but did not use (I sent > five or six): > > > > Logging the actual recipient(s) in the log (standard > does host only), as > >well as the subject in a fairly easy > > to parse format, all the new stuff is placed at the > end of the standard log > >line. > > > > UnpackRar code that function does the same as the > UnPackZip function does. > >Is used if unrar is > > somewhere on your path, skipped if it is not. This > also allows the > >filename/type checks to work > > the same as with zip files > > > > Code to handle archives with duplicate file names as > the archive (nested > >also). I am not sure if Julian > > ever worked this out himself or not, I never saw > mention of it again after > >I pointed out the MS would > > skip this condition. For instance if an attachment > File.Zip contains a file > >named File.Zip MS will skip > > it and not unpack it (because it thinks it already > did). My work around is > >not elegant > > (I prepend a time stamp to the file name). The > problem with this approach > >is it would break some file > > name checks, if they are very specific, but it gets > the file checked at > >least. > > > >I also wrote a patch that allows you to have different file name/type > >rules/rulesets for files contained within archives as opposed to just > >disabling unpacking and checking archives if you need to > pass certain files > >in archives that you do not pass raw. > > > >I can understand why he skipped the logging thing, it > changes the entire > >format of the spam logging line, but with that information I > can send myself > >reports of what was tagged as spam that include the sender, > recipients, > >scoring information and subject, and ninety out of a hundred > times I don't > >have to bother looking at the message to determine if it > truly is spam or > >not. > > > >I also know he is not in favor of having two sets of file > name/type rules, > >one for raw and one for archives, because he fears it would be to > >complicated for some admins... So I understand that one. > > > >I can understand the code to handle file names that are > duplicated within an > >archive (the file name/type checks) but it seems a big hole > in security to > >me. > > > >I never heard why he didn't use the Unpack Rar code, and I > never understood > >why it wasn't used. > > > >So I just make new patches every time a new release comes > out, I apply them > >and propagate the patched version to all my mail servers. > Kind of sucks when > >there are a lot of major changes though. I wish they were > all in there so I > >didn't have to mess with it, but I think Julian has pretty > good vision so I > >am sure there is a good reason why they didn't "make the > cut", perhaps they > >are just to specific to my needs/wants > > > >Rick > > > > > > > >>>-----Original Message----- > >>>From: Rick Cooper [mailto:rcooper@DWFORD.COM] > >>>Sent: 02 March, 2005 14:24 > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: Beta release 4.39.4 > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>>>Behalf Of Martin Hepworth > >>>>Sent: Tuesday, March 01, 2005 4:12 AM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Re: Beta release 4.39.4 > >>>> > >>>> > >>>>Does it do rar extraction by default???? Looking at the > docs I'm not > >>>>sure it does. > >>>> > >>>> > >>>>-- > >>>>Martin Hepworth > >>>>Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>> > >>>It's important to note that ClamAV only supports RAR v2, so > >>>the answer is: > >>> > >>> Uncomment the ScanRar line in the config file > >>> > >>>but pass the --unrar[=FULLPATH] option (and of course have > >>>the latest unrar) > >>>if you really want to handle rar files because v2 is quite > old and not > >>>likely to be used much anymore. If you are using > clamavmodule then you > >>>cannot use the external unrar (which is why I patch my MS > >>>versions with > >>>specific unrar code/function every release). > >>> > >>>Rick > >>> > >>> > >>>-- > >>>This message has been scanned for viruses and > >>>dangerous content by MailScanner, and is > >>>believed to be clean. > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >> > >> > >> > >> > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:29:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are pleased to announce SMGateway, the first Secure Mail Gateway product from Fortress Systems Ltd. SMGateway is based on MailScanner, the world's most widely used e-mail gateway application. SMGateway employs MailScanner in conjunction with SpamAssassin, ClamAV and your choice of additional commercial virus scanners to provide the most effective, easy to use, anti-spam and anti-virus solution available. Fortress SMGateway has all of the functionality provided by MailScanner and SpamAssassin plus extensions and enhancements to provide a simple web based interface for users and administrators. These added features allow administrators to more easily install, control and configure e-mail gateway operations while allowing users and administrators to set their own spam preferences. SMGateway provides a web based administrative interface which allows administrators to easily: . Configure MailScanner including rule sets . Configure e-mail forwarding to any type of Mailhub . Setup multiple domains forwarding to different mailhubs . Roll-back to previous configurations . Easily backup configurations . Validate user on mailhub before acceptance of e-mail on gateway . Configure allowed file names and file types for attachments The Web based interface also allows the site administrator, domain administrators and individual users to easily set their own spam preferences, and administer white and black lists. Authentication to the web interface is provided for three levels of users: . Site administrators are allowed to set and change any configuration data for the entire site. . Domain administrators are allowed to set and change spam preferences, white and black lists for their specific domains. . Users are able to set their own spam preferences, white and black lists. The user's logon to the user web interface for setting individual or site preferences is automatically authenticated against their Microsoft Active Directory or any POP or IMAP mailhub. There is no need to setup or administer user accounts or logins on the gateway. SMGateway includes MailWatch for MailScanner, a real-time console for MailScanner. MailWatch provides a web based interface for: . Individual Message tracking . Release of messages from quarantine . Feeding ham (not-spam) and spam to the Bayesian filter . E-mail and Spam reporting and statistics . Real time message queuing statistics. SMGateway automatically installs and configures additional applications to help identify spam and viruses: . ClamAV is a highly regarded Open Source Virus Scanner . DCC (Distributed Checksum Clearinghouse) is a System of clients and servers that collect and count checksums of e-mail messages in order to detect spam . Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages . Razor2 is a distributed, collaborative, spam detection and filtering Network SMGateway supports the simultaneous use of multiple virus scanners including: . AntiVir . AVG . BitDefender . ClamAV . Command . CSS . DrWeb . eTrust . F-Prot . F-Secure . Inoculan . Inoculate . Kaspersky . McAfee . Nod32 . Norman . Panda . Sophos . SYMSymscan . Trend . Vexira SMGateway is currently supported only on a clean minimal installation of Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be available shortly. The installation of MailScanner and all related applications takes approximately 5 minutes. Configuration for most common setups should take less than one hour. Known Limitations in this version include: . Web configuration of per domain and per user allowed filenames and filetypes is not possible from the GUI. . Release from quarantine using the MailWatch interface is only allowed for the site administrator. Pricing and Support SMGateway is available for download from our web site at no charge. Fortress systems does provide and charge for support and updates. To maintain a reliable business e-mail system, we strongly advise you purchase SMGateway in conjunction with a support package: Package 1: Web support; 12 hour response SLA and 1 year of updates US $849.00 Package 2: 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates US $1,648.00 Package 3: 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates US $2,547.00 Rapid and high quality support is vital in any modern business system. We provide a range of support packages at standard prices. Please do not hesitate to contact us if you require a support contract that is not listed here. To ensure we can give all customers who purchase support a very high quality of service, we are restricting the number of support packages that we sell. Support packages will be sold starting next Monday, March 7, on a "first come, first served" basis, and we will limit sales to avoid compromising our ability to provide high quality services. Please visit our web site for additional information on SMGateway: http://www.fsl.com/products/SMGateway_release.html To download please visit: http://www.fsl.com/company/register.php For detailed information on features and operations, please download the manual: http://www.fsl.com/support/Fortress-SMGateway-manual.pdf For information on a soon to be released appliance that utilizes a custom version of SMGateway, please visit: http://www.optimati.com We hope you will find our efforts to be of value to you and your organization. -- Julian Field and Stephen Swaney Chief Technology Officer and Chief Operating Officer Fortress Systems Ltd www.FSL.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:31:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] price[28]?\.zip$ Roger Jochem wrote: > Seems a dumb question, but how do I make a rule to deny files with the > names: > > price8.zip > price2.zip > price.zip > > price*\.zip$ is not working. What is the correct sintax? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 14:34:26 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, March 02, 2005 11:31 AM Subject: Re: Deny > price[28]?\.zip$ > > Roger Jochem wrote: > > Seems a dumb question, but how do I make a rule to deny files with the > > names: > > > > price8.zip > > price2.zip > > price.zip > > > > price*\.zip$ is not working. What is the correct sintax? > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Wed Mar 2 14:37:24 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:47 2006 Subject: Is it time to upgrade? Message-ID: I am running MailScanner version 4.36.4. What are the major benfits from updating to the lastest version 4.39.5? Thanks -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:45:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Is it time to upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read the Change Log at www.sng.ecs.soton.ac.uk/mailscanner/ChangeLog and see if any of it sounds useful to you. David Ballengee wrote: > I am running MailScanner version 4.36.4. > > What are the major benfits from updating to the lastest version 4.39.5? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at MINTRA.COM Wed Mar 2 14:47:10 2005 From: john at MINTRA.COM (John Adams) Date: Thu Jan 12 21:28:47 2006 Subject: Mail vanishes after hitting first MTA Message-ID: Thankyou for your response We have been missleading in our original post. We thought that the mails were not entering the mailscanner system as they were not showing in the mailwatch interface, on a search for recipient. However hey do actually appear if we search for sender. So if the mailscanner has successfully processed the mail and said it is clean. Indeed it does appear to be an MTA issue. We have looked at this and it seems that sendmail is set by default to. block unresolvable domains block unqualified senders So what happens is the mail get forwareded to the o2 mail server and the user reads it. The cc and other copy get dropped by the MTA without notification. This is because the the domains are not resolvable as they are in United Arab Emerates or Brasil, through timeous. We will make sendmail so that it does not block unresolvable and unqualified and hope that all the mailscanner will have remove unwanted stuff. I hope this works and has now undesirable effects. Fedora Core 1 Sendmail 8.12.10 Mailscanner 4.38.10-1 Spamassasin 2.63 Mailwatch 0.5.1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmaluski at n1ety.com Wed Mar 2 15:24:01 2005 From: dmaluski at n1ety.com (Dean Maluski) Date: Thu Jan 12 21:28:47 2006 Subject: Mysql Logging Message-ID: Tried setting up mysql logging based on maq. I'm not seeing any errors in logfile but I'm not getting updates in mysql mailscanner table after restarting mailscanner. Sorry for newbie question, I ordered the book a half hour ago. I did read entire contents of mysql FAQ and used both methods. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Mar 2 15:52:47 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, You know that we are all going to try install it on "other" os platforms ;-) Lance Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. > > SMGateway is based on MailScanner, the world's most widely used e-mail > gateway application. SMGateway employs MailScanner in conjunction with > SpamAssassin, ClamAV and your choice of additional commercial virus > scanners to provide the most effective, easy to use, anti-spam and > anti-virus solution available. > > Fortress SMGateway has all of the functionality provided by MailScanner > and SpamAssassin plus extensions and enhancements to provide a simple > web based interface for users and administrators. These added features > allow administrators to more easily install, control and configure > e-mail gateway operations while allowing users and administrators to set > their own spam preferences. > > SMGateway provides a web based administrative interface which allows > administrators to easily: > > .. Configure MailScanner including rule sets > .. Configure e-mail forwarding to any type of Mailhub > .. Setup multiple domains forwarding to different mailhubs > .. Roll-back to previous configurations > .. Easily backup configurations > .. Validate user on mailhub before acceptance of e-mail on gateway > .. Configure allowed file names and file types for attachments > > The Web based interface also allows the site administrator, domain > administrators and individual users to easily set their own spam > preferences, and administer white and black lists. > > Authentication to the web interface is provided for three levels of > users: > > .. Site administrators are allowed to set and change any configuration > data for the entire site. > > .. Domain administrators are allowed to set and change spam preferences, > white and black lists for their specific domains. > > .. Users are able to set their own spam preferences, white and black > lists. > > The user's logon to the user web interface for setting individual or > site preferences is automatically authenticated against their Microsoft > Active Directory or any POP or IMAP mailhub. There is no need to setup > or administer user accounts or logins on the gateway. > > SMGateway includes MailWatch for MailScanner, a real-time console for > MailScanner. MailWatch provides a web based interface for: > > .. Individual Message tracking > .. Release of messages from quarantine > .. Feeding ham (not-spam) and spam to the Bayesian filter > .. E-mail and Spam reporting and statistics > .. Real time message queuing statistics. > > SMGateway automatically installs and configures additional applications > to help identify spam and viruses: > > .. ClamAV is a highly regarded Open Source Virus Scanner > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > servers that collect and count checksums of e-mail messages in order to > detect spam > > .. Pyzor is a collaborative, networked system to detect and block spam > using identifying digests of messages > > .. Razor2 is a distributed, collaborative, spam detection and filtering > Network > > SMGateway supports the simultaneous use of multiple virus scanners > including: > > .. AntiVir > .. AVG > .. BitDefender > .. ClamAV > .. Command > .. CSS > .. DrWeb > .. eTrust > .. F-Prot > .. F-Secure > .. Inoculan > .. Inoculate > .. Kaspersky > .. McAfee > .. Nod32 > .. Norman > .. Panda > .. Sophos > .. SYMSymscan > .. Trend > .. Vexira > > SMGateway is currently supported only on a clean minimal installation of > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > available shortly. > > The installation of MailScanner and all related applications takes > approximately 5 minutes. Configuration for most common setups should > take less than one hour. > Known Limitations in this version include: > > .. Web configuration of per domain and per user allowed filenames and > filetypes is not possible from the GUI. > > .. Release from quarantine using the MailWatch interface is only allowed > for the site administrator. > > Pricing and Support > > SMGateway is available for download from our web site at no charge. > Fortress systems does provide and charge for support and updates. To > maintain a reliable business e-mail system, we strongly advise you > purchase SMGateway in conjunction with a support package: > > Package 1: > Web support; 12 hour response SLA and 1 year of updates > US $849.00 > > Package 2: > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > US $1,648.00 > > Package 3: > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > US $2,547.00 > > Rapid and high quality support is vital in any modern business system. > We provide a range of support packages at standard prices. Please do not > hesitate to contact us if you require a support contract that is not > listed here. > > To ensure we can give all customers who purchase support a very high > quality of service, we are restricting the number of support packages > that we sell. Support packages will be sold starting next Monday, March > 7, on a "first come, first served" basis, and we will limit sales to > avoid compromising our ability to provide high quality services. > > Please visit our web site for additional information on SMGateway: > > http://www.fsl.com/products/SMGateway_release.html > > To download please visit: > > http://www.fsl.com/company/register.php > > For detailed information on features and operations, please download the > manual: > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > For information on a soon to be released appliance that utilizes a > custom version of SMGateway, please visit: > > http://www.optimati.com > > We hope you will find our efforts to be of value to you and your > organization. > > -- > Julian Field and Stephen Swaney > Chief Technology Officer and Chief Operating Officer > Fortress Systems Ltd > www.FSL.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 2 16:18:59 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Is the package pricing below per machine? I think I'd like to switch to it, but I would only want the minimal support package, but I have multiple mailscanner boxes (on each incoming MX, and my outbound relays, with redundant boxes standing by for each). Even the base package would probably get costly for me. Regards Michael Baird > Julian, > > You know that we are all going to try install it on "other" os platforms ;-) > > Lance > > Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > > > SMGateway is based on MailScanner, the world's most widely used e-mail > > gateway application. SMGateway employs MailScanner in conjunction with > > SpamAssassin, ClamAV and your choice of additional commercial virus > > scanners to provide the most effective, easy to use, anti-spam and > > anti-virus solution available. > > > > Fortress SMGateway has all of the functionality provided by MailScanner > > and SpamAssassin plus extensions and enhancements to provide a simple > > web based interface for users and administrators. These added features > > allow administrators to more easily install, control and configure > > e-mail gateway operations while allowing users and administrators to set > > their own spam preferences. > > > > SMGateway provides a web based administrative interface which allows > > administrators to easily: > > > > .. Configure MailScanner including rule sets > > .. Configure e-mail forwarding to any type of Mailhub > > .. Setup multiple domains forwarding to different mailhubs > > .. Roll-back to previous configurations > > .. Easily backup configurations > > .. Validate user on mailhub before acceptance of e-mail on gateway > > .. Configure allowed file names and file types for attachments > > > > The Web based interface also allows the site administrator, domain > > administrators and individual users to easily set their own spam > > preferences, and administer white and black lists. > > > > Authentication to the web interface is provided for three levels of > > users: > > > > .. Site administrators are allowed to set and change any configuration > > data for the entire site. > > > > .. Domain administrators are allowed to set and change spam preferences, > > white and black lists for their specific domains. > > > > .. Users are able to set their own spam preferences, white and black > > lists. > > > > The user's logon to the user web interface for setting individual or > > site preferences is automatically authenticated against their Microsoft > > Active Directory or any POP or IMAP mailhub. There is no need to setup > > or administer user accounts or logins on the gateway. > > > > SMGateway includes MailWatch for MailScanner, a real-time console for > > MailScanner. MailWatch provides a web based interface for: > > > > .. Individual Message tracking > > .. Release of messages from quarantine > > .. Feeding ham (not-spam) and spam to the Bayesian filter > > .. E-mail and Spam reporting and statistics > > .. Real time message queuing statistics. > > > > SMGateway automatically installs and configures additional applications > > to help identify spam and viruses: > > > > .. ClamAV is a highly regarded Open Source Virus Scanner > > > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > > servers that collect and count checksums of e-mail messages in order to > > detect spam > > > > .. Pyzor is a collaborative, networked system to detect and block spam > > using identifying digests of messages > > > > .. Razor2 is a distributed, collaborative, spam detection and filtering > > Network > > > > SMGateway supports the simultaneous use of multiple virus scanners > > including: > > > > .. AntiVir > > .. AVG > > .. BitDefender > > .. ClamAV > > .. Command > > .. CSS > > .. DrWeb > > .. eTrust > > .. F-Prot > > .. F-Secure > > .. Inoculan > > .. Inoculate > > .. Kaspersky > > .. McAfee > > .. Nod32 > > .. Norman > > .. Panda > > .. Sophos > > .. SYMSymscan > > .. Trend > > .. Vexira > > > > SMGateway is currently supported only on a clean minimal installation of > > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > > available shortly. > > > > The installation of MailScanner and all related applications takes > > approximately 5 minutes. Configuration for most common setups should > > take less than one hour. > > Known Limitations in this version include: > > > > .. Web configuration of per domain and per user allowed filenames and > > filetypes is not possible from the GUI. > > > > .. Release from quarantine using the MailWatch interface is only allowed > > for the site administrator. > > > > Pricing and Support > > > > SMGateway is available for download from our web site at no charge. > > Fortress systems does provide and charge for support and updates. To > > maintain a reliable business e-mail system, we strongly advise you > > purchase SMGateway in conjunction with a support package: > > > > Package 1: > > Web support; 12 hour response SLA and 1 year of updates > > US $849.00 > > > > Package 2: > > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > > US $1,648.00 > > > > Package 3: > > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > > US $2,547.00 > > > > Rapid and high quality support is vital in any modern business system. > > We provide a range of support packages at standard prices. Please do not > > hesitate to contact us if you require a support contract that is not > > listed here. > > > > To ensure we can give all customers who purchase support a very high > > quality of service, we are restricting the number of support packages > > that we sell. Support packages will be sold starting next Monday, March > > 7, on a "first come, first served" basis, and we will limit sales to > > avoid compromising our ability to provide high quality services. > > > > Please visit our web site for additional information on SMGateway: > > > > http://www.fsl.com/products/SMGateway_release.html > > > > To download please visit: > > > > http://www.fsl.com/company/register.php > > > > For detailed information on features and operations, please download the > > manual: > > > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > > > For information on a soon to be released appliance that utilizes a > > custom version of SMGateway, please visit: > > > > http://www.optimati.com > > > > We hope you will find our efforts to be of value to you and your > > organization. > > > > -- > > Julian Field and Stephen Swaney > > Chief Technology Officer and Chief Operating Officer > > Fortress Systems Ltd > > www.FSL.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 16:19:20 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 14:15 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Found and fixed. My recursion code was utter rubbish :-) > >Please apply the attached patch to Message.pm. > Julian Thanks. It works now. How did you manage to recreate the problem at your end? Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 2 16:22:08 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: BTW, your download form wouldn't let me enter my information when I specified my Company Name, it responded with a javascript error no matter how I entered it, until I left it blank, at which point I received the success page. Regards Michael Baird > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > > > SMGateway is based on MailScanner, the world's most widely used e-mail > > gateway application. SMGateway employs MailScanner in conjunction with > > SpamAssassin, ClamAV and your choice of additional commercial virus > > scanners to provide the most effective, easy to use, anti-spam and > > anti-virus solution available. > > > > Fortress SMGateway has all of the functionality provided by MailScanner > > and SpamAssassin plus extensions and enhancements to provide a simple > > web based interface for users and administrators. These added features > > allow administrators to more easily install, control and configure > > e-mail gateway operations while allowing users and administrators to set > > their own spam preferences. > > > > SMGateway provides a web based administrative interface which allows > > administrators to easily: > > > > .. Configure MailScanner including rule sets > > .. Configure e-mail forwarding to any type of Mailhub > > .. Setup multiple domains forwarding to different mailhubs > > .. Roll-back to previous configurations > > .. Easily backup configurations > > .. Validate user on mailhub before acceptance of e-mail on gateway > > .. Configure allowed file names and file types for attachments > > > > The Web based interface also allows the site administrator, domain > > administrators and individual users to easily set their own spam > > preferences, and administer white and black lists. > > > > Authentication to the web interface is provided for three levels of > > users: > > > > .. Site administrators are allowed to set and change any configuration > > data for the entire site. > > > > .. Domain administrators are allowed to set and change spam preferences, > > white and black lists for their specific domains. > > > > .. Users are able to set their own spam preferences, white and black > > lists. > > > > The user's logon to the user web interface for setting individual or > > site preferences is automatically authenticated against their Microsoft > > Active Directory or any POP or IMAP mailhub. There is no need to setup > > or administer user accounts or logins on the gateway. > > > > SMGateway includes MailWatch for MailScanner, a real-time console for > > MailScanner. MailWatch provides a web based interface for: > > > > .. Individual Message tracking > > .. Release of messages from quarantine > > .. Feeding ham (not-spam) and spam to the Bayesian filter > > .. E-mail and Spam reporting and statistics > > .. Real time message queuing statistics. > > > > SMGateway automatically installs and configures additional applications > > to help identify spam and viruses: > > > > .. ClamAV is a highly regarded Open Source Virus Scanner > > > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > > servers that collect and count checksums of e-mail messages in order to > > detect spam > > > > .. Pyzor is a collaborative, networked system to detect and block spam > > using identifying digests of messages > > > > .. Razor2 is a distributed, collaborative, spam detection and filtering > > Network > > > > SMGateway supports the simultaneous use of multiple virus scanners > > including: > > > > .. AntiVir > > .. AVG > > .. BitDefender > > .. ClamAV > > .. Command > > .. CSS > > .. DrWeb > > .. eTrust > > .. F-Prot > > .. F-Secure > > .. Inoculan > > .. Inoculate > > .. Kaspersky > > .. McAfee > > .. Nod32 > > .. Norman > > .. Panda > > .. Sophos > > .. SYMSymscan > > .. Trend > > .. Vexira > > > > SMGateway is currently supported only on a clean minimal installation of > > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > > available shortly. > > > > The installation of MailScanner and all related applications takes > > approximately 5 minutes. Configuration for most common setups should > > take less than one hour. > > Known Limitations in this version include: > > > > .. Web configuration of per domain and per user allowed filenames and > > filetypes is not possible from the GUI. > > > > .. Release from quarantine using the MailWatch interface is only allowed > > for the site administrator. > > > > Pricing and Support > > > > SMGateway is available for download from our web site at no charge. > > Fortress systems does provide and charge for support and updates. To > > maintain a reliable business e-mail system, we strongly advise you > > purchase SMGateway in conjunction with a support package: > > > > Package 1: > > Web support; 12 hour response SLA and 1 year of updates > > US $849.00 > > > > Package 2: > > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > > US $1,648.00 > > > > Package 3: > > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > > US $2,547.00 > > > > Rapid and high quality support is vital in any modern business system. > > We provide a range of support packages at standard prices. Please do not > > hesitate to contact us if you require a support contract that is not > > listed here. > > > > To ensure we can give all customers who purchase support a very high > > quality of service, we are restricting the number of support packages > > that we sell. Support packages will be sold starting next Monday, March > > 7, on a "first come, first served" basis, and we will limit sales to > > avoid compromising our ability to provide high quality services. > > > > Please visit our web site for additional information on SMGateway: > > > > http://www.fsl.com/products/SMGateway_release.html > > > > To download please visit: > > > > http://www.fsl.com/company/register.php > > > > For detailed information on features and operations, please download the > > manual: > > > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > > > For information on a soon to be released appliance that utilizes a > > custom version of SMGateway, please visit: > > > > http://www.optimati.com > > > > We hope you will find our efforts to be of value to you and your > > organization. > > > > -- > > Julian Field and Stephen Swaney > > Chief Technology Officer and Chief Operating Officer > > Fortress Systems Ltd > > www.FSL.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 16:26:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 14:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Found and fixed. My recursion code was utter rubbish :-) >> >>Please apply the attached patch to Message.pm. >> > > Julian > > Thanks. It works now. > > How did you manage to recreate the problem at your end? Hosed my installation completely, then re-installed a new copy and made the absolute minimum changes required to replicate your setup, but using the non-spam actions and high-scoring spam actions as well as the normal spam actions so that it would trigger every time. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 16:32:41 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Baird > Sent: Wednesday, March 02, 2005 11:22 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > BTW, your download form wouldn't let me enter my information when I > specified my Company Name, it responded with a javascript error no > matter how I entered it, until I left it blank, at which point I > received the success page. > > Regards > Michael Baird > > > We have some error checking on the page which we are tuning in real time. This is now fixed and sorry for the inconvenience. Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Mar 2 16:45:55 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Baird > Sent: Wednesday, March 02, 2005 11:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > Is the package pricing below per machine? I think I'd like to switch to > it, but I would only want the minimal support package, but I have > multiple mailscanner boxes (on each incoming MX, and my outbound relays, > with redundant boxes standing by for each). Even the base package would > probably get costly for me. > > Regards > Michael Baird > The SMGateway products if the first of a few products we plan to produce. It's not suitable for all sites. Its primary intended use is for a site that runs 0 or 1 gateways fronting a mailhub. For example it is an excellent product to front an existing Microsoft Exchange 2003 or Domino Server. It can typically reduce the load and storage requirements on the backend mailhub by 50% simply by rejecting or trapping the really obvious junk. Add to that the ability to run multiple virus scanners and you really have a Secure Email Gateway - thanks to MailScanner. The fact that you can load the minimal OS required, load SMGateway and easily restore a backup configuration in less than an hour makes for a reasonable recovery scenario for a single gateway site. Our SMCluster products will introduce an architecture that will control multiple gateways. We expect it to be available later this year. It will be very reasonably priced by server not by mailbox. I hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 2 16:46:10 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: Will this cause a new release of 4.39.5 to appear? I haven't upgraded yet, and I don't want to do so if another version is on the horizon. Jeff Earickson Colby College On Wed, 2 Mar 2005, Julian Field wrote: > Date: Wed, 2 Mar 2005 14:14:37 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.39.5-1 - is sendmail locking broken again? > > Found and fixed. My recursion code was utter rubbish :-) > > Please apply the attached patch to Message.pm. > > Quentin Campbell wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 02 March 2005 12:24 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >>> >>> Oh, and with "deliver attachment" I can't reproduce the problem :-( >>> >>> >>> >> [snip] >> >> Julian >> >> The patches to Message.pm and MCPMessage.pm make no difference. >> >> Quentin >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 17:17:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, 4.39.6 is on its way, out by the time you have read this. Jeff A. Earickson wrote: > Will this cause a new release of 4.39.5 to appear? I haven't > upgraded yet, and I don't want to do so if another version is > on the horizon. > > Jeff Earickson > Colby College > > On Wed, 2 Mar 2005, Julian Field wrote: > >> Date: Wed, 2 Mar 2005 14:14:37 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >> Found and fixed. My recursion code was utter rubbish :-) >> >> Please apply the attached patch to Message.pm. >> >> Quentin Campbell wrote: >> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>> Sent: 02 March 2005 12:24 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >>>> >>>> Oh, and with "deliver attachment" I can't reproduce the problem :-( >>>> >>>> >>>> >>> [snip] >>> >>> Julian >>> >>> The patches to Message.pm and MCPMessage.pm make no difference. >>> >>> Quentin >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 17:32:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have released 4.39.6 to include this fix. Don't like a bug that size in a "stable" release! Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 14:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Found and fixed. My recursion code was utter rubbish :-) >> >>Please apply the attached patch to Message.pm. >> >> >> >Julian > >Thanks. It works now. > >How did you manage to recreate the problem at your end? > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hb.maillists at DFS.DK Wed Mar 2 17:34:50 2005 From: hb.maillists at DFS.DK (Henrik Bro) Date: Thu Jan 12 21:28:47 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From MailScanner at ecs.soton.ac.uk Wed Mar 2 18:07:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Henrik Bro wrote: >From Julian^Òs e-mail: > >"To ensure we can give all customers who purchase support a very high >quality of service, we are restricting the number of support packages that >we sell." > >I am just not so lucky, that I can persuade my boss before Monday :( so what >to do, if I am not fast enough!... > > We won't be taking any orders for support until Monday and I don^Òt think that any orders placed on Monday or Tuesday will hit our cutoff limit. If you are really concerned, please email steve.swaney@fsl.com off list. >- Is it possible to get updates to the SMGateway products without a service >contract? > > You should be able to download new versions for free as you can now, but these will not be released more than every few months at least. To get the all of the latest protection and features you will need to purchase support. >- Do you plan any special educational / non-profit prices? > > We are considering non-profit discounts. We really need to see what our support costs are before we start discounting. If we do discount, we will refund the price difference to any non-profits. >-----Oprindelig meddelelse----- >Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne >af Stephen Swaney >Sendt: 2. marts 2005 17:46 >Til: MAILSCANNER@JISCMAIL.AC.UK >Emne: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Michael Baird >>Sent: Wednesday, March 02, 2005 11:19 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >> >>Is the package pricing below per machine? I think I'd like to switch >>to it, but I would only want the minimal support package, but I have >>multiple mailscanner boxes (on each incoming MX, and my outbound >>relays, with redundant boxes standing by for each). Even the base >>package would probably get costly for me. >> >>Regards >>Michael Baird >> >> >> >The SMGateway products if the first of a few products we plan to produce. >It's not suitable for all sites. Its primary intended use is for a site that >runs 0 or 1 gateways fronting a mailhub. For example it is an excellent >product to front an existing Microsoft Exchange 2003 or Domino Server. It >can typically reduce the load and storage requirements on the backend >mailhub by 50% simply by rejecting or trapping the really obvious junk. Add >to that the ability to run multiple virus scanners and you really have a >Secure Email Gateway - thanks to MailScanner. > >The fact that you can load the minimal OS required, load SMGateway and >easily restore a backup configuration in less than an hour makes for a >reasonable recovery scenario for a single gateway site. > >Our SMCluster products will introduce an architecture that will control >multiple gateways. We expect it to be available later this year. It will be >very reasonably priced by server not by mailbox. > >I hope this helps, > >Steve > >Steve Swaney >President >Fortress Systems Ltd. >Phone: 202 338-1670 >Cell: 202 352-3262 >www.fsl.com >steve.swaney@fsl.com > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Mar 2 18:28:10 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. - Active Directory Authentication? What about Kerberos? (POP/IMAP is good enough for us (since those check against our Kerberos pass phrases), but I'm curious if you're doing AD via LDAP, or AD via Kerberos, or some other aspect of AD authentication I'm not aware of ... and if you're doing it via AD's LDAP functionality, I wonder why you didn't also list LDAP authentication in the blurb) - Redhat only? No Solaris support? Any Solaris support planned? - Also, we use an array of machines to do our mailscanner work right now. Does SMGateway support this (Ie. users only have to set their options on one machine, instead of having to touch all 4 of them?). My impression is that because you're using MailWatch, which I thought uses mysql for various things, then it might be possible to put the mysql database on a separate machine, and thus have multiple work-horse machines that all use 1 configuration database. Is that an appropriate/accurate assumption? - When you say 1 year of updates, what do you mean exactly? (I mean, if it's free to download, does that mean I could install the new versions by hand for free, but you have some stream lined auto-update engine that costs money to keep feeding it? or is there some other aspect of updates that's not clearly being presented here? or what?) (don't get me wrong, the compelling part of the prices is the support contracts, and if we were to go down the SMGateway path, we would be getting a support contract regardless of what the updates part means ... but I'm curious what that part of the contract _actually_ means, considering the download is free) Since I've asked those other questions, I might as well ask these: - instead of email forwarding being user configured, can the administrator(s) turn it off and make it completely unavailable to the end user? We have other methods for setting up user forwards, and those need to remain our authoritative mechanisms. - does it allow per-user bayes databases? - does it allow bayes databases to be completely disabled? - it talks about mailwatch doing quarantine management; does MailWatch get upset if you turn off quarantining completely? - I recently wrote a script that reads through the sendmail and mailscanner syslogs and extracts data about each virus (relay that sent it, mail queue ID, viruses that were in the message, claimed SMTP Mail-From, date and time of the message) and mails $relay@abuse.net with a report about each infected message that relay sent us (1 stanza per message) ... I seem to recall that one of the things that MailWatch does with mysql is logging to mysql; can I still have it also do logging to syslog, so I don't have to re-write my nightly report? (we're actually evaluating vendor supported alternatives to MailScanner* right now ... including things like Sophos Pure Message and Ironport, etc. So, it's very interesting to me that this product would come out right as we're doing that, it might allow us to put MailScanner into our list of products; but Solaris and Clustering are on our requirements list (as "must") ... Linux and FreeBSD are just on our "should" list; if Solaris and Clustering are there, I could easily add this to our list of products to evaluate) (* I'm not unsatisfied with mailscanner, it's just that we have a larger set of interests and requirements that are being evaluated, and we would have to "roll our own" to just use mailscanner in that new picture ... which we would rather not do, so we're looking at our alternatives; a lot of what we're looking for, though, is on the list of SMGateway's features) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Wed Mar 2 19:03:08 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:28:47 2006 Subject: [RFE] bugzilla.mailscanner.info (was: Re: Beta release 4.39.4) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I always try to at least reply, but good ideas do get lost sometimes. "good ideas" should not get lost "bugs" should not get lost "patches" should not get lost ... http://www.bugzilla.org (mysql) https://bugzilla.redhat.com/bugzilla/ (postgresql) https://bugzilla.mozilla.org/page.cgi?id=fields.html#bug_severity Enhancement = request for enhancement = RFE eg. http://bugzilla.mailscanner.info -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 20:01:40 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: FW: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 1:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Our design goal was "no user account maintenance on the Gateway" and we tried to keep it as simple as possible and the word LDAP scares some people :). Even older Exchange servers can be configure to use POP or IMAP so we can pretty much allow any user to authenticate and log into the SMGateway server to set spam preferences with no need to setup users on the gateway. In the same vein, the ability to use milter-ahead means that for most back end mailhubs, rejecting email for unknown users is as simple as clicking on a checkbox > > - Redhat only? No Solaris support? Any Solaris support planned? > This is intended to be our lower cost, single gateway offering. As such, we felt the right OS to support first would be Red Hat and CentOS. Other OS support is being considered. Also please see my remarks on clustering below. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). My > impression is that because you're using MailWatch, which I thought uses > mysql for various things, then it might be possible to put the mysql > database on a separate machine, and thus have multiple work-horse > machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? This will be our SMCluster configuration due out later in the year. The architecture is already present in SMGateway. A SQL server stores configuration data and checkpoints (for roll backs) and populates and LDAP directory. In the SMCluster architecture, the web interface, database and LDAP directory are hosted on a standalone server. Each gateway has an LDAP replica and a few synchronized files. We have a few other tricks planned for SMCluster setup but that is the basic plan. > > - When you say 1 year of updates, what do you mean exactly? (I mean, > if it's free to download, does that mean I could install the new > versions by hand for free, but you have some stream lined auto-update > engine that costs money to keep feeding it? or is there some other > aspect of updates that's not clearly being presented here? or what?) > (don't get me wrong, the compelling part of the prices is the support > contracts, and if we were to go down the SMGateway path, we would be > getting a support contract regardless of what the updates part means > ... but I'm curious what that part of the contract _actually_ means, > considering the download is free) Yet it's free to download and use and yes you could simply keep updating by downloading and installing the new application and restoring your preferences. An experienced administrator could update many parts simply by building their own rpms to our specs. All of this would be fine with us. Our target customer is an organization that can see the benefits and cost savings of paying experts to do what experts do well and efficiently. We believe that for most organizations the maintenance costs of our SMGateway solution will be less than the cost of trying to keep all of the applications updated in-house. Our goal is to make an integrated MailScanner, SpamAssassin and MailWatch server so simple to install, configure and maintain that it will become the most obvious solution to the spam and virus problem. We hope to do this at a cost that will be affordable for everyone. Please note that the package consists of +70 rpms that all reside in /opt/Fortress. It took a lot longer to develop this way but we are as independent as possible from the Architecture and problems that can be caused by Operating System Updates. Anyone who has seen the operating system update package-skip-list(s) needed on Ensim or C-panel systems can appreciate the benefits of this approach. It also means that we can more quickly react to easily update individual applications as required. This has been difficult for most of our competition. Timely updating is absolutely essential for and anti-spam or anti-virus solution. > > Since I've asked those other questions, I might as well ask these: > > - instead of email forwarding being user configured, can the > administrator(s) turn it off and make it completely unavailable to the > end user? We have other methods for setting up user forwards, and > those need to remain our authoritative mechanisms. > We had not considered this but there is no reason that it could not be incorporated. > - does it allow per-user bayes databases? > No > - does it allow bayes databases to be completely disabled? > Yes > - it talks about mailwatch doing quarantine management; does MailWatch > get upset if you turn off quarantining completely? > Not at all. MailWatch never gets upset. It is quite a happy application :) > - I recently wrote a script that reads through the sendmail and > mailscanner syslogs and extracts data about each virus (relay that sent > it, mail queue ID, viruses that were in the message, claimed SMTP > Mail-From, date and time of the message) and mails $relay@abuse.net > with a report about each infected message that relay sent us (1 stanza > per message) ... I seem to recall that one of the things that MailWatch > does with mysql is logging to mysql; can I still have it also do > logging to syslog, so I don't have to re-write my nightly report? > You would probably find the MailWatch Database a rich place to mine for any customized reporting. I've had a peek at the latest cvs version and MailWatch is definitely an application you want to keep an eye on. > > (we're actually evaluating vendor supported alternatives to > MailScanner* right now ... including things like Sophos Pure Message > and Ironport, etc. So, it's very interesting to me that this product > would come out right as we're doing that, it might allow us to put > MailScanner into our list of products; but Solaris and Clustering are > on our requirements list (as "must") ... Linux and FreeBSD are just on > our "should" list; if Solaris and Clustering are there, I could easily > add this to our list of products to evaluate) > I know that clustering will be coming and with clustering, we will need to support the sleeker and more expensive hardware. Right now we are installing and supporting some fairly large multiple gateway solutions using MailScanner, SpamAssassin and MailWatch + custom programming and they work very well. We know there are some very large installations that use MailScanner successfully. We hope our clustering solution will make the administration of MailScanner in the enterprise a bit easier to install, maintain and operate. If you or any other enterprise sites are interested in working with us on the development of the SMCluster software, please email me off list. > (* I'm not unsatisfied with mailscanner, it's just that we have a > larger set of interests and requirements that are being evaluated, and > we would have to "roll our own" to just use mailscanner in that new > picture ... which we would rather not do, so we're looking at our > alternatives; a lot of what we're looking for, though, is on the list > of SMGateway's features) SMGateway is not and was not intended to be the product for every site. For smaller sites it can be the best solution available at any cost. While there are no hard and fast rules because of the differences between sites, I'd guess that for sites with under 75 users, outsourcing to an experienced site that uses MailScanner for email processing will be the most cost effective solution. Most of the MailScanner hosting sites here in the US appear to charge about 1/2 the price charged by Brightmail and Postini (who won't even talk to small sites). For the 75 to 2000 mailbox sites, SMGateway can be a very effective solution. Thanks for the questions, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Wed Mar 2 20:34:25 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Kudos to you all. What would really further interest and excite me is tight intergration with Exchange's existing spam mechanimism via the Spam Confidence Level. Did you guys have any plans in this regard? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, March 02, 2005 9:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: New commercial product SMGateway We are pleased to announce SMGateway, the first Secure Mail Gateway product from Fortress Systems Ltd. SMGateway is based on MailScanner, the world's most widely used e-mail gateway application. SMGateway employs MailScanner in conjunction with SpamAssassin, ClamAV and your choice of additional commercial virus scanners to provide the most effective, easy to use, anti-spam and anti-virus solution available. Fortress SMGateway has all of the functionality provided by MailScanner and SpamAssassin plus extensions and enhancements to provide a simple web based interface for users and administrators. These added features allow administrators to more easily install, control and configure e-mail gateway operations while allowing users and administrators to set their own spam preferences. SMGateway provides a web based administrative interface which allows administrators to easily: . Configure MailScanner including rule sets . Configure e-mail forwarding to any type of Mailhub . Setup multiple domains forwarding to different mailhubs . Roll-back to previous configurations . Easily backup configurations . Validate user on mailhub before acceptance of e-mail on gateway . Configure allowed file names and file types for attachments The Web based interface also allows the site administrator, domain administrators and individual users to easily set their own spam preferences, and administer white and black lists. Authentication to the web interface is provided for three levels of users: . Site administrators are allowed to set and change any configuration data for the entire site. . Domain administrators are allowed to set and change spam preferences, white and black lists for their specific domains. . Users are able to set their own spam preferences, white and black lists. The user's logon to the user web interface for setting individual or site preferences is automatically authenticated against their Microsoft Active Directory or any POP or IMAP mailhub. There is no need to setup or administer user accounts or logins on the gateway. SMGateway includes MailWatch for MailScanner, a real-time console for MailScanner. MailWatch provides a web based interface for: . Individual Message tracking . Release of messages from quarantine . Feeding ham (not-spam) and spam to the Bayesian filter . E-mail and Spam reporting and statistics . Real time message queuing statistics. SMGateway automatically installs and configures additional applications to help identify spam and viruses: . ClamAV is a highly regarded Open Source Virus Scanner . DCC (Distributed Checksum Clearinghouse) is a System of clients and servers that collect and count checksums of e-mail messages in order to detect spam . Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages . Razor2 is a distributed, collaborative, spam detection and filtering Network SMGateway supports the simultaneous use of multiple virus scanners including: . AntiVir . AVG . BitDefender . ClamAV . Command . CSS . DrWeb . eTrust . F-Prot . F-Secure . Inoculan . Inoculate . Kaspersky . McAfee . Nod32 . Norman . Panda . Sophos . SYMSymscan . Trend . Vexira SMGateway is currently supported only on a clean minimal installation of Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be available shortly. The installation of MailScanner and all related applications takes approximately 5 minutes. Configuration for most common setups should take less than one hour. Known Limitations in this version include: . Web configuration of per domain and per user allowed filenames and filetypes is not possible from the GUI. . Release from quarantine using the MailWatch interface is only allowed for the site administrator. Pricing and Support SMGateway is available for download from our web site at no charge. Fortress systems does provide and charge for support and updates. To maintain a reliable business e-mail system, we strongly advise you purchase SMGateway in conjunction with a support package: Package 1: Web support; 12 hour response SLA and 1 year of updates US $849.00 Package 2: 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates US $1,648.00 Package 3: 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates US $2,547.00 Rapid and high quality support is vital in any modern business system. We provide a range of support packages at standard prices. Please do not hesitate to contact us if you require a support contract that is not listed here. To ensure we can give all customers who purchase support a very high quality of service, we are restricting the number of support packages that we sell. Support packages will be sold starting next Monday, March 7, on a "first come, first served" basis, and we will limit sales to avoid compromising our ability to provide high quality services. Please visit our web site for additional information on SMGateway: http://www.fsl.com/products/SMGateway_release.html To download please visit: http://www.fsl.com/company/register.php For detailed information on features and operations, please download the manual: http://www.fsl.com/support/Fortress-SMGateway-manual.pdf For information on a soon to be released appliance that utilizes a custom version of SMGateway, please visit: http://www.optimati.com We hope you will find our efforts to be of value to you and your organization. -- Julian Field and Stephen Swaney Chief Technology Officer and Chief Operating Officer Fortress Systems Ltd www.FSL.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 20:42:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! We have not yet implemented support for Exchange's Spam Confidence Level, but it is certainly something we will look at for a future release. Errol Neal wrote: >Kudos to you all. >What would really further interest and excite me is tight intergration >with Exchange's existing spam mechanimism via the Spam Confidence Level. >Did you guys have any plans in this regard? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 20:49:43 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Excellent response. I dropped him a line direct with a bcc to yyou. What a team :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, March 02, 2005 3:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > Thanks! > We have not yet implemented support for Exchange's Spam Confidence > Level, but it is certainly something we will look at for a future release. > > Errol Neal wrote: > > >Kudos to you all. > >What would really further interest and excite me is tight intergration > >with Exchange's existing spam mechanimism via the Spam Confidence Level. > >Did you guys have any plans in this regard? > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:14:04 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That really look slike a fantastic product - kudos to you all. It looks as though it will suit the Exchange admins who have ebnever touched linux before? install the os, install your RPM and your set? But for those of us who dont really care about having a gui to ms.conf will we be missing anything sticking with mailscanner? Or would it even be more benificial sticking with MS as the release frequency of the free to donwload version of SM gateway is likely to be less thab MS ? MS development will continue as normal? Will the GUIs bits be available for us to intsall on existing systems? Will SMgateway support things like postfix? Will any of you development gurus ever builds a search feature for mailwatch ? :) Do you ahve plans to build this type thing on an ISP scale? (10s of thousands of users) Will mailling list type support be on another list of this one? Thanks Pete Stephen Swaney wrote: > Excellent response. I dropped him a line direct with a bcc to yyou. > > What a team :) > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Wednesday, March 02, 2005 3:42 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >> >>Thanks! >>We have not yet implemented support for Exchange's Spam Confidence >>Level, but it is certainly something we will look at for a future release. >> >>Errol Neal wrote: >> >> >>>Kudos to you all. >>>What would really further interest and excite me is tight intergration >>>with Exchange's existing spam mechanimism via the Spam Confidence Level. >>>Did you guys have any plans in this regard? >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 21:06:49 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > >> We are pleased to announce SMGateway, the first Secure Mail Gateway >> product from Fortress Systems Ltd. > > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Recipient checking is available via LDAP and milter-ahead (basically, it opens a persistent SMTP channel to the mailhub and does RCPT TO's, with some intelligent caching) > - Redhat only? No Solaris support? Any Solaris support planned? The biggest (and really the only) barrier to using it on other platforms is the fact that the product is totally RPM based. I would love to be able to run it on FreeBSD as that is what we run our MailScanner machines on now, but it would require some work to get things going. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). My > impression is that because you're using MailWatch, which I thought uses > mysql for various things, then it might be possible to put the mysql > database on a separate machine, and thus have multiple work-horse > machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? That would require SMCluster, which isn't out yet.. (we have the same config, and need it too) -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew.allen at ZEALOUSWORKS.COM Wed Mar 2 21:19:07 2005 From: andrew.allen at ZEALOUSWORKS.COM (Andrew Allen) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn’t? When will SMGateway support RHEL 4? Sorry if it’s been asked before… Kind Regards, Andrew Allen (MCSE BCIP) • Director & Principle Consultant • Zealous Works Ltd // http://www.zealousworks.com/ • Voice: +44 (0) 870 922 0527 • Fax: +44 (0) 870 460 1527 • • Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks • Disclaimer: Email from people at zealousworks.com does not necessarily represent official policy of Zealous Works Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 21:31:09 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > But for those of us who dont really care about having a gui to ms.conf > will we be missing anything sticking with mailscanner? Or would it even > be more benificial sticking with MS as the release frequency of the free > to donwload version of SM gateway is likely to be less thab MS ? Per user whitelist/blacklists, MailWatch, ability for domain admins to control their own spam prefs, etc.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:33:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > That really look slike a fantastic product - kudos to you all. Thanks, much appreciated! > > It looks as though it will suit the Exchange admins who have ebnever > touched linux before? install the os, install your RPM and your set? That's the idea, yes. There are an awful lot of Exchange admins out there who are desperate for a solution they can afford. And if you want us to manage your entire server, including all OS updates and patches, the whole works, then we can do that for you too. The instructions we send you even include a click-by-click guide to installing the OS so you really don't need to know how to do anything other than put a CD into the drive and follow instructions. > But for those of us who dont really care about having a gui to ms.conf > will we be missing anything sticking with mailscanner? No. There is only one version of the source of MailScanner, and I have no intention of letting that change. > Or would it even > be more benificial sticking with MS as the release frequency of the free > to donwload version of SM gateway is likely to be less thab MS ? If you are happy to admin MS as you do now, then stick with the www.mailscanner.info version of the system. The cores are the same, but we may well not update SMGateway as fast as I update MailScanner itself. > > MS development will continue as normal? Yes. > > Will the GUIs bits be available for us to intsall on existing systems? You can always tear apart the SMGateway download and use bits of it. We are quite happy for you to do that if you want to, but you won't be able to get support via the standard packages, you would be asking for custom support for your system if you need it. > Will SMgateway support things like postfix? Not yet, but that is planned for a future release. > > Will any of you development gurus ever builds a search feature for > mailwatch ? :) Ask on the MailWatch mailing list and see what Steve is up to in that regard. > > Do you ahve plans to build this type thing on an ISP scale? (10s of > thousands of users) There will be a SMCluster package towards the end of this year, which will be designed to handle a cluster of MailScanner servers. This should have abilities such as treating the quarantine as a single entity, regardless of how it is actually stored. Given enough horsepower, SMGateway will already handle tens of thousands of users, but MailWatch's requirements are quite high for very busy mail servers. > > Will mailling list type support be on another list of this one? We are still working on that one. You will of course be able to get help from the MailScanner community as you can now, where the issue is actually to do with MailScanner itself and not one of the extra components. > Stephen Swaney wrote: > >> Excellent response. I dropped him a line direct with a bcc to yyou. >> >> What a team :) >> >> Steve >> >> Steve Swaney >> President >> Fortress Systems Ltd. >> Phone: 202 338-1670 >> Cell: 202 352-3262 >> www.fsl.com >> steve.swaney@fsl.com >> >> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Julian Field >>> Sent: Wednesday, March 02, 2005 3:42 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >>> >>> Thanks! >>> We have not yet implemented support for Exchange's Spam Confidence >>> Level, but it is certainly something we will look at for a future >>> release. >>> >>> Errol Neal wrote: >>> >>> >>>> Kudos to you all. >>>> What would really further interest and excite me is tight intergration >>>> with Exchange's existing spam mechanimism via the Spam Confidence >>>> Level. >>>> Did you guys have any plans in this regard? >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:42:16 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Am running MailScanner on RHEL on 3 machines with SA3, clam and bitdefender etc Working beautifully - we have selinux OFF - but intend to test it further. I know bitdefedner wont work with seliniux on. Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Andrew Allen >>Sent: Wednesday, March 02, 2005 4:19 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Red Hat Enterprise Linux 4 >> > > > Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn't? > >>When will SMGateway support RHEL 4? > > > Probably runs now. We just haven't had time to test but will do so very > shortly. > > >>Sorry if it's been asked before. >>Kind Regards, >> >>Andrew Allen (MCSE BCIP) >>. Director & Principle Consultant . >> > > > Stewve > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:41:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quick correction: Peter Russell wrote: > Will any of you development gurus ever builds a search feature for > mailwatch ? :) It's already there. Look at the reports page. You can add filters in all of the later versions. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:35:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrew Allen wrote: > Is anyone yet running MailScanner on RHEL 4? > I believe so, yes. Check the list archive. > Any reasons why I shouldn^Òt? > No. > When will SMGateway support RHEL 4? > It's one of the subjects of our first update. > Sorry if it^Òs been asked before^Å > > > Kind Regards, > > **Andrew Allen** (MCSE BCIP) > ^Õ Director & Principle Consultant ^Õ > > > **Zealous Works Ltd // http://www.zealousworks.com/** > > ^Õ Voice: +44 (0) 870 922 0527 ^Õ Fax: +44 (0) 870 460 1527 ^Õ > ^Õ Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks ^Õ > > **Disclaimer: Email from people at zealousworks.com does not > necessarily represent official policy of Zealous Works Ltd.** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 21:35:31 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Andrew Allen > Sent: Wednesday, March 02, 2005 4:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Red Hat Enterprise Linux 4 > Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn't? > When will SMGateway support RHEL 4? Probably runs now. We just haven't had time to test but will do so very shortly. > Sorry if it's been asked before. > Kind Regards, > > Andrew Allen (MCSE BCIP) > . Director & Principle Consultant . > Stewve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:46:27 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fantastic sutff, thanks so much for the detailed reply - its pretty darned exciting. And the servioce you guys provide - I am sure you will be a letter from the queen any day for the Order of Anit Virus and Anti Spam Empire ? :) Julian Field wrote: > Peter Russell wrote: > >> That really look slike a fantastic product - kudos to you all. > > > Thanks, much appreciated! > >> >> It looks as though it will suit the Exchange admins who have ebnever >> touched linux before? install the os, install your RPM and your set? > > > That's the idea, yes. > There are an awful lot of Exchange admins out there who are desperate > for a solution they can afford. > > And if you want us to manage your entire server, including all OS > updates and patches, the whole works, then we can do that for you too. > The instructions we send you even include a click-by-click guide to > installing the OS so you really don't need to know how to do anything > other than put a CD into the drive and follow instructions. > >> But for those of us who dont really care about having a gui to ms.conf >> will we be missing anything sticking with mailscanner? > > > No. There is only one version of the source of MailScanner, and I have > no intention of letting that change. > >> Or would it even >> be more benificial sticking with MS as the release frequency of the free >> to donwload version of SM gateway is likely to be less thab MS ? > > > If you are happy to admin MS as you do now, then stick with the > www.mailscanner.info version of the system. The cores are the same, but > we may well not update SMGateway as fast as I update MailScanner itself. > >> >> MS development will continue as normal? > > > Yes. > >> >> Will the GUIs bits be available for us to intsall on existing systems? > > > You can always tear apart the SMGateway download and use bits of it. We > are quite happy for you to do that if you want to, but you won't be able > to get support via the standard packages, you would be asking for custom > support for your system if you need it. > >> Will SMgateway support things like postfix? > > > Not yet, but that is planned for a future release. > >> >> Will any of you development gurus ever builds a search feature for >> mailwatch ? :) > > > Ask on the MailWatch mailing list and see what Steve is up to in that > regard. > >> >> Do you ahve plans to build this type thing on an ISP scale? (10s of >> thousands of users) > > > There will be a SMCluster package towards the end of this year, which > will be designed to handle a cluster of MailScanner servers. This should > have abilities such as treating the quarantine as a single entity, > regardless of how it is actually stored. Given enough horsepower, > SMGateway will already handle tens of thousands of users, but > MailWatch's requirements are quite high for very busy mail servers. > >> >> Will mailling list type support be on another list of this one? > > > We are still working on that one. You will of course be able to get help > from the MailScanner community as you can now, where the issue is > actually to do with MailScanner itself and not one of the extra components. > >> Stephen Swaney wrote: >> >>> Excellent response. I dropped him a line direct with a bcc to yyou. >>> >>> What a team :) >>> >>> Steve >>> >>> Steve Swaney >>> President >>> Fortress Systems Ltd. >>> Phone: 202 338-1670 >>> Cell: 202 352-3262 >>> www.fsl.com >>> steve.swaney@fsl.com >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: Wednesday, March 02, 2005 3:42 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >>>> >>>> Thanks! >>>> We have not yet implemented support for Exchange's Spam Confidence >>>> Level, but it is certainly something we will look at for a future >>>> release. >>>> >>>> Errol Neal wrote: >>>> >>>> >>>>> Kudos to you all. >>>>> What would really further interest and excite me is tight intergration >>>>> with Exchange's existing spam mechanimism via the Spam Confidence >>>>> Level. >>>>> Did you guys have any plans in this regard? >>>>> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hb.maillists at DFS.DK Wed Mar 2 21:47:38 2005 From: hb.maillists at DFS.DK (Henrik Bro) Date: Thu Jan 12 21:28:48 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is what I have been dreaming about for a long time :) But I have a question?: Does the milter-ahead in SMGateway support closed mail-lists. I have tried to use it before, but could not get it to work. I think the problem was, that when the MS server did RCPT TO, it used a blank MAIL FROM. /henrik -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Stephen Swaney Sendt: 2. marts 2005 21:02 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: FW: MailScanner ANNOUNCE: New commercial product SMGateway > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 1:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Our design goal was "no user account maintenance on the Gateway" and we tried to keep it as simple as possible and the word LDAP scares some people :). Even older Exchange servers can be configure to use POP or IMAP so we can pretty much allow any user to authenticate and log into the SMGateway server to set spam preferences with no need to setup users on the gateway. In the same vein, the ability to use milter-ahead means that for most back end mailhubs, rejecting email for unknown users is as simple as clicking on a checkbox > > - Redhat only? No Solaris support? Any Solaris support planned? > This is intended to be our lower cost, single gateway offering. As such, we felt the right OS to support first would be Red Hat and CentOS. Other OS support is being considered. Also please see my remarks on clustering below. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). > My impression is that because you're using MailWatch, which I thought > uses mysql for various things, then it might be possible to put the > mysql database on a separate machine, and thus have multiple > work-horse machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? This will be our SMCluster configuration due out later in the year. The architecture is already present in SMGateway. A SQL server stores configuration data and checkpoints (for roll backs) and populates and LDAP directory. In the SMCluster architecture, the web interface, database and LDAP directory are hosted on a standalone server. Each gateway has an LDAP replica and a few synchronized files. We have a few other tricks planned for SMCluster setup but that is the basic plan. > > - When you say 1 year of updates, what do you mean exactly? (I mean, > if it's free to download, does that mean I could install the new > versions by hand for free, but you have some stream lined auto-update > engine that costs money to keep feeding it? or is there some other > aspect of updates that's not clearly being presented here? or what?) > (don't get me wrong, the compelling part of the prices is the support > contracts, and if we were to go down the SMGateway path, we would be > getting a support contract regardless of what the updates part means > ... but I'm curious what that part of the contract _actually_ means, > considering the download is free) Yet it's free to download and use and yes you could simply keep updating by downloading and installing the new application and restoring your preferences. An experienced administrator could update many parts simply by building their own rpms to our specs. All of this would be fine with us. Our target customer is an organization that can see the benefits and cost savings of paying experts to do what experts do well and efficiently. We believe that for most organizations the maintenance costs of our SMGateway solution will be less than the cost of trying to keep all of the applications updated in-house. Our goal is to make an integrated MailScanner, SpamAssassin and MailWatch server so simple to install, configure and maintain that it will become the most obvious solution to the spam and virus problem. We hope to do this at a cost that will be affordable for everyone. Please note that the package consists of +70 rpms that all reside in /opt/Fortress. It took a lot longer to develop this way but we are as independent as possible from the Architecture and problems that can be caused by Operating System Updates. Anyone who has seen the operating system update package-skip-list(s) needed on Ensim or C-panel systems can appreciate the benefits of this approach. It also means that we can more quickly react to easily update individual applications as required. This has been difficult for most of our competition. Timely updating is absolutely essential for and anti-spam or anti-virus solution. > > Since I've asked those other questions, I might as well ask these: > > - instead of email forwarding being user configured, can the > administrator(s) turn it off and make it completely unavailable to the > end user? We have other methods for setting up user forwards, and > those need to remain our authoritative mechanisms. > We had not considered this but there is no reason that it could not be incorporated. > - does it allow per-user bayes databases? > No > - does it allow bayes databases to be completely disabled? > Yes > - it talks about mailwatch doing quarantine management; does MailWatch > get upset if you turn off quarantining completely? > Not at all. MailWatch never gets upset. It is quite a happy application :) > - I recently wrote a script that reads through the sendmail and > mailscanner syslogs and extracts data about each virus (relay that > sent it, mail queue ID, viruses that were in the message, claimed SMTP > Mail-From, date and time of the message) and mails $relay@abuse.net > with a report about each infected message that relay sent us (1 stanza > per message) ... I seem to recall that one of the things that > MailWatch does with mysql is logging to mysql; can I still have it > also do logging to syslog, so I don't have to re-write my nightly report? > You would probably find the MailWatch Database a rich place to mine for any customized reporting. I've had a peek at the latest cvs version and MailWatch is definitely an application you want to keep an eye on. > > (we're actually evaluating vendor supported alternatives to > MailScanner* right now ... including things like Sophos Pure Message > and Ironport, etc. So, it's very interesting to me that this product > would come out right as we're doing that, it might allow us to put > MailScanner into our list of products; but Solaris and Clustering are > on our requirements list (as "must") ... Linux and FreeBSD are just on > our "should" list; if Solaris and Clustering are there, I could easily > add this to our list of products to evaluate) > I know that clustering will be coming and with clustering, we will need to support the sleeker and more expensive hardware. Right now we are installing and supporting some fairly large multiple gateway solutions using MailScanner, SpamAssassin and MailWatch + custom programming and they work very well. We know there are some very large installations that use MailScanner successfully. We hope our clustering solution will make the administration of MailScanner in the enterprise a bit easier to install, maintain and operate. If you or any other enterprise sites are interested in working with us on the development of the SMCluster software, please email me off list. > (* I'm not unsatisfied with mailscanner, it's just that we have a > larger set of interests and requirements that are being evaluated, and > we would have to "roll our own" to just use mailscanner in that new > picture ... which we would rather not do, so we're looking at our > alternatives; a lot of what we're looking for, though, is on the list > of SMGateway's features) SMGateway is not and was not intended to be the product for every site. For smaller sites it can be the best solution available at any cost. While there are no hard and fast rules because of the differences between sites, I'd guess that for sites with under 75 users, outsourcing to an experienced site that uses MailScanner for email processing will be the most cost effective solution. Most of the MailScanner hosting sites here in the US appear to charge about 1/2 the price charged by Brightmail and Postini (who won't even talk to small sites). For the 75 to 2000 mailbox sites, SMGateway can be a very effective solution. Thanks for the questions, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew.allen at ZEALOUSWORKS.COM Wed Mar 2 21:53:42 2005 From: andrew.allen at ZEALOUSWORKS.COM (Andrew Allen) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner Guestbook Message-ID: Off topic a little, but I noticed the guestbook has been attracting spam recently: http://www.sng.ecs.soton.ac.uk/mailscanner/book/guestbook.php Also, I sent an email to info@fcl.com earlier and noticed it bounced back: info@fsl.com on 02/03/2005 15:27 You do not have permission to send to this recipient. For assistance, contact your system administrator. ... User unknown> Kind Regards, Andrew Allen (MCSE BCIP) • Director & Principle Consultant • Zealous Works Ltd // http://www.zealousworks.com/ • Voice: +44 (0) 870 922 0527 • Fax: +44 (0) 870 460 1527 • • Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks • Disclaimer: Email from people at zealousworks.com does not necessarily represent official policy of Zealous Works Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 22:01:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Henrik Bro > Sent: Wednesday, March 02, 2005 4:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway > > This is what I have been dreaming about for a long time :) > Thanks for the kind words > But I have a question?: > > Does the milter-ahead in SMGateway support closed mail-lists. I have tried > to use it before, but could not get it to work. > > I think the problem was, that when the MS server did RCPT TO, it used a > blank MAIL FROM. > Milter-ahead will accept email only if destination mailhub will accept email for the recipients address. If mail to the address is deliverable on the mail hub, it will be accepted on the gateway. Where Milter-ahead is quite nice is its intelligent error handling and intelligent caching of results. For all the details please visit: http://www.milter.info/milter-ahead/index.shtml Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Mar 2 22:01:45 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: On Mar 2, 2005, at 13:06, Mike Bacher wrote: > John Rudd wrote: >> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: >> >>> We are pleased to announce SMGateway, the first Secure Mail Gateway >>> product from Fortress Systems Ltd. >> >> >> - Active Directory Authentication? What about Kerberos? (POP/IMAP is >> good enough for us (since those check against our Kerberos pass >> phrases), but I'm curious if you're doing AD via LDAP, or AD via >> Kerberos, or some other aspect of AD authentication I'm not aware of >> ... and if you're doing it via AD's LDAP functionality, I wonder why >> you didn't also list LDAP authentication in the blurb) > > Recipient checking is available via LDAP and milter-ahead (basically, > it opens a > persistent SMTP channel to the mailhub and does RCPT TO's, with some > intelligent caching) So, what exactly is milter-ahead? Is this just a few checks that are done as part of a milter, or is this doing the full mailscanner implementation in a milter? (and, what we do now is distribute an aliases file to each of our sendmail boxes, and those are how we get valid vs not-valid address support for our scanning boxes; the file is automated generated every few hours, and the sendmail boxes also periodically/automatically import it; part of this is a legacy issue and part of it is because our older mailing list system uses the aliases file for lists) Do domains have default forwards? It might be interesting to say that the default forward for a given domain is to send it to mailhub A, and the default domain to send it to for a second domain is mailhub B, but not allow users to over-ride that, and yet still have this recipient checking going on to insure that the end address is valid. (our existing mechanisms is that our athena based account management system manages the aliases file, both for mailing lists and user forwards; that information also gets extracted and incorporated into communigate pro's "redirect" option; users can manage either of them, but we're planning to retire the athena stuff, so the authoritative location will be the end mail hub, not the scanning hosts, so what we want the scanning hosts to do is just send it all to the mailhub. But, it has to be the right mailhub for that domain, and it has to be rejecting invalid addresses at the front door. Our existing plan had been to just munge the aliases file, but if SMGateway has domain defaults for that kind of thing, then that allows us to eliminate that piece) >> - Redhat only? No Solaris support? Any Solaris support planned? > > The biggest (and really the only) barrier to using it on other > platforms is the fact that > the product is totally RPM based. I would love to be able to run it > on FreeBSD as that is > what we run our MailScanner machines on now, but it would require some > work to get things > going. Hm. So, does that mean that if you move toward supporting Solaris you would: a) require the customer to have RPM on Solaris? (we used to do all of a bunch of internal solaris packaging with rpm's at Cygnus) b) support Solaris pkg's? c) come up with a tar based distribution? (I think any of those is fine, just curious what direction you might go) >> - Also, we use an array of machines to do our mailscanner work right >> now. Does SMGateway support this (Ie. users only have to set their >> options on one machine, instead of having to touch all 4 of them?). >> My >> impression is that because you're using MailWatch, which I thought >> uses >> mysql for various things, then it might be possible to put the mysql >> database on a separate machine, and thus have multiple work-horse >> machines that all use 1 configuration database. Is that an >> appropriate/accurate assumption? > > That would require SMCluster, which isn't out yet.. (we have the same > config, and need it too) > How long until it's out (ball park). We can probably eval the stand-alone version without any problem, but when we go to deployment, we'll most definitely need the clustering support. Oh, one other thing: what other parts of the mail system are you going to support? For example, if we have problems with the domain stuff in sendmail, are you going to support that, or just the domain parts of SMGateway/SMCluster? If we had questions and stuff about SSL and SMTP-Auth, and doing the same exact user authentication as we're doing for the web configuration stuff (ex. proxy it off to the IMAP server), would you have help/information/etc. around that? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Wed Mar 2 22:15:42 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Say I wanted to block anything from spam.au or even spam.spam.au, or even spam-spam.spam.au can I do a From: *@*.au in my blacklist rules file?? Thank you.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 22:35:47 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > So, what exactly is milter-ahead? Is this just a few checks that are > done as part of a milter, or is this doing the full mailscanner > implementation in a milter? http://www.milter.info/milter-ahead/index.shtml > (and, what we do now is distribute an aliases file to each of our > sendmail boxes, and those are how we get valid vs not-valid address > support for our scanning boxes; the file is automated generated every > few hours, and the sendmail boxes also periodically/automatically > import it; part of this is a legacy issue and part of it is because our > older mailing list system uses the aliases file for lists) You wouldn't need to do that anymore. > Do domains have default forwards? It might be interesting to say that > the default forward for a given domain is to send it to mailhub A, and > the default domain to send it to for a second domain is mailhub B, but > not allow users to over-ride that, and yet still have this recipient > checking going on to insure that the end address is valid. I think the only way to do it is to define a per-domain mailhost. But, if you are doing it via an automated API method, it shouldn't matter. My understanding is that the config data is stored in MySQL, and then a process takes that data and pushes into the LDAP database. > Hm. So, does that mean that if you move toward supporting Solaris you > would: > > a) require the customer to have RPM on Solaris? (we used to do all of a > bunch of internal solaris packaging with rpm's at Cygnus) > > b) support Solaris pkg's? > > c) come up with a tar based distribution? > > (I think any of those is fine, just curious what direction you might go) Would be a question for Stephen. I think the idea behind the RPM thing was ease of upgrades/maintainability. My vote would be for a tar based distro.. > How long until it's out (ball park). We can probably eval the > stand-alone version without any problem, but when we go to deployment, > we'll most definitely need the clustering support. I think they are shooting for sometime late this year, not sure though.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 22:40:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On Mar 2, 2005, at 13:06, Mike Bacher wrote: > >> John Rudd wrote: >> >>> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: >>> >>>> We are pleased to announce SMGateway, the first Secure Mail Gateway >>>> product from Fortress Systems Ltd. >>> >>> >>> >>> - Active Directory Authentication? What about Kerberos? (POP/IMAP is >>> good enough for us (since those check against our Kerberos pass >>> phrases), but I'm curious if you're doing AD via LDAP, or AD via >>> Kerberos, or some other aspect of AD authentication I'm not aware of >>> ... and if you're doing it via AD's LDAP functionality, I wonder why >>> you didn't also list LDAP authentication in the blurb) >> >> >> Recipient checking is available via LDAP and milter-ahead (basically, >> it opens a >> persistent SMTP channel to the mailhub and does RCPT TO's, with some >> intelligent caching) > > > So, what exactly is milter-ahead? See http://www.milter.info/milter-ahead/index.shtml > Hm. So, does that mean that if you move toward supporting Solaris you > would: > > a) require the customer to have RPM on Solaris? (we used to do all of a > bunch of internal solaris packaging with rpm's at Cygnus) > > b) support Solaris pkg's? > > c) come up with a tar based distribution? Probably (c), else (b). >>> now. Does SMGateway support this (Ie. users only have to set their >>> options on one machine, instead of having to touch all 4 of them?). >>> My >>> impression is that because you're using MailWatch, which I thought >>> uses >>> mysql for various things, then it might be possible to put the mysql >>> database on a separate machine, and thus have multiple work-horse >>> machines that all use 1 configuration database. Is that an >>> appropriate/accurate assumption? >> >> >> That would require SMCluster, which isn't out yet.. (we have the same >> config, and need it too) >> > - Also, we use an array of machines to do our mailscanner work right > > How long until it's out (ball park). We can probably eval the > stand-alone version without any problem, but when we go to deployment, > we'll most definitely need the clustering support. Later this year. > Oh, one other thing: what other parts of the mail system are you going > to support? For example, if we have problems with the domain stuff in > sendmail, are you going to support that, or just the domain parts of > SMGateway/SMCluster? If we had questions and stuff about SSL and > SMTP-Auth, and doing the same exact user authentication as we're doing > for the web configuration stuff (ex. proxy it off to the IMAP server), > would you have help/information/etc. around that? We haven't done this yet. You will need to discuss that with us off-list to see what can be done for you here. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 22:41:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Correct syntax is From: *@*.au yes Christopher J Ford wrote: > Say I wanted to block anything from spam.au or even spam.spam.au, or > even spam-spam.spam.au > > can I do a From: *@*.au in my blacklist rules file?? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Mar 2 22:43:06 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | John Rudd wrote: | |> Oh, one other thing: what other parts of the mail system are you going |> to support? For example, if we have problems with the domain stuff in |> sendmail, are you going to support that, or just the domain parts of |> SMGateway/SMCluster? If we had questions and stuff about SSL and |> SMTP-Auth, and doing the same exact user authentication as we're doing |> for the web configuration stuff (ex. proxy it off to the IMAP server), |> would you have help/information/etc. around that? | | | We haven't done this yet. You will need to discuss that with us off-list | to see what can be done for you here. | I have done this various times using Sendmail. Fell free to contact me off list. There are numerous ways to do this with open source tools. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCJkF6PMoaMn4kKR4RA4ZOAJ4hWxu6R6bzElO8nFWYhpBhI8AUNQCdFOPF +fAGmmuU+xKk3ekk/b4GgS8= =Sdym -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 22:44:49 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 5:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 13:06, Mike Bacher wrote: > > > John Rudd wrote: > >> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > >> > >>> We are pleased to announce SMGateway, the first Secure Mail Gateway > >>> product from Fortress Systems Ltd. > >> > >> > >> - Active Directory Authentication? What about Kerberos? (POP/IMAP is > >> good enough for us (since those check against our Kerberos pass > >> phrases), but I'm curious if you're doing AD via LDAP, or AD via > >> Kerberos, or some other aspect of AD authentication I'm not aware of > >> ... and if you're doing it via AD's LDAP functionality, I wonder why > >> you didn't also list LDAP authentication in the blurb) > > > > Recipient checking is available via LDAP and milter-ahead (basically, > > it opens a > > persistent SMTP channel to the mailhub and does RCPT TO's, with some > > intelligent caching) > > So, what exactly is milter-ahead? Is this just a few checks that are > done as part of a milter, or is this doing the full mailscanner > implementation in a milter? > It's milter-ahead http://www.milter.info/milter-ahead/index.shtml not a milter implementation of MailScanner (hmmmm, now that would be a MILTER). Milter-ahead just checks to see if the mail would be accepted if presented for delivery at the mailhub before it is accepted at the gateway. It's very simple to configure and works very well even on sites with high volumes for the hardware. It's not as efficient as locally accessible db or ldap file to validate users but it's a lot better than using nothing and y sites. We have seen very substantial load decreases on gateways and mailhub where nothing is used to validate users on the mailhub and then milter is installed. The reason is simple. Blocking the junk email at the front door stops MailScanner and all of the related applications for doing a lot of useless work and these messages never hit the mailhub. A couple of caveats: 1. Milter-ahead works only with sendmail. There are other techniques which perform similar checks for Exim and Postfix. 2. Milter-ahead will not work with Exchange 5.5 or Exchange 2000 mailhubs. These servers cannot be configured not to blindly accept email for any address at acceptable domains :( and then bounce it back to the non-existent spammer ). > (and, what we do now is distribute an aliases file to each of our > sendmail boxes, and those are how we get valid vs not-valid address > support for our scanning boxes; the file is automated generated every > few hours, and the sendmail boxes also periodically/automatically > import it; part of this is a legacy issue and part of it is because our > older mailing list system uses the aliases file for lists) > Milter-ahead will accept email as soon as the user account is added to the hub. > Do domains have default forwards? It might be interesting to say that > the default forward for a given domain is to send it to mailhub A, and > the default domain to send it to for a second domain is mailhub B, but > not allow users to over-ride that, and yet still have this recipient > checking going on to insure that the end address is valid. > It looks at the mailertable, if the entry is in the form: domain.com esmtp:[mailhub.domain.com] (Note the [ ]'s) milter-ahead will be called. If the entry is in the form domain.com esmtp:mailhub.domain.com milter-ahead ahead will not be called. > (our existing mechanisms are that our athena based account management > system manages the aliases file, both for mailing lists and user > forwards; that information also gets extracted and incorporated into > communigate pro's "redirect" option; users can manage either of them, > but we're planning to retire the athena stuff, so the authoritative > location will be the end mail hub, not the scanning hosts, so what we > want the scanning hosts to do is just send it all to the mailhub. But, > it has to be the right mailhub for that domain, and it has to be > rejecting invalid addresses at the front door. Our existing plan had > been to just munge the aliases file, but if SMGateway has domain > defaults for that kind of thing, then that allows us to eliminate that > piece) > > I think you should definitely look at milter-ahead as one of the possibilities. At least until SMCluster is available :) Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Wed Mar 2 22:52:20 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Yes. Correct syntax is > From: *@*.au yes > > Christopher J Ford wrote: > >> Say I wanted to block anything from spam.au or even spam.spam.au, or >> even spam-spam.spam.au >> >> can I do a From: *@*.au in my blacklist rules file?? > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > Ah.. thank you.. and thank for MailScanner :) Id still be deleting my 900+ peices of spam crap aday and deleteing importion ones too cuz i woul;d get tired of looking! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 23:07:55 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Wednesday, March 02, 2005 9:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > I always try to at least reply, but good ideas do get lost sometimes. > The unrar code would require another timeout wrapper round it, which I > would have to copy from elsewhere, so it isn't trivial. > I can't remember if I came up with a solution to the duplicated > filenames problem or not, it was quite a long time ago. > How about this for a timeout wrapper. It should work as a general purpose wrapper for commands that use system or backticks. I put it together from code you use eleswhere. So a line like: $unrar =`which unrar`; return 0 unless $unrar !~ /no unrar in)/i && $unrar ne ""; would be $unrar = SafePipe("which unrar",30,"ST"); return 0 unless $unrar !~ /(no unrar in|^COMMAND_TIMED_OUT$)/i && $unrar ne ""; and system("$unrar e -p- -idp $safename 2>&1"); unless ("$?" == 0 && !$IsEncrypted) { would be unless (RcSafePipe("$unrar e -p- -idp $safename 2>&1",30,"EC") == 0 && !$IsEncrypted) { It appears to work fine, and handles the time out fine as well. Rick sub SafePipe{ # Modified Julian's code from SweepOther.pm # Changed to allow execution of a given command line with a time # control # # $Cmd = command line to execute # $timeout = max time in seconds to allow execution # $ReturnType = ST For String or Anything else for error code # # Replaces backtick or system calls that are looking for both # string output or an error code my ($Cmd, $TimeOut,$ReturnType) = @_; my($Kid, $pid, $TimedOut, $PipeReturn, $Str); $Kid = new FileHandle; $TimedOut = 0; eval { die "Can't fork: $!" unless defined($pid = open($Kid, '-|')); if ($pid) { # In the parent local $SIG{ALRM} = sub { $TimedOut = 1; die "Command Timed Out" }; alarm $TimeOut; # Only process the output if we are scanning, not disinfecting while(<$Kid>) { $Str .= $_; #print STDERR "Processing line \"$_\"\n"; } close $Kid; $PipeReturn = $?; $pid = 0; # 2.54 alarm 0; # Workaround for bug in perl shipped with Solaris 9, # it doesn't unblock the SIGALRM after handling it. eval { my $unblockset = POSIX::SigSet->new(SIGALRM); sigprocmask(SIG_UNBLOCK, $unblockset) or die "Could not unblock alarm: $!\n"; }; } else { # In the child POSIX::setsid(); # for testing time out # sleep 40; exec $Cmd; MailScanner::Log::WarnLog("Can't run $Cmd command! "); exit 1; } }; alarm 0; # 2.53 # Note to self: I only close the KID in the parent, not in the child. MailScanner::Log::DebugLog("Completed $Cmd"); # Catch failures other than the alarm MailScanner::Log::DieLog("$Cmd failed with real error: $@") if $@ and $@ !~ /Command Timed Out/; #print STDERR "pid = $pid and \@ = $@\n"; # In which case any failures must be the alarm if ($@ or $pid>0) { # Kill the running child process my($i); kill -15, $pid; # Wait for up to 5 seconds for it to die for ($i=0; $i<5; $i++) { sleep 1; waitpid($pid, &POSIX::WNOHANG); ($pid=0),last unless kill(0, $pid); kill -15, $pid; } # And if it didn't respond to 11 nice kills, we kill -9 it if ($pid) { kill -9, $pid; waitpid $pid, 0; # 2.53 } } # Return failure if the command timed out, otherwise return success if ($TimedOut){ MailScanner::Log::WarnLog("$Cmd timed out!"); return "COMMAND_TIMED_OUT"; } if($ReturnType eq "ST"){ return $Str; }else{ return $PipeReturn; } } -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Mar 2 23:13:35 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. > > SMGateway is based on MailScanner, the world's most widely used e-mail ... Is this what was hinted to in the middle of last month? -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Thu Mar 3 00:07:34 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:28:48 2006 Subject: MISSING_SUBJECT Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not all, but many e-mails which has normal subject has MISSING SUBJECT score, as above: MailScanner-SpamCheck: not spam, SpamAssassin (score=3.37, required 5.7, DNS_FROM_RFC_ABUSE 0.37, DNS_FROM_RFC_POST 1.38, FORGED_RCVD_HELO 0.05, MISSING_SUBJECT 1.57) Why? Thks in advance, Mauricio. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 00:21:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:48 2006 Subject: MISSING_SUBJECT Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mauricio Cavalcanti wrote: > Not all, but many e-mails which has normal subject has MISSING SUBJECT > score, as above: > > MailScanner-SpamCheck: not spam, SpamAssassin (score=3.37, required 5.7, > DNS_FROM_RFC_ABUSE 0.37, DNS_FROM_RFC_POST 1.38, FORGED_RCVD_HELO 0.05, > MISSING_SUBJECT 1.57) > > Why? > > Thks in advance, > Mauricio. > Check headers for multiple subject lines, one of which is empty. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:03:20 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: There's sort of three questions here: 1) I seem to recall a tool on a web page that you could tell it your domain and it would tell you what RFC's and bad practices you were violating (things like "you don't have a postmaster address at your mail server" and "you don't have an MX server for your domain", etc.). Anyone know which one I'm talking about? 2) anyone know of an RBL that is build around that concept? For example, we've got a problem lately with some senders coming from domains that are either violating an RFC (no postmaster) or something that HAS to be a best practice violation. Ex: sbcglobel.net (which is not sbcglobal.net, a valid ISP) where the domain has an MX record ... to a host that evaluates as localhost. So, bounces and vacation replies and such just clutter up our queue for a long while. It would be nice if there was an RBL that had multiple lists/return codes that covered different types of problems like this, or places whose contact with abuse.net bounces, or they don't have a postmaster address, etc. 3) anyone know of an existing milter that covers that example (if sender domain has an MX record that gets you to 127.x.y.z, then reject the message)? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Thu Mar 3 01:31:01 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:48 2006 Subject: blocking RFC/best practices violators Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you looking for this one? http://www.dnsreport.com/ Cheers Raylund ----- Original Message ----- From: "John Rudd" To: Sent: Wednesday, March 02, 2005 8:03 PM Subject: OT: blocking RFC/best practices violators > There's sort of three questions here: > > 1) I seem to recall a tool on a web page that you could tell it your > domain and it would tell you what RFC's and bad practices you were > violating (things like "you don't have a postmaster address at your > mail server" and "you don't have an MX server for your domain", etc.). > Anyone know which one I'm talking about? > > 2) anyone know of an RBL that is build around that concept? For > example, we've got a problem lately with some senders coming from > domains that are either violating an RFC (no postmaster) or something > that HAS to be a best practice violation. Ex: sbcglobel.net (which is > not sbcglobal.net, a valid ISP) where the domain has an MX record ... > to a host that evaluates as localhost. So, bounces and vacation > replies and such just clutter up our queue for a long while. It would > be nice if there was an RBL that had multiple lists/return codes that > covered different types of problems like this, or places whose contact > with abuse.net bounces, or they don't have a postmaster address, etc. > > 3) anyone know of an existing milter that covers that example (if > sender domain has an MX record that gets you to 127.x.y.z, then reject > the message)? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 01:32:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: At 08:03 PM 3/2/2005, John Rudd wrote: >2) anyone know of an RBL that is build around that concept? For >example, we've got a problem lately with some senders coming from >domains that are either violating an RFC (no postmaster) or something >that HAS to be a best practice violation. rfc-ignorant.org is a RBL that does this.. they have multiple lists including no postmaster, no abuse, refusal of DSN, invalid Whois data, and bogux MX. Unfortunately most of the lists rather high in the FP rate.. there's a lot of major ISP's out there that are quite RFC ignorant. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Thu Mar 3 01:38:29 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: On Wed, 2 Mar 2005, Matt Kettler wrote: > Unfortunately most of the lists rather high in the FP rate.. there's a lot > of major ISP's out there that are quite RFC ignorant. there are even more which arent ignorant, they deliberately choose not to have a working postmaster@ etc. and unlike abuse@, postmaster@ is not optional, no way no how, no matter how you stretch or twist or bend the RFCs. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:54:43 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: blocking RFC/best practices violators Message-ID: That's the one! Thanks On Mar 2, 2005, at 17:31, Raylund Lai wrote: > Are you looking for this one? > http://www.dnsreport.com/ > > Cheers > Raylund > ----- Original Message ----- > From: "John Rudd" > To: > Sent: Wednesday, March 02, 2005 8:03 PM > Subject: OT: blocking RFC/best practices violators > > >> There's sort of three questions here: >> >> 1) I seem to recall a tool on a web page that you could tell it your >> domain and it would tell you what RFC's and bad practices you were >> violating (things like "you don't have a postmaster address at your >> mail server" and "you don't have an MX server for your domain", etc.). >> Anyone know which one I'm talking about? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu Mar 3 01:57:29 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > 1) I seem to recall a tool on a web page that you could tell it your > domain and it would tell you what RFC's and bad practices you were > violating (things like "you don't have a postmaster address at your > mail server" and "you don't have an MX server for your domain", etc.). > Anyone know which one I'm talking about? Some of these are checked at http://www.dnsreport.com > 2) anyone know of an RBL that is build around that concept? For > example, we've got a problem lately with some senders coming from > domains that are either violating an RFC (no postmaster) or something > that HAS to be a best practice violation. Ex: sbcglobel.net (which is > not sbcglobal.net, a valid ISP) where the domain has an MX record ... > to a host that evaluates as localhost. So, bounces and vacation > replies and such just clutter up our queue for a long while. It would > be nice if there was an RBL that had multiple lists/return codes that > covered different types of problems like this, or places whose contact > with abuse.net bounces, or they don't have a postmaster address, etc. http://rfc-ignorant.org > 3) anyone know of an existing milter that covers that example (if > sender domain has an MX record that gets you to 127.x.y.z, then reject > the message)? milter-sender will does quite nicely - http://www.milter.info/milter-sender/index.shtml Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:58:19 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: On Mar 2, 2005, at 17:38, Dan Hollis wrote: > On Wed, 2 Mar 2005, Matt Kettler wrote: >> Unfortunately most of the lists rather high in the FP rate.. there's >> a lot >> of major ISP's out there that are quite RFC ignorant. That's disappointing, but understandable (not understandable that they're doing it, understandable that it makes the lists probably not very useful to me at work). > there are even more which arent ignorant, they deliberately choose not > to > have a working postmaster@ etc. and unlike abuse@, postmaster@ is not > optional, no way no how, no matter how you stretch or twist or bend the > RFCs. Yeah, some of the bounces I'm getting back from sending to $relay@abuse.net for our "you sent us viruses yesterday" report come back as bounces that were sent to postmaster@their-domain but they don't have a postmaster account. Makes me think I ought to just not accept their email at all. Thanks to both of you for your responses. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 02:19:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: At 08:38 PM 3/2/2005, Dan Hollis wrote: >On Wed, 2 Mar 2005, Matt Kettler wrote: > > Unfortunately most of the lists rather high in the FP rate.. there's a lot > > of major ISP's out there that are quite RFC ignorant. > >there are even more which arent ignorant, they deliberately choose not to >have a working postmaster@ etc. and unlike abuse@, postmaster@ is not >optional, no way no how, no matter how you stretch or twist or bend the >RFCs. I'd still categorize willful disregard for the rules as being "ignorant".. Ignorance can come from a lack of awareness off fact, i.e.: ignorance of the fact the RFC exists. However, ignorance can also be a general lack of education, as in the definition "an unlearned group incapable of understanding complex issues". I'd suggest your deliberate choosers fall into the second definition of ignorant. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 08:52:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Wednesday, March 02, 2005 9:18 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Beta release 4.39.4 >> >> >>I always try to at least reply, but good ideas do get lost sometimes. >>The unrar code would require another timeout wrapper round it, which I >>would have to copy from elsewhere, so it isn't trivial. >>I can't remember if I came up with a solution to the duplicated >>filenames problem or not, it was quite a long time ago. >> > > > > How about this for a timeout wrapper. It should work as a general purpose > wrapper for commands that use system or backticks. I put it together from > code you use eleswhere. So a line like: > > $unrar =`which unrar`; > return 0 unless $unrar !~ /no unrar in)/i && $unrar ne ""; > > would be $unrar = SafePipe("which unrar",30,"ST"); > return 0 unless $unrar !~ /(no unrar in|^COMMAND_TIMED_OUT$)/i && > $unrar ne ""; > and > system("$unrar e -p- -idp $safename 2>&1"); > unless ("$?" == 0 && !$IsEncrypted) { > > would be > > unless (RcSafePipe("$unrar e -p- -idp $safename 2>&1",30,"EC") == 0 && > !$IsEncrypted) { > > It appears to work fine, and handles the time out fine as well. > > Rick > > sub SafePipe{ > # Modified Julian's code from SweepOther.pm > # Changed to allow execution of a given command line with a time > # control > # > # $Cmd = command line to execute > # $timeout = max time in seconds to allow execution > # $ReturnType = ST For String or Anything else for error code > # > # Replaces backtick or system calls that are looking for both > # string output or an error code > > my ($Cmd, $TimeOut,$ReturnType) = @_; > my($Kid, $pid, $TimedOut, $PipeReturn, $Str); > $Kid = new FileHandle; > $TimedOut = 0; > > eval { > die "Can't fork: $!" unless defined($pid = open($Kid, '-|')); > if ($pid) { > # In the parent > local $SIG{ALRM} = sub { $TimedOut = 1; die "Command Timed Out" }; > alarm $TimeOut; > # Only process the output if we are scanning, not disinfecting > while(<$Kid>) { > $Str .= $_; > #print STDERR "Processing line \"$_\"\n"; > } > close $Kid; > $PipeReturn = $?; > $pid = 0; # 2.54 > alarm 0; > # Workaround for bug in perl shipped with Solaris 9, > # it doesn't unblock the SIGALRM after handling it. > eval { > my $unblockset = POSIX::SigSet->new(SIGALRM); > sigprocmask(SIG_UNBLOCK, $unblockset) > or die "Could not unblock alarm: $!\n"; > }; > } else { > # In the child > POSIX::setsid(); > # for testing time out > # sleep 40; exec $Cmd; > MailScanner::Log::WarnLog("Can't run $Cmd command! "); > exit 1; > } > }; > alarm 0; # 2.53 > > # Note to self: I only close the KID in the parent, not in the child. > MailScanner::Log::DebugLog("Completed $Cmd"); > > # Catch failures other than the alarm > MailScanner::Log::DieLog("$Cmd failed with real error: $@") > if $@ and $@ !~ /Command Timed Out/; > > #print STDERR "pid = $pid and \@ = $@\n"; > > # In which case any failures must be the alarm > if ($@ or $pid>0) { > # Kill the running child process > my($i); > kill -15, $pid; > # Wait for up to 5 seconds for it to die > for ($i=0; $i<5; $i++) { > sleep 1; > waitpid($pid, &POSIX::WNOHANG); > ($pid=0),last unless kill(0, $pid); > kill -15, $pid; > } > # And if it didn't respond to 11 nice kills, we kill -9 it > if ($pid) { > kill -9, $pid; > waitpid $pid, 0; # 2.53 > } > } > > # Return failure if the command timed out, otherwise return success > > if ($TimedOut){ > MailScanner::Log::WarnLog("$Cmd timed out!"); > return "COMMAND_TIMED_OUT"; > } > if($ReturnType eq "ST"){ > return $Str; > }else{ > return $PipeReturn; > } > } > That looks great thanks. Now how do I tell which files were the result of the unrar expansion? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 08:52:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Julian Field wrote: > >>We are pleased to announce SMGateway, the first Secure Mail Gateway >>product from Fortress Systems Ltd. >> >>SMGateway is based on MailScanner, the world's most widely used e-mail ... > > > Is this what was hinted to in the middle of last month? Yes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 3 09:13:15 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: I _never_ want mail originating on campus to be tagged as spam. Thus we have always whitelisted mail originating at this site by listing our campus network IP ranges in ~/rules/spam.whitelist.rules. We see many messages originating on campus that have more than 20 (usually local) recipients. When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" option some time ago, I bumped the number up to 1000 to avoid this overiding "spam.whitelist.rules". We thus lose the protection the "Ignore Spam Whitelist If ..." option provided. What I really want is the ability to absolutely whitelist a subset of address or IP ranges while allowing other options to conditionally ignore the whitelisting of addresses outside that subset. How can I do this? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 3 09:21:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >I _never_ want mail originating on campus to be tagged as spam. > >Thus we have always whitelisted mail originating at this site by listing >our campus network IP ranges in ~/rules/spam.whitelist.rules. > >We see many messages originating on campus that have more than 20 >(usually local) recipients. > >When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" >option some time ago, I bumped the number up to 1000 to avoid this >overiding "spam.whitelist.rules". We thus lose the protection the >"Ignore Spam Whitelist If ..." option provided. > >What I really want is the ability to absolutely whitelist a subset of >address or IP ranges while allowing other options to conditionally >ignore the whitelisting of addresses outside that subset. > >How can I do this? > > Can you not just make a rule set based on 'spam check =' so you don't spam scan any of your internal IP range but scan all external mail? This would have the same effect as white listing. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 09:22:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. Surely you can do this with a ruleset on the "Ignore Spam Whitelist If ..." option, or else move your spam whitelist ruleset to the "Spam Checks" option. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 09:26:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: Quentin another option would be separate inbound and outbound servers. That way the outbound servers would only virus and do other checks, but not call SA at all. I guess it depends how many servers you have right now and what checks you do on outbound email. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. > > How can I do this? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 09:16:20 2005 From: sargastic at YAHOO.FR (Violaine G.) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Hello you all, We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin were already up and running, we were only looking for some nice and clever glue to link everithing without getting stuck inside the bottle), and I must say it is impressive. I have one question, though. How is it possible to use virus scanners that are running on some OTHER system than the Postfix+MailScanner box ? In one environment, we would like to use MailScanner but the target site has already bought a virus scanner (poor fellow !), running on a dedicated computer, so we would like to "link" MailScanner to this external, on another box, virus scanner. Any documentation about how to do that ? Tia, VG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu Mar 3 09:28:35 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. > > How can I do this? How about a ruleset on Ignore Spam Whitelist If Recipients Exceed ? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Thu Mar 3 09:29:42 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you do want "no" spam check for internal outbound emails, may be using a rules file for "Spam Checks =". e.g. Spam Checks = %rules-dir%/spam.checks.rules spam.checks.rules: From: 10.0. no FromOrTo: default yes Cheers Raylund ----- Original Message ----- From: "Quentin Campbell" To: Sent: Thursday, March 03, 2005 4:13 AM Subject: A question re "Ignore Spam Whitelist If ..." I _never_ want mail originating on campus to be tagged as spam. Thus we have always whitelisted mail originating at this site by listing our campus network IP ranges in ~/rules/spam.whitelist.rules. We see many messages originating on campus that have more than 20 (usually local) recipients. When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" option some time ago, I bumped the number up to 1000 to avoid this overiding "spam.whitelist.rules". We thus lose the protection the "Ignore Spam Whitelist If ..." option provided. What I really want is the ability to absolutely whitelist a subset of address or IP ranges while allowing other options to conditionally ignore the whitelisting of addresses outside that subset. How can I do this? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 09:32:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Hi first of all I guess there's the need for the two comouters to talk somehow. Does the customers virus scanner have some sort of network client/server architecture so you can install the client on the MS computer and use it that way, or do you have to build this first? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Violaine G. wrote: > Hello you all, > > We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin > were already up and running, we were only looking for some nice and clever > glue to link everithing without getting stuck inside the bottle), and I must > say it is impressive. > > I have one question, though. How is it possible to use virus scanners that > are running on some OTHER system than the Postfix+MailScanner box ? In one > environment, we would like to use MailScanner but the target site has > already bought a virus scanner (poor fellow !), running on a dedicated > computer, so we would like to "link" MailScanner to this external, on > another box, virus scanner. > > Any documentation about how to do that ? > > Tia, > > VG. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 09:39:47 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Martin Hepworth a écrit : > first of all I guess there's the need for the two > comouters to talk somehow. Does the customers virus > scanner have some sort of network client/server > architecture so you can install the client on the MS > computer and use it that way, or do you have to > build this first? Hmmm... Good question. They are using Aladdin e-Safe, which currently receives the mails to scan through SMTP, just like it were a 'real' mail server. I do not know anything more (yet) but I'm going to look around. If there is a e-Safe client that can run on the MailScanner box, I bet this would be the way to go. But is is still possible to plug a 'smtp client' in MailScanner, if there is no specific client ? Tia, VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 09:42:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a "generic" virus scanner, with which you could implement some sort of client/server architecture to talk to this other scanner. Violaine G. wrote: > Hello you all, > > We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin > were already up and running, we were only looking for some nice and clever > glue to link everithing without getting stuck inside the bottle), and I must > say it is impressive. > > I have one question, though. How is it possible to use virus scanners that > are running on some OTHER system than the Postfix+MailScanner box ? In one > environment, we would like to use MailScanner but the target site has > already bought a virus scanner (poor fellow !), running on a dedicated > computer, so we would like to "link" MailScanner to this external, on > another box, virus scanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:08:07 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would like to try and get it to handle Bitdefender. only need to modify ONE (or maybe 2) line of code from what i can see. The output and string values for Bitdefender. ANy idea whgat they might be? # Scanner Strings my %Scanners = ( bitdefender => { Output => '/(.+) Found virus (.*)', String => '/(.+) Found virus (.*)\'}, sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', James Gray wrote: > On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > >>IN the past i remember some one haviong a cool script/command that would >>show you stats on infections? >> >>I ahve a mailscanner machine on a PC that is suffering badly with heaps >>of viruses and i would love to know how to find out how many or what >>type of infections etc? > > > Are you thinking of the "vnames.pl" script which produces a bullet-list of > viruses caught and a tally for each infection? > > http://web.csma.biz/apps/vnames.shtml > > HTH, > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:13:06 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Maybe the license permit you to install on any machine? a site type license? Julian Field wrote: > There is a "generic" virus scanner, with which you could implement some > sort of client/server architecture to talk to this other scanner. > > Violaine G. wrote: > >> Hello you all, >> >> We are currently playing with MailScanner (Postfix, clamAV and >> SpamAssassin >> were already up and running, we were only looking for some nice and >> clever >> glue to link everithing without getting stuck inside the bottle), and >> I must >> say it is impressive. >> >> I have one question, though. How is it possible to use virus scanners >> that >> are running on some OTHER system than the Postfix+MailScanner box ? In >> one >> environment, we would like to use MailScanner but the target site has >> already bought a virus scanner (poor fellow !), running on a dedicated >> computer, so we would like to "link" MailScanner to this external, on >> another box, virus scanner. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Thu Mar 3 10:13:04 2005 From: darren at TORSION.CO.UK (Darren Walker) Date: Thu Jan 12 21:28:48 2006 Subject: F-prot problem Message-ID: Hi, I have a Raq 3 which developed a problem so I reinstalled it. I don't know what version of F-prot it was running previously. It is running Mailscanner V3 because I had problems with upgrading perl on the raq. I installed V4 Mailscanner and it failed on a number of perl files, I used CPAN to upgrade Perl and then the Raq GUI wouldn't operate. So I had to reinstall the Raq again. F-PROT ANTIVIRUS Program version: 4.4.6 Engine version: 3.14.13 Mar 4 20:23:46 www5 sendmail[17990]: starting daemon (8.9.3): SMTP Mar 4 20:23:46 www5 sendmail[17993]: starting daemon (8.9.3): queueing@00:15:00 Mar 4 20:25:34 www5 sendmail[18138]: UAA18138: from=, size=1575, class=0, pri=31575, nrcpts=1, msgid=<000001c51fd7$5e0a2500$8801a8c0@Lappy>, proto=ESMTP, relay=raq4.torsion.co.uk [99.999.99.99] Mar 4 20:25:35 www5 mailscanner[15024]: Scanning 1 messages, 1978 bytes Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Scanned 1 messages, 1978 bytes in 1 seconds Mar 4 20:25:36 www5 sendmail[18144]: UAA18138: to=, delay=00:00:02, xdelay=00:00:00, mailer=local, stat=Sent ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 10:21:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: F-prot problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Your debug info shows you are still running MailScanner 3 which is no longer supported. Darren Walker wrote: >Hi, > >I have a Raq 3 which developed a problem so I reinstalled it. I don't know >what version of F-prot it was running previously. It is running Mailscanner >V3 because I had problems with upgrading perl on the raq. I installed V4 >Mailscanner and it failed on a number of perl files, I used CPAN to upgrade >Perl and then the Raq GUI wouldn't operate. So I had to reinstall the Raq >again. > > >F-PROT ANTIVIRUS >Program version: 4.4.6 >Engine version: 3.14.13 > >Mar 4 20:23:46 www5 sendmail[17990]: starting daemon (8.9.3): SMTP >Mar 4 20:23:46 www5 sendmail[17993]: starting daemon (8.9.3): >queueing@00:15:00 >Mar 4 20:25:34 www5 sendmail[18138]: UAA18138: from=, >size=1575, class=0, pri=31575, nrcpts=1, >msgid=<000001c51fd7$5e0a2500$8801a8c0@Lappy>, proto=ESMTP, >relay=raq4.torsion.co.uk [99.999.99.99] >Mar 4 20:25:35 www5 mailscanner[15024]: Scanning 1 messages, 1978 bytes >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Search: .". Please mail the author of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Action: Report only". Please mail the author of >MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Files: "Dumb" scan of all files". Please mail the author >of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the >author of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Scanned 1 messages, 1978 bytes in 1 >seconds >Mar 4 20:25:36 www5 sendmail[18144]: UAA18138: >to=, delay=00:00:02, xdelay=00:00:00, >mailer=local, stat=Sent > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Thu Mar 3 10:13:53 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:28:48 2006 Subject: OT - Etrust Reg Exp for MailWatch Message-ID: Hi There, I wonder if anyone has setup the regular expression for the lame CA Etrust (inocmd32) or whatever the hell it's called :) I've tried a few regular expressions in functions.php, it seems I'm just missing it by a bit... Thanks in advance. -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 0860 0 SYNAQ (79627) Direct: 011 290 6388 Fax: 011 290 6389 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From sargastic at YAHOO.FR Thu Mar 3 10:23:48 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Pete Russell a écrit : > Maybe the license permit you to install on any > machine? a site type license? That is unfortunately not an option. The virus scanner computer is "out of limits" from our point of view, must not be changed or bypassed (and it runs on a Windows box). VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:26:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Send all the mail to it, scan it and return it to mailscanner? Violaine Grimly wrote: > --- Pete Russell a écrit : > >>Maybe the license permit you to install on any >>machine? a site type license? > > > That is unfortunately not an option. The virus scanner > computer is "out of limits" from our point of view, > must not be changed or bypassed (and it runs on a > Windows box). > > VG. > > > > > > > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu Mar 3 10:35:11 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Violaine Grimly wrote: >> That is unfortunately not an option. The virus scanner >> computer is "out of limits" from our point of view, >> must not be changed or bypassed (and it runs on a >> Windows box). > Send all the mail to it, scan it and return it to mailscanner? Or just scan it in MailScanner, then send it to their box clean to prove how good MS is! John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 10:54:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Oh good a site with a policy they adhere to. (no I'm not being funny I like this). That's probably not a bad idea...let MS prove itself and then they can make business descision rather than a technical one. Should they want to move the scanner off the windows box to the MS box they can do this at a later date. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 John Wilcock wrote: > Pete Russell wrote: > >> Violaine Grimly wrote: >> >>> That is unfortunately not an option. The virus scanner >>> computer is "out of limits" from our point of view, >>> must not be changed or bypassed (and it runs on a >>> Windows box). > > >> Send all the mail to it, scan it and return it to mailscanner? > > > Or just scan it in MailScanner, then send it to their box clean to prove > how good MS is! > > John.
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Thu Mar 3 11:07:42 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can't you use Mailscanner as the primary MX for your domain to accept all incoming mail? Install ClamAV, BitDefender or some other free virus scanner on the MailScanner machine to try to catch as many virusses at the MailScanner gateway. The use the mailertable or smarthost feature of sendmail to forward all cleaned mail from MailScanner to your existing Windows server with the SMTP virus scanner, which scans the mail again and delivers to the users. After a while, evaluate whether you really need the external scanner by checking how many virusses it has caught? Adri. > -----Original Message----- > From: John Wilcock [mailto:john@TRADOC.FR] > Sent: 03 March, 2005 11:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: External virus scanners > > > Pete Russell wrote: > > Violaine Grimly wrote: > >> That is unfortunately not an option. The virus scanner > >> computer is "out of limits" from our point of view, > >> must not be changed or bypassed (and it runs on a > >> Windows box). > > > Send all the mail to it, scan it and return it to mailscanner? > > Or just scan it in MailScanner, then send it to their box > clean to prove > how good MS is! > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 3 11:39:35 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." - SORTED & THANKS! Message-ID: Blimey! What an impressively helpful and immedite response. Thanks for all the suggestions. Raylund Lai, Drew Marshall and Julian, among others, suggested moving my block of local IP addresses for which no spam scanning was to take place from the spam.whitelist.rules file to a new rules file to be used with the "Spam Checks =" option. I have done this. Raylund provided the most detailed answer for which my thanks. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raylund Lai >Sent: 03 March 2005 09:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: A question re "Ignore Spam Whitelist If ..." > >If you do want "no" spam check for internal outbound emails, >may be using a >rules file for "Spam Checks =". >e.g. Spam Checks = %rules-dir%/spam.checks.rules > >spam.checks.rules: >From: 10.0. no >FromOrTo: default yes > >Cheers >Raylund > >----- Original Message ----- >From: "Quentin Campbell" >To: >Sent: Thursday, March 03, 2005 4:13 AM >Subject: A question re "Ignore Spam Whitelist If ..." > > >I _never_ want mail originating on campus to be tagged as spam. > >Thus we have always whitelisted mail originating at this site >by listing >our campus network IP ranges in ~/rules/spam.whitelist.rules. > >We see many messages originating on campus that have more than 20 >(usually local) recipients. > >When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" >option some time ago, I bumped the number up to 1000 to avoid this >overiding "spam.whitelist.rules". We thus lose the protection the >"Ignore Spam Whitelist If ..." option provided. > >What I really want is the ability to absolutely whitelist a subset of >address or IP ranges while allowing other options to conditionally >ignore the whitelisting of addresses outside that subset. > >How can I do this? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Mar 3 12:19:47 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, March 03, 2005 3:53 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > [...] > > That looks great thanks. Now how do I tell which files were the result > of the unrar expansion? > I will try and get the time to put the patch together with the latest release today or tomorrow. I could post the sub here but there are a couple of new vars ahead of the call, plus there is a check in the clamavmodule call that modifies the check for encrypted since it would have been handled in the unpackrar sub. I have to separate the unrar stuff from my other patches and, of course test it before posting it. Thanks Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Mar 3 12:15:19 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote on 2-3-2005 22:46: > Fantastic sutff, thanks so much for the detailed reply - its pretty > darned exciting. > > And the servioce you guys provide - I am sure you will be a letter from > the queen any day for the Order of Anit Virus and Anti Spam Empire ? Those things usually don't happen to the good people, do they? People like BG get knighted I read. -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 14:34:00 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: I think my bayes is messed up. I have several dozen e-mails that I think are spam. The rule for bayes_00 is letting it through. Here is the score: X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_SPAM 1.84) X-SBSD-MailScanner-SpamScore: 3 Any idea? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 14:41:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: David restore from an earlier version...?? You backup the thing, yes??? Anyway reminds us what extra rules you run like the SARE ones etc.. They may help. What version of SA and do you run the URI-RBL stuff? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I think my bayes is messed up. I have several dozen e-mails that I think > are spam. The rule for bayes_00 is letting it through. > Here is the score: > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > RCVD_IN_NJABL_SPAM 1.84) > X-SBSD-MailScanner-SpamScore: 3 > > Any idea? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu Mar 3 14:45:52 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] dont realy know what u want to know now. reduce the scores via spam.assassin.prefs.conf if thats the question: score BAYES_00 -1.800 greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis >Sent: Thursday, March 03, 2005 3:34 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: bayes 00 > > >I think my bayes is messed up. I have several dozen e-mails >that I think are spam. The rule for bayes_00 is letting it >through. Here is the score: >X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin >(score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, >DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 >0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, >RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, >RCVD_IN_NJABL_SPAM 1.84) >X-SBSD-MailScanner-SpamScore: 3 > >Any idea? > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Thu Mar 3 14:57:52 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:28:48 2006 Subject: Sophos and Mailscanner Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All, Does anyone know which sophos product works with Mailscanner and fedora?? r, Steve -- Steve Hickel -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 15:01:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Sophos and Mailscanner Message-ID: Standard SAVI licence will work fine.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steve Hickel wrote: > All, > > Does anyone know which sophos product works with Mailscanner and fedora?? > > r, > > Steve > -- > Steve Hickel > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:04:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the MailScanner install doc. >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> David restore from an earlier version...?? You backup the thing, yes??? Anyway reminds us what extra rules you run like the SARE ones etc.. They may help. What version of SA and do you run the URI-RBL stuff? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I think my bayes is messed up. I have several dozen e-mails that I think > are spam. The rule for bayes_00 is letting it through. > Here is the score: > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > RCVD_IN_NJABL_SPAM 1.84) > X-SBSD-MailScanner-SpamScore: 3 > > Any idea? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:06:47 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know I can tweak the score...I just don't understand why bayes would score something like this so low. Is there something wrong with my bayes data base? Should it be scored so low when everything else scores it so differently? >>> Andreas.Doerfler@KEMPTEN.DE 03/03 9:45 AM >>> dont realy know what u want to know now. reduce the scores via spam.assassin.prefs.conf if thats the question: score BAYES_00 -1.800 greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis >Sent: Thursday, March 03, 2005 3:34 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: bayes 00 > > >I think my bayes is messed up. I have several dozen e-mails >that I think are spam. The rule for bayes_00 is letting it >through. Here is the score: >X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin >(score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, >DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 >0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, >RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, >RCVD_IN_NJABL_SPAM 1.84) >X-SBSD-MailScanner-SpamScore: 3 > >Any idea? > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 15:14:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: David you have to teach bayes when it's wrong. (see info in sa-learn) also having alot of the rules from www.rulesemporium.com/rules.htm can help alot too. Drip feed them in and see which ones help the most. DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, again these help alot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > MailScanner install doc. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > David > > restore from an earlier version...?? You backup the thing, yes??? > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > may help. What version of SA and do you run the URI-RBL stuff? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > I think my bayes is messed up. I have several dozen e-mails that I think > > are spam. The rule for bayes_00 is letting it through. > > Here is the score: > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > RCVD_IN_NJABL_SPAM 1.84) > > X-SBSD-MailScanner-SpamScore: 3 > > > > Any idea? > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:23:45 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I am not sure how to sa-learn in this case. We are setup as a gateway for an GroupWise server. >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> David you have to teach bayes when it's wrong. (see info in sa-learn) also having alot of the rules from www.rulesemporium.com/rules.htm can help alot too. Drip feed them in and see which ones help the most. DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, again these help alot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > MailScanner install doc. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > David > > restore from an earlier version...?? You backup the thing, yes??? > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > may help. What version of SA and do you run the URI-RBL stuff? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > I think my bayes is messed up. I have several dozen e-mails that I think > > are spam. The rule for bayes_00 is letting it through. > > Here is the score: > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > RCVD_IN_NJABL_SPAM 1.84) > > X-SBSD-MailScanner-SpamScore: 3 > > > > Any idea? > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:04:35 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quick query (which really boils down to my reading of the syntax of a specific comment in Mailscanner.conf): I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a Debian-Sarge server, with Exim 4.44 (all from Debian's testing packages). Both exim and mailscanner run as the user 'Debian-exim'. I have: SpamAssassin User State Dir = /var/lib/MailScanner in Mailscanner.conf This file tells me that: # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. Leaving aside the fact that I dunno what "mutable" means in this context, what does '~' mean. OK, it's a home directory, but is it the home of the mail recipient or of the 'user' that MailScanner's running as? Asking that another way (humour me for completeness!), which bayes files is SA looking at in my case? And: Is there any way I can get MS to tell me where it's looking, or how much Bayes data (if any) it's finding to work on? I get the odd feeling I'm sending the training data to the wrong place at the moment... Ok, so not such a 'quick query' as I thought, but at least I worked out the earlier '70 errors in spamassassin --lint -D' issue before annoying the list with it ;) (Answer: SA was finding a set of rules from a 2.64 install and getting very upset). The return on these questions should hopefully be of use - I'm about halfway through writing a "Guide to installing Mailscanner on Debian-Sarge" which will *thoroughly* cover my recent experiences of installing this combination. It should be online later today. Richard George, MEng (Electronics D.Trip), University of Southampton :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 16:21:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: Richard in spam.assassin.prefs.conf you can force the bayes directory. I use that then I know where the heck things are. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Wechsler wrote: > Quick query (which really boils down to my reading of the syntax of a > specific comment in Mailscanner.conf): > > I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a Debian-Sarge > server, with Exim 4.44 (all from Debian's testing packages). > > Both exim and mailscanner run as the user 'Debian-exim'. > > I have: > SpamAssassin User State Dir = /var/lib/MailScanner > > in Mailscanner.conf > This file tells me that: > > # The per-user files (bayes, auto-whitelist, user_prefs) are looked > # for here and in ~/.spamassassin/. Note the files are mutable. > > Leaving aside the fact that I dunno what "mutable" means in this > context, what does '~' mean. OK, it's a home directory, but is it the > home of the mail recipient or of the 'user' that MailScanner's running as? > > Asking that another way (humour me for completeness!), which bayes files > is SA looking at in my case? > > And: Is there any way I can get MS to tell me where it's looking, or how > much Bayes data (if any) it's finding to work on? I get the odd feeling > I'm sending the training data to the wrong place at the moment... > > > Ok, so not such a 'quick query' as I thought, but at least I worked out > the earlier '70 errors in spamassassin --lint -D' issue before annoying > the list with it ;) (Answer: SA was finding a set of rules from a 2.64 > install and getting very upset). > > > The return on these questions should hopefully be of use - I'm about > halfway through writing a "Guide to installing Mailscanner on > Debian-Sarge" which will *thoroughly* cover my recent experiences of > installing this combination. It should be online later today. > > Richard George, > MEng (Electronics D.Trip), University of Southampton :) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 3 16:36:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:48 2006 Subject: Burned by clamavmodule, Mail-ClamAV, symlinks Message-ID: Julian, I just realized in the course of the 4.39.6 upgrade that I've been badly burned by clamavmodule and the Mail-ClamAV perl module for a while. This is due to my way of doing things, and it took a while to figure out. But it is also due to how Mail-ClamAV installs. To those using clamavmodule, BEWARE! I install ClamAV into /opt, into a subdirectory clamav-[version]. Then I have a symlink for /opt/clamav -> /opt/clamav-[version]. I refer to the symlink in my MailScanner.conf settings. The problem: When I built and installed a new version of Mail-ClamAV, (specifying -I/opt/clamav/include and -L/opt/clamav/lib in the Makefile.PL), it followed the link and built its perl code with references to the version number. So, while I thought that I could move the symlink to point to a new version of ClamAV, the perl module was looking at the old version. Since MailScanner's virus updates put my update files in /opt/clamav and clamavmodule was looking in an old version directory, my Clam virus updates were way out of date. ==> Ouch!! I found this problem when I zapped old /opt/clamav-[version] directories and MailScanner started complaining about ClamAV missing. The issue seems to be in the building and installation of Mail-ClamAV. I haven't detected similar issues with sophossavi (I use the same symlink setup with Sophos versions too). Would this be a problem with Sophos? I've changed back from clamavmodule to clamav in my MS settings. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 16:44:01 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 3 mars 2005 17:22 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which Bayes files? > > > Richard > > in spam.assassin.prefs.conf you can force the bayes directory. I use > that then I know where the heck things are. Very true, I do the same... Since I'm a MailWatch-user, where this is a prerequisite. If you can determine which files are the "primaries" (ie. what MS is using), it would be easy to move them wherever you'd like... Just see to it that the Run As MS user can get at them fro rw. Look below for further comments. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Wechsler wrote: > > Quick query (which really boils down to my reading of the > syntax of a > > specific comment in Mailscanner.conf): > > > > I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a > Debian-Sarge > > server, with Exim 4.44 (all from Debian's testing packages). > > > > Both exim and mailscanner run as the user 'Debian-exim'. > > > > I have: > > SpamAssassin User State Dir = /var/lib/MailScanner > > > > in Mailscanner.conf > > This file tells me that: > > > > # The per-user files (bayes, auto-whitelist, user_prefs) are looked > > # for here and in ~/.spamassassin/. Note the files are mutable. > > > > Leaving aside the fact that I dunno what "mutable" means in this > > context, what does '~' mean. OK, it's a home directory, but > is it the > > home of the mail recipient or of the 'user' that > MailScanner's running as? SA is run by MS, so in this case it should be the Debian-exim user. > > > > Asking that another way (humour me for completeness!), > which bayes files > > is SA looking at in my case? ~Debian-exim/.spamassassin/.... > > > > And: Is there any way I can get MS to tell me where it's > looking, or how > > much Bayes data (if any) it's finding to work on? I get the > odd feeling > > I'm sending the training data to the wrong place at the moment... Not MS, but SA. "su - Debian-exim" and run spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 | grep bayes (If you use MailWatch, there's a convenient link to click in the "Other" section... One of the reasons you need be specific about bayes_* placement in MW (the other being sa-learn)). Most of this is deducible from the list archives, and the available docs;) Cheers -- Glenn > > > > > > Ok, so not such a 'quick query' as I thought, but at least > I worked out > > the earlier '70 errors in spamassassin --lint -D' issue > before annoying > > the list with it ;) (Answer: SA was finding a set of rules > from a 2.64 > > install and getting very upset). > > > > > > The return on these questions should hopefully be of use - I'm about > > halfway through writing a "Guide to installing Mailscanner on > > Debian-Sarge" which will *thoroughly* cover my recent experiences of > > installing this combination. It should be online later today. > > > > Richard George, > > MEng (Electronics D.Trip), University of Southampton :) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
/>************************************************************ > ********** >
>
This email and any files transmitted with it are > confidential and >
intended solely for the use of the individual or entity > to whom they >
are addressed. If you have received this email in error > please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to > be clean. >
>
/>************************************************************ > ********** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:49:36 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, first draft of the document I mentioned earlier. I'm not claiming that this is the best or only way to do this, but it works for me: http://www.phase.org/journal/byjid/8550 (yes, I know, I need to set up some decent URLs on that site ;) That said, if there are any grievious errors in there, please let me know! Thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 16:41:22 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:48 2006 Subject: Rules for random character subjects? Message-ID: Hi all... I seem to have a large number of messages that have garbage subject lines (either made up of foreign characters or random characters) that get past MailScanner/Spam Assassin. Have any of you found a decent ruleset that stops these? Thanks, Jim Coates Laridian, Inc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:55:16 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >>>And: Is there any way I can get MS to tell me where it's >> >>looking, or how >> >>>much Bayes data (if any) it's finding to work on? I get the >> >>odd feeling >> >>>I'm sending the training data to the wrong place at the moment... > > Not MS, but SA. "su - Debian-exim" and run > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 > | grep bayes Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my source. Might have to do some tweaking 'round here... > (If you use MailWatch, there's a convenient link to click in the > "Other" section... One of the reasons you need be specific about > bayes_* placement in MW (the other being sa-learn)). > > Most of this is deducible from the list archives, and the available > docs;) *grin* Fair point - I'd just been deducing far too much recently and thought I'd see if anyone could confirm my assumptions! Many thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 17:14:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard, When you get it finished, could I possibly host it (or even just a link to it) on www.mailscanner.info please? These resources are far more use when they can be found centrally. Wechsler wrote: > Ok, first draft of the document I mentioned earlier. I'm not claiming > that this is the best or only way to do this, but it works for me: > > http://www.phase.org/journal/byjid/8550 > > (yes, I know, I need to set up some decent URLs on that site ;) > > That said, if there are any grievious errors in there, please let me > know! > > Thanks, > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 17:23:15 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Wechsler > Sent: den 3 mars 2005 18:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which Bayes files? > > > Wechsler wrote: > > Steen, Glenn wrote: > > >> Not MS, but SA. "su - Debian-exim" and run > >> spamassassin -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 > >> | grep bayes > > > > > > Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my > > source. Might have to do some tweaking 'round here... > > Right, looks like I do - and, in the interests of letting others learn > from my mistakes, here's what I need to change: > > I've got crontab tasks running as Debian-exim on two IMAP folders: > falsepos, and falseneg, as follows: (I'm sure you can guess > the other). > > 15 * * * * /usr/bin/sa-learn --mbox --spam > /home2/wechsler/mail/falseneg > > This, not-very-surprisingly, learns to > "~Debian-exim/.spamassassin/bayes*" > > To get it to learn to the desired location, I just pull in MS's SA > config file: (the following being really one line) > > /usr/bin/sa-learn --mbox --spam -p \ > /etc/MailScanner/spam.assassin.prefs.conf > /home2/wechsler/mail/falseneg > > That seems to learn to the "right place" for me. Make sense to you? Yep, that would be right... Provided one can trust the ones filling in the falseneg/falsepos folders:-). -- Glenn > > > Thanks again, > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Thu Mar 3 17:15:00 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:48 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... Sorry, not strictly an MS problem, just wondering if anyone else had stumbled over this... I'm playing with a test box on RHEL4. Sophos installed fine, and using 'sophos' as the virus scanner, all is okay. However, I normally try and install SAVI-Perl for obvious reasons. The latest version would appear to be 0.30. I installed Sophos, and then edited Makefile.PL as normal: 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi'], I run make: cp SAVI.pm blib/lib/SAVI.pm AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > SAVI.xsc && mv SAVI.xsc SAVI.c Please specify prototyping behavior for SAVI.xs (see perlxs manual) gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c Running Mkbootstrap for SAVI () chmod 644 SAVI.bs rm -f blib/arch/auto/SAVI/SAVI.so gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so -L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi gcc: unrecognized option `-R/usr/local/Sophos/lib' chmod 755 blib/arch/auto/SAVI/SAVI.so cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs chmod 644 blib/arch/auto/SAVI/SAVI.bs Manifying blib/man3/SAVI.3pm ... it's the 'gcc: unrecognized option' that looks to me that isn't actually building the .so shared library... there is, though, a SAVI.so in blib/arch/auto/SAVI. make test shows: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/use....Can't load '/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module SAVI: libsavi.so.3: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. at t/use.t line 8 ... it is, however, there. Running a forced 'make install' and then using 'sophossavi' in MailScanner elicits errors about not being able to find SAVI: Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, did you install it? Anyone else swimming in these dark waters before I try the auth of SAVI-Perl? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 17:18:59 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wechsler wrote: > Steen, Glenn wrote: >> Not MS, but SA. "su - Debian-exim" and run >> spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 >> | grep bayes > > > Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my > source. Might have to do some tweaking 'round here... Right, looks like I do - and, in the interests of letting others learn from my mistakes, here's what I need to change: I've got crontab tasks running as Debian-exim on two IMAP folders: falsepos, and falseneg, as follows: (I'm sure you can guess the other). 15 * * * * /usr/bin/sa-learn --mbox --spam /home2/wechsler/mail/falseneg This, not-very-surprisingly, learns to "~Debian-exim/.spamassassin/bayes*" To get it to learn to the desired location, I just pull in MS's SA config file: (the following being really one line) /usr/bin/sa-learn --mbox --spam -p \ /etc/MailScanner/spam.assassin.prefs.conf /home2/wechsler/mail/falseneg That seems to learn to the "right place" for me. Make sense to you? Thanks again, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 17:25:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Rules for random character subjects? Message-ID: Jim quick replay - on way home.. have a look in www.rulesemporium.com/rules.htm for things what will cover this. Chickenpox rules are good too (on the other). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Hi all... > > I seem to have a large number of messages that have garbage subject lines > (either made up of foreign characters or random characters) that get past > MailScanner/Spam Assassin. > > Have any of you found a decent ruleset that stops these? > > Thanks, > Jim Coates > Laridian, Inc > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 17:24:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: Another idea would for Richard to perhaps join in the dokuwiki project... So that it gets into place from the start. Look in the archives for Ugos contact info. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 3 mars 2005 18:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Installing Mailscanner on Debian-testing - with > exim 4 and clamAV > > > Richard, > > When you get it finished, could I possibly host it (or even > just a link > to it) on www.mailscanner.info please? These resources are > far more use > when they can be found centrally. > > Wechsler wrote: > > > Ok, first draft of the document I mentioned earlier. I'm > not claiming > > that this is the best or only way to do this, but it works for me: > > > > http://www.phase.org/journal/byjid/8550 > > > > (yes, I know, I need to set up some decent URLs on that site ;) > > > > That said, if there are any grievious errors in there, please let me > > know! > > > > Thanks, > > Richard > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 17:30:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try removing the -R option and add /usr/local/Sophos/lib to /etc/ld.so.conf then run ldconfig. Peter Bates wrote: >Hello all... > >Sorry, not strictly an MS problem, just wondering if anyone else had >stumbled over this... > >I'm playing with a test box on RHEL4. > >Sophos installed fine, and using 'sophos' as the virus scanner, all is >okay. > >However, I normally try and install SAVI-Perl for obvious reasons. > >The latest version would appear to be 0.30. > >I installed Sophos, and then edited Makefile.PL as normal: > 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib >-lsavi'], > >I run make: > >cp SAVI.pm blib/lib/SAVI.pm >AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >/usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >/usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >SAVI.xsc && mv SAVI.xsc SAVI.c >Please specify prototyping behavior for SAVI.xs (see perlxs manual) >gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing >-pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 >-I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 >-DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >"-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c >Running Mkbootstrap for SAVI () >chmod 644 SAVI.bs >rm -f blib/arch/auto/SAVI/SAVI.so >gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so >-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi >gcc: unrecognized option `-R/usr/local/Sophos/lib' >chmod 755 blib/arch/auto/SAVI/SAVI.so >cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs >chmod 644 blib/arch/auto/SAVI/SAVI.bs >Manifying blib/man3/SAVI.3pm > >... it's the 'gcc: unrecognized option' that looks to me that isn't >actually building the .so shared library... there is, though, a SAVI.so >in blib/arch/auto/SAVI. > >make test shows: > >PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >t/use....Can't load >'/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module >SAVI: libsavi.so.3: cannot open shared object file: No such file or >directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm >line 230. > at t/use.t line 8 > >... it is, however, there. > >Running a forced 'make install' and then using 'sophossavi' in >MailScanner elicits errors about not being able to find SAVI: > >Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, >did you >install it? > >Anyone else swimming in these dark waters before I try the auth of >SAVI-Perl? > > > >---------------------------------------------------------------------------------------------------> >Peter Bates, Systems Support Officer, IT Services. >London School of Hygiene & Tropical Medicine. >Telephone:0207-958 8353 / Fax: 0207- 636 9838 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 17:29:42 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Richard, > > When you get it finished, could I possibly host it (or even just a link > to it) on www.mailscanner.info please? These resources are far more use > when they can be found centrally. Julian - You're more than welcome to link to it at least (I agree, the easier it is to find, the better) - I'd rather keep the 'canonical' version under my control though, so's I can beat the bugs out of it. If there prove to be any hosting issues with my server, though, I'll send it over to be hosted on .info. Thanks for all your work - glad to be able to give a little bit back! Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Thu Mar 3 17:53:49 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just curious, what is the exact name of the sophos product you installed with mailscanner?? Someone wants me to add sophos as a third virus scanner (in addition to clamav and f-prot) and I am trying to figure out which sophos product I should use to do that? Thanks Steve On Thu, 2005-03-03 at 17:15 +0000, Peter Bates wrote: Hello all... Sorry, not strictly an MS problem, just wondering if anyone else had stumbled over this... I'm playing with a test box on RHEL4. Sophos installed fine, and using 'sophos' as the virus scanner, all is okay. However, I normally try and install SAVI-Perl for obvious reasons. The latest version would appear to be 0.30. I installed Sophos, and then edited Makefile.PL as normal: 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi'], I run make: cp SAVI.pm blib/lib/SAVI.pm AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > SAVI.xsc && mv SAVI.xsc SAVI.c Please specify prototyping behavior for SAVI.xs (see perlxs manual) gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c Running Mkbootstrap for SAVI () chmod 644 SAVI.bs rm -f blib/arch/auto/SAVI/SAVI.so gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so -L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi gcc: unrecognized option `-R/usr/local/Sophos/lib' chmod 755 blib/arch/auto/SAVI/SAVI.so cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs chmod 644 blib/arch/auto/SAVI/SAVI.bs Manifying blib/man3/SAVI.3pm ... it's the 'gcc: unrecognized option' that looks to me that isn't actually building the .so shared library... there is, though, a SAVI.so in blib/arch/auto/SAVI. make test shows: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/use....Can't load '/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module SAVI: libsavi.so.3: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. at t/use.t line 8 ... it is, however, there. Running a forced 'make install' and then using 'sophossavi' in MailScanner elicits errors about not being able to find SAVI: Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, did you install it? Anyone else swimming in these dark waters before I try the auth of SAVI-Perl? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Steve Hickel -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 17:52:35 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: Martin, Thanks... I found a link off to ccert.edu.cn (from the rulesemporium site) which has what looks to be a good ruleset for removing Chinese character spam etc. I've got it in place and we shall see how it works. Thanks again, Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, March 03, 2005 11:25 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Rules for random character subjects? Jim quick replay - on way home.. have a look in www.rulesemporium.com/rules.htm for things what will cover this. Chickenpox rules are good too (on the other). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Hi all... > > I seem to have a large number of messages that have garbage subject > lines (either made up of foreign characters or random characters) that > get past MailScanner/Spam Assassin. > > Have any of you found a decent ruleset that stops these? > > Thanks, > Jim Coates > Laridian, Inc > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 18:00:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As someone suggested, putting it on the wiki might be the best idea all round. Wechsler wrote: > Julian Field wrote: > >> Richard, >> >> When you get it finished, could I possibly host it (or even just a link >> to it) on www.mailscanner.info please? These resources are far more use >> when they can be found centrally. > > > Julian - > > You're more than welcome to link to it at least (I agree, the easier it > is to find, the better) - I'd rather keep the 'canonical' version under > my control though, so's I can beat the bugs out of it. If there prove to > be any hosting issues with my server, though, I'll send it over to be > hosted on .info. > > Thanks for all your work - glad to be able to give a little bit back! > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 18:02:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You just need the command-line scanner product, not anything for mail servers or anything like that. I believe they call it their SAVI licence. Steve Hickel wrote: > Just curious, what is the exact name of the sophos product you > installed with mailscanner?? Someone wants me to add sophos as a third > virus scanner (in addition to clamav and f-prot) and I am trying to > figure out which sophos product I should use to do that? Thanks > > Steve > > On Thu, 2005-03-03 at 17:15 +0000, Peter Bates wrote: > >>Hello all... >> >>Sorry, not strictly an MS problem, just wondering if anyone else had >>stumbled over this... >> >>I'm playing with a test box on RHEL4. >> >>Sophos installed fine, and using 'sophos' as the virus scanner, all is >>okay. >> >>However, I normally try and install SAVI-Perl for obvious reasons. >> >>The latest version would appear to be 0.30. >> >>I installed Sophos, and then edited Makefile.PL as normal: >> 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib >>-lsavi'], >> >>I run make: >> >>cp SAVI.pm blib/lib/SAVI.pm >>AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >>/usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >>/usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >>SAVI.xsc && mv SAVI.xsc SAVI.c >>Please specify prototyping behavior for SAVI.xs (see perlxs manual) >>gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing >>-pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 >>-I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 >>-DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >>"-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c >>Running Mkbootstrap for SAVI () >>chmod 644 SAVI.bs >>rm -f blib/arch/auto/SAVI/SAVI.so >>gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so >>-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi >>gcc: unrecognized option `-R/usr/local/Sophos/lib' >>chmod 755 blib/arch/auto/SAVI/SAVI.so >>cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs >>chmod 644 blib/arch/auto/SAVI/SAVI.bs >>Manifying blib/man3/SAVI.3pm >> >>... it's the 'gcc: unrecognized option' that looks to me that isn't >>actually building the .so shared library... there is, though, a SAVI.so >>in blib/arch/auto/SAVI. >> >>make test shows: >> >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/use....Can't load >>'/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module >>SAVI: libsavi.so.3: cannot open shared object file: No such file or >>directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm >>line 230. >> at t/use.t line 8 >> >>... it is, however, there. >> >>Running a forced 'make install' and then using 'sophossavi' in >>MailScanner elicits errors about not being able to find SAVI: >> >>Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, >>did you >>install it? >> >>Anyone else swimming in these dark waters before I try the auth of >>SAVI-Perl? >> >> >> >>---------------------------------------------------------------------------------------------------> >>Peter Bates, Systems Support Officer, IT Services. >>London School of Hygiene & Tropical Medicine. >>Telephone:0207-958 8353 / Fax: 0207- 636 9838 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > -- > Steve Hickel > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Thu Mar 3 17:51:58 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... > MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> >Try removing the -R option and add /usr/local/Sophos/lib to >/etc/ld.so.conf then run ldconfig. Worked first time! RHEL4 also has the interesting 'include /etc/ld.so.conf.d' so I could have just dropped in a file called 'sophos' in there with the relevant path listed. Julian... you are the proverbial * ! (That's a star, and not some expletive). ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Thu Mar 3 18:23:57 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:49 2006 Subject: Bayes file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, FreeBSD 5.3-RELEASE, MS-4.3.9, sa3.01, i've downloaded bayes3 i believe it is, i am trying to control the influx of spam. I am not sure where to put these files and/or what to do with any configuration? Any help appreciated. Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 18:25:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: At 11:41 AM 3/3/2005, Jim Coates wrote: >I seem to have a large number of messages that have garbage subject lines >(either made up of foreign characters or random characters) that get past >MailScanner/Spam Assassin. > >Have any of you found a decent ruleset that stops these? I use the FVGT_s_OBFU_* rules for this with good success.. they're kind of old, but work well for me.. I don't think there's a CF file out there for them, but they are on exit0.us: http://www.exit0.us/index.php?pagename=FredsRules ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 19:36:38 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > I would like to try and get it to handle Bitdefender. only need to > modify ONE (or maybe 2) line of code from what i can see. > > The output and string values for Bitdefender. ANy idea whgat they might be? > > # Scanner Strings > my %Scanners = ( > bitdefender => { > Output => '/(.+) Found virus (.*)', > String => '/(.+) Found virus (.*)\'}, > sophos => { > Output => '>>> Virus', > String => '>>> Virus \'(.*)\''}, > sophossavi => { > Output => 'INFECTED::', > String => 'INFECTED:: (.*)::'}, > inoculan => { > Output => 'was infected by virus', > String => 'was infected by virus \[(.*)\]'}, > clamav => { > Output => 'FOUND', > String => ':.* (.*) FOUND'}, > command => { > Output => 'Infection:', > String => 'Infection: (.*)'}, > "f-prot" => { > Output => 'Infection:', > String => 'Infection: (.*)'}, > mcafee => { > Output => 'Found the', Maybe start with this; bitdefender=> { Output => '\/.*infected:', String => '\/.*infected: (.*)' }, Might take some playing, but this is out of Vispan. I had to give credit where credit is due! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 20:11:38 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- John Wilcock a écrit : > > Or just scan it in MailScanner, then send it to > their box clean to prove > how good MS is! I'm going to take flak for it, but I love this idea (Martin and Adri, thanks for the same kind of idea). VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:17:55 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anyone know which of the rulesdujour are now handled by SA3.02 by default? It seems from the doco that bigevil is automatically enabled as a default RBL check? Does this cover any fo the other ruledujour? Or what needs to be done to ahve ALL of these on? Just follow the normal ruledujour procedure for SA 2.6 ? thanks Pete Martin Hepworth wrote: > Jim > > quick replay - on way home.. > > have a look in www.rulesemporium.com/rules.htm for things what will > cover this. Chickenpox rules are good too (on the other). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:20:15 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Then its really hard - unlress you archive a users or a lot of incoming mail for a while, OR setup a mailbox to spam and ham on your servers. Again, it will require a little planning and research. There is a guide in the maq on www.mailscanner.info and plebnty in the list archives. Let us know how you go. David Curtis wrote: > Thanks. > I am not sure how to sa-learn in this case. We are setup as a gateway > for an GroupWise server. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> > David > > you have to teach bayes when it's wrong. (see info in sa-learn) > > also having alot of the rules from www.rulesemporium.com/rules.htm > can > help alot too. Drip feed them in and see which ones help the most. > > DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, > again these help alot. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > > MailScanner install doc. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > > David > > > > restore from an earlier version...?? You backup the thing, yes??? > > > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > > may help. What version of SA and do you run the URI-RBL stuff? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > David Curtis wrote: > > > I think my bayes is messed up. I have several dozen e-mails that I > think > > > are spam. The rule for bayes_00 is letting it through. > > > Here is the score: > > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > > RCVD_IN_NJABL_SPAM 1.84) > > > X-SBSD-MailScanner-SpamScore: 3 > > > > > > Any idea? > > > > > > > > > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > > Portability and Accountability Act (HIPAA). If this email contains > > > confidential and/or privileged health or student information and you > > > are not entitled to access such information under FERPA or HIPAA, > > > federal regulations require that you destroy this email without > > > reviewing it and you may not forward it to anyone. > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > >
/>********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > they > >
are addressed. If you have received this email in error please > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
/>********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:23:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] When i first build a mailscanner machine i make /etc/mail/spamassassin/local.cf a symlink to /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. Pete Wechsler wrote: > Wechsler wrote: > >> Steen, Glenn wrote: > > >>> Not MS, but SA. "su - Debian-exim" and run >>> spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 >>> | grep bayes >> >> >> >> Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my >> source. Might have to do some tweaking 'round here... > > > Right, looks like I do - and, in the interests of letting others learn > from my mistakes, here's what I need to change: > > I've got crontab tasks running as Debian-exim on two IMAP folders: > falsepos, and falseneg, as follows: (I'm sure you can guess the other). > > 15 * * * * /usr/bin/sa-learn --mbox --spam /home2/wechsler/mail/falseneg > > This, not-very-surprisingly, learns to "~Debian-exim/.spamassassin/bayes*" > > To get it to learn to the desired location, I just pull in MS's SA > config file: (the following being really one line) > > /usr/bin/sa-learn --mbox --spam -p \ > /etc/MailScanner/spam.assassin.prefs.conf /home2/wechsler/mail/falseneg > > That seems to learn to the "right place" for me. Make sense to you? > > > Thanks again, > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 21:23:58 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: I've toyed with the idea of creating a mailbox for SPAM and HAM that users can forward email into to be learned using a CRON job. However, I'm concerned that since they would be forwarding the email, the headers would be incorrect (different from the original). Is there a way around this as it seems ideal to simply let users forward email that they consider SPAM into some sort of account the be learned on a CRON basis by SpamAssassin? Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 3:20 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 Then its really hard - unlress you archive a users or a lot of incoming mail for a while, OR setup a mailbox to spam and ham on your servers. Again, it will require a little planning and research. There is a guide in the maq on www.mailscanner.info and plebnty in the list archives. Let us know how you go. David Curtis wrote: > Thanks. > I am not sure how to sa-learn in this case. We are setup as a gateway > for an GroupWise server. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> > David > > you have to teach bayes when it's wrong. (see info in sa-learn) > > also having alot of the rules from www.rulesemporium.com/rules.htm > can help alot too. Drip feed > them in and see which ones help the most. > > DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, > again these help alot. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA > 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I > followed the > MailScanner install doc. > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > > David > > > > restore from an earlier version...?? You backup the thing, yes??? > > > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > > may help. What version of SA and do you run the URI-RBL stuff? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > David Curtis wrote: > > > I think my bayes is messed up. I have several dozen e-mails that I > think > > > are spam. The rule for bayes_00 is letting it through. > > > Here is the score: > > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > > RCVD_IN_NJABL_SPAM 1.84) > > > X-SBSD-MailScanner-SpamScore: 3 > > > > > > Any idea? > > > > > > > > > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > > Portability and Accountability Act (HIPAA). If this email contains > > > confidential and/or privileged health or student information and you > > > are not entitled to access such information under FERPA or HIPAA, > > > federal regulations require that you destroy this email without > > > reviewing it and you may not forward it to anyone. > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > >
/>********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > they > >
are addressed. If you have received this email in error please > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
/>********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > >
/>********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:28:28 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] also note that the mail-CLamAV fails on RHEL4 too. Its the last thing to get working, all of the other associated products worked fine. Removing previously used /root/.cpan/build/Mail-ClamAV-0.14 CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.14.tar.gz Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.14 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. Can't locate Mail/ClamAV.pm in @INC (@INC contains: /root/.cpan/build/Mail-ClamAV-0.14/blib/arch /root/.cpan/build/Mail-ClamAV-0.14/blib/lib /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 make: *** Waiting for unfinished jobs.... cp ClamAV.pm blib/lib/Mail/ClamAV.pm make: *** Waiting for unfinished jobs.... /usr/bin/make -j3 -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Peter Bates wrote: > Hello all... > > >>MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> >>Try removing the -R option and add /usr/local/Sophos/lib to >>/etc/ld.so.conf then run ldconfig. > > > Worked first time! > > RHEL4 also has the interesting 'include /etc/ld.so.conf.d' > so I could have just dropped in a file called 'sophos' in there > with the relevant path listed. > > Julian... you are the proverbial * ! > > (That's a star, and not some expletive). > > > > ---------------------------------------------------------------------------------------------------> > Peter Bates, Systems Support Officer, IT Services. > London School of Hygiene & Tropical Medicine. > Telephone:0207-958 8353 / Fax: 0207- 636 9838 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 21:23:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Violaine Grimly wrote: > --- John Wilcock a écrit : > >>Or just scan it in MailScanner, then send it to >>their box clean to prove >>how good MS is! > > > I'm going to take flak for it, but I love this idea > (Martin and Adri, thanks for the same kind of idea). > > VG. Or send it from their box to MailScanner and see what their box misses! If it lets just one virus through, while a "free" product catches it, maybe mgmt. will take notice. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Thu Mar 3 21:38:56 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:49 2006 Subject: Panda not working Message-ID: Anyone managed to get panda working? I'm running MailScanner 4.38.9 on RH9 with the pavcl program file dated 1 July 03. I installed pavcl from rpm. pavcl is in /usr/bin and I have the pav.sig signature file in /usr/lib/panda. The .sig file is dated today, so the autoupdate is working. The /usr/lib/MailScanner/panda-wrapper file refers to /bin/pavcl rather than /usr/bin/pavcl so I guess there's one potential problem. The /etc/MailScanner/virus.scanners.conf file contains the line: panda /usr/lib/MailScanner/panda-wrapper /usr There's the following advice in virus.scanners.conf: # You can test a -wrapper script with a command like this: # /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav /tmp # That command will attempt to scan /tmp using F-Secure. If it works you # should see some sensible output. If it fails, you will probably just see # an error message such as "Command not found" or similar. I've tried the command: /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp Along with a whole load of permutations. I've tried changing panda-wrapper and virus.scanners.conf but all to no avail. I just get "Virus: 0" as the response, even though there's a valid eicar.com test file in the directory that's being scanned and the equivalent f-prot command works fine. Running pavcl direct from the command line detects the eicar file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:37:12 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] YEah tghis is everyone's concern. Its been documented in the archives that most people attempt to use either an IMAP script on the mailscanner machine to pull the mail from the exchange/groupwise/domino server to an mbox/maildir and then run sa-learn on - as imap does a copy basically, rather than forwarding and destroying the original headers. Or even better is have access on your mail system so everyone can COPY into another mailbox and then run sa-learn on it. You could get bayes to ignore all the headers and just learn the content? I am not sure what everyone does about checking through all the mail to make sure the usrs ahvent put ham in the spa,m box etc Jim Coates wrote: > I've toyed with the idea of creating a mailbox for SPAM and HAM that users > can forward email into to be learned using a CRON job. > > However, I'm concerned that since they would be forwarding the email, the > headers would be incorrect (different from the original). > > Is there a way around this as it seems ideal to simply let users forward > email that they consider SPAM into some sort of account the be learned on a > CRON basis by SpamAssassin? > > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Peter Russell > Sent: Thursday, March 03, 2005 3:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > Then its really hard - unlress you archive a users or a lot of incoming mail > for a while, OR setup a mailbox to spam and ham on your servers. Again, it > will require a little planning and research. There is a guide in the maq on > www.mailscanner.info and plebnty in the list archives. > > Let us know how you go. > > > David Curtis wrote: > >>Thanks. >>I am not sure how to sa-learn in this case. We are setup as a gateway >>for an GroupWise server. >> >> >> >> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>David >> >>you have to teach bayes when it's wrong. (see info in sa-learn) >> >>also having alot of the rules from www.rulesemporium.com/rules.htm >> can help alot too. Drip feed >>them in and see which ones help the most. >> >>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>again these help alot. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>David Curtis wrote: >> > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>followed the > MailScanner install doc. > >> > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >> > David >> > >> > restore from an earlier version...?? You backup the thing, yes??? >> > >> > Anyway reminds us what extra rules you run like the SARE ones etc.. > > They > >> > may help. What version of SA and do you run the URI-RBL stuff? >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > >> > David Curtis wrote: >> > > I think my bayes is messed up. I have several dozen e-mails that I >>think >> > > are spam. The rule for bayes_00 is letting it through. >> > > Here is the score: >> > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, >> > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE > > 0.10, > >> > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >> > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > > 1.51, > >> > > RCVD_IN_NJABL_SPAM 1.84) >> > > X-SBSD-MailScanner-SpamScore: 3 >> > > >> > > Any idea? >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > This email may contain information protected under the Family >> > > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > > Portability and Accountability Act (HIPAA). If this email contains >> > > confidential and/or privileged health or student information and you >> > > are not entitled to access such information under FERPA or HIPAA, >> > > federal regulations require that you destroy this email without >> > > reviewing it and you may not forward it to anyone. >> > > >> > > ------------------------ MailScanner list ------------------------ >> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > > 'leave mailscanner' in the body of the email. >> > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > > >> > > Support MailScanner development - buy the book off the website! >> > >> >
>/>********************************************************************** >> >
>> >
This email and any files transmitted with it are confidential and >> >
intended solely for the use of the individual or entity to whom >>they >> >
are addressed. If you have received this email in error please >>notify >> >
the system manager. >> >
>> >
This footnote confirms that this email message has been swept >> >
for the presence of computer viruses and is believed to be clean. >> >
>> >
>/>********************************************************************** >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> > >> > >> > >> > This email may contain information protected under the Family >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > Portability and Accountability Act (HIPAA). If this email contains >> > confidential and/or privileged health or student information and you >> > are not entitled to access such information under FERPA or HIPAA, >> > federal regulations require that you destroy this email without >> > reviewing it and you may not forward it to anyone. >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > *Support MailScanner development - buy the book off the website!* >> >>
>/>********************************************************************** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom they >>
are addressed. If you have received this email in error please > > notify > >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be clean. >>
>>
> />********************************************************************** > >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 22:41:37 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: The concern with using IMAP for us is that my company's employees aren't centrally located (IE - we aren't all in the same office) and I don't trust IMAP without being part of the VPN etc. I could make everyone log in to the VPN and then copy over to IMAP, but it would cause their Outlook etc to give failure notices anytime they weren't connected to the VPN (as the IMAP accounts would not be able to be reached). We don't leave any copies of mail on the server itself once the user pulls it down, so I can't have them log back in via webmail etc to move it either. Hmmm... I'd like to hear what others are doing, as we have a couple users that in spite of the MailScanner and SpamAssassin settings, they are still getting a good deal of spam per day. Thanks, Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 4:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 YEah tghis is everyone's concern. Its been documented in the archives that most people attempt to use either an IMAP script on the mailscanner machine to pull the mail from the exchange/groupwise/domino server to an mbox/maildir and then run sa-learn on - as imap does a copy basically, rather than forwarding and destroying the original headers. Or even better is have access on your mail system so everyone can COPY into another mailbox and then run sa-learn on it. You could get bayes to ignore all the headers and just learn the content? I am not sure what everyone does about checking through all the mail to make sure the usrs ahvent put ham in the spa,m box etc Jim Coates wrote: > I've toyed with the idea of creating a mailbox for SPAM and HAM that > users can forward email into to be learned using a CRON job. > > However, I'm concerned that since they would be forwarding the email, > the headers would be incorrect (different from the original). > > Is there a way around this as it seems ideal to simply let users > forward email that they consider SPAM into some sort of account the be > learned on a CRON basis by SpamAssassin? > > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Thursday, March 03, 2005 3:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > Then its really hard - unlress you archive a users or a lot of > incoming mail for a while, OR setup a mailbox to spam and ham on your > servers. Again, it will require a little planning and research. There > is a guide in the maq on www.mailscanner.info and plebnty in the list > archives. > > Let us know how you go. > > > David Curtis wrote: > >>Thanks. >>I am not sure how to sa-learn in this case. We are setup as a gateway >>for an GroupWise server. >> >> >> >> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>David >> >>you have to teach bayes when it's wrong. (see info in sa-learn) >> >>also having alot of the rules from www.rulesemporium.com/rules.htm >> can help alot too. Drip feed >>them in and see which ones help the most. >> >>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>again these help alot. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>David Curtis wrote: >> > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>followed the > MailScanner install doc. > >> > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >> > David >> > >> > restore from an earlier version...?? You backup the thing, yes??? >> > >> > Anyway reminds us what extra rules you run like the SARE ones etc.. > > They > >> > may help. What version of SA and do you run the URI-RBL stuff? >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > >> > David Curtis wrote: >> > > I think my bayes is messed up. I have several dozen e-mails that >> > I >>think >> > > are spam. The rule for bayes_00 is letting it through. > Here >> > is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >> > SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >> > DCC_CHECK 2.17, DIGEST_MULTIPLE > > 0.10, > >> > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >> > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > > 1.51, > >> > > RCVD_IN_NJABL_SPAM 1.84) >> > > X-SBSD-MailScanner-SpamScore: 3 >> > > >> > > Any idea? >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > This email may contain information protected under the Family > >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > > Portability and Accountability Act (HIPAA). If this email >> > contains > confidential and/or privileged health or student >> > information and you > are not entitled to access such information >> > under FERPA or HIPAA, > federal regulations require that you >> > destroy this email without > reviewing it and you may not forward >> > it to anyone. > > ------------------------ MailScanner list >> > ------------------------ > To unsubscribe, email >> > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >> > the body of the email. > Before posting, read the MAQ >> > (http://www.mailscanner.biz/maq/) and > the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > > >> > > Support MailScanner development - buy the book off the website! >> > >> >
>/>******************************************************************** >>** >> >
>> >
This email and any files transmitted with it are confidential >> > and
intended solely for the use of the individual or entity >> > to whom >>they >> >
are addressed. If you have received this email in error >> > please >>notify >> >
the system manager. >> >
>> >
This footnote confirms that this email message has been swept >> >
for the presence of computer viruses and is believed to be >> > clean.

>/>******************************************************************** >>** >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. Before posting, read >> > the MAQ (http://www.mailscanner.biz/maq/) and the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> > >> > >> > >> > This email may contain information protected under the Family >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > Portability and Accountability Act (HIPAA). If this email contains >> > confidential and/or privileged health or student information and >> > you are not entitled to access such information under FERPA or >> > HIPAA, federal regulations require that you destroy this email >> > without reviewing it and you may not forward it to anyone. >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. Before posting, read >> > the MAQ (http://www.mailscanner.biz/maq/) and the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > *Support MailScanner development - buy the book off the website!* >> >>
>/>******************************************************************** >>** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom they >>
are addressed. If you have received this email in error please > > notify > >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be >>clean.

> />******************************************************************** > ** > >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:45:44 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perfect!!!! Thanks so much. Scott Silva wrote: > Pete Russell wrote: > >>I would like to try and get it to handle Bitdefender. only need to >>modify ONE (or maybe 2) line of code from what i can see. >> >>The output and string values for Bitdefender. ANy idea whgat they might be? >> >># Scanner Strings >>my %Scanners = ( >> bitdefender => { >> Output => '/(.+) Found virus (.*)', >> String => '/(.+) Found virus (.*)\'}, >> sophos => { >> Output => '>>> Virus', >> String => '>>> Virus \'(.*)\''}, >> sophossavi => { >> Output => 'INFECTED::', >> String => 'INFECTED:: (.*)::'}, >> inoculan => { >> Output => 'was infected by virus', >> String => 'was infected by virus \[(.*)\]'}, >> clamav => { >> Output => 'FOUND', >> String => ':.* (.*) FOUND'}, >> command => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> "f-prot" => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> mcafee => { >> Output => 'Found the', > > > Maybe start with this; > bitdefender=> { > Output => '\/.*infected:', > String => '\/.*infected: (.*)' }, > > Might take some playing, but this is out of Vispan. I had to give credit > where credit is due! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:57:10 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] umm maybe you should be thinking about bayes and spam assassin setting son your server. Most folks dont get many spams thorugh on a well tuned gateway. Then once you are sure you ahve done everything you can move onto catching and learning from the users? The outlook bit has been discussed many times in the archives. Jim Coates wrote: > The concern with using IMAP for us is that my company's employees aren't > centrally located (IE - we aren't all in the same office) and I don't trust > IMAP without being part of the VPN etc. > > I could make everyone log in to the VPN and then copy over to IMAP, but it > would cause their Outlook etc to give failure notices anytime they weren't > connected to the VPN (as the IMAP accounts would not be able to be reached). > > We don't leave any copies of mail on the server itself once the user pulls > it down, so I can't have them log back in via webmail etc to move it either. > > Hmmm... > > I'd like to hear what others are doing, as we have a couple users that in > spite of the MailScanner and SpamAssassin settings, they are still getting a > good deal of spam per day. > > Thanks, > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Peter Russell > Sent: Thursday, March 03, 2005 4:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > YEah tghis is everyone's concern. Its been documented in the archives that > most people attempt to use either an IMAP script on the mailscanner machine > to pull the mail from the exchange/groupwise/domino server to an > mbox/maildir and then run sa-learn on - as imap does a copy basically, > rather than forwarding and destroying the original headers. > > Or even better is have access on your mail system so everyone can COPY into > another mailbox and then run sa-learn on it. > > You could get bayes to ignore all the headers and just learn the content? > > I am not sure what everyone does about checking through all the mail to make > sure the usrs ahvent put ham in the spa,m box etc > > > Jim Coates wrote: > >>I've toyed with the idea of creating a mailbox for SPAM and HAM that >>users can forward email into to be learned using a CRON job. >> >>However, I'm concerned that since they would be forwarding the email, >>the headers would be incorrect (different from the original). >> >>Is there a way around this as it seems ideal to simply let users >>forward email that they consider SPAM into some sort of account the be >>learned on a CRON basis by SpamAssassin? >> >>Jim Coates >>Laridian, Inc. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Peter Russell >>Sent: Thursday, March 03, 2005 3:20 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes 00 >> >> >>Then its really hard - unlress you archive a users or a lot of >>incoming mail for a while, OR setup a mailbox to spam and ham on your >>servers. Again, it will require a little planning and research. There >>is a guide in the maq on www.mailscanner.info and plebnty in the list >>archives. >> >>Let us know how you go. >> >> >>David Curtis wrote: >> >> >>>Thanks. >>>I am not sure how to sa-learn in this case. We are setup as a gateway >>>for an GroupWise server. >>> >>> >>> >>> >>>>>>martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>> >>>David >>> >>>you have to teach bayes when it's wrong. (see info in sa-learn) >>> >>>also having alot of the rules from www.rulesemporium.com/rules.htm >>> can help alot too. Drip feed >>>them in and see which ones help the most. >>> >>>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>>again these help alot. >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>David Curtis wrote: >>> >>>>Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>> >>>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>>followed the > MailScanner install doc. > >>> >>>> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >>>>David >>>> >>>>restore from an earlier version...?? You backup the thing, yes??? >>>> >>>>Anyway reminds us what extra rules you run like the SARE ones etc.. >> >>They >> >> >>>>may help. What version of SA and do you run the URI-RBL stuff? >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>David Curtis wrote: >>>> > I think my bayes is messed up. I have several dozen e-mails that >>>>I >>> >>>think >>> >>>> > are spam. The rule for bayes_00 is letting it through. > Here >>>>is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >>>>SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >>>>DCC_CHECK 2.17, DIGEST_MULTIPLE >> >>0.10, >> >> >>>> > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >>>> >>>>> MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK >> >>1.51, >> >> >>>> > RCVD_IN_NJABL_SPAM 1.84) >>>> > X-SBSD-MailScanner-SpamScore: 3 >>>> > >>>> > Any idea? >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > This email may contain information protected under the Family > >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>> >>>>>Portability and Accountability Act (HIPAA). If this email >>>> >>>>contains > confidential and/or privileged health or student >>>>information and you > are not entitled to access such information >>>>under FERPA or HIPAA, > federal regulations require that you >>>>destroy this email without > reviewing it and you may not forward >>>>it to anyone. > > ------------------------ MailScanner list >>>>------------------------ > To unsubscribe, email >>>>jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >>>>the body of the email. > Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and > the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> >>>>
>> >>>/>******************************************************************** >>>** >>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>>and
intended solely for the use of the individual or entity >>>>to whom >>> >>>they >>> >>>>
are addressed. If you have received this email in error >>>>please >>> >>>notify >>> >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>>clean.

>> >>>/>******************************************************************** >>>** >>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. Before posting, read >>>>the MAQ (http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>This email may contain information protected under the Family >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>>Portability and Accountability Act (HIPAA). If this email contains >>>>confidential and/or privileged health or student information and >>>>you are not entitled to access such information under FERPA or >>>>HIPAA, federal regulations require that you destroy this email >>>>without reviewing it and you may not forward it to anyone. >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. Before posting, read >>>>the MAQ (http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>
>>/>******************************************************************** >>>** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom they >>>
are addressed. If you have received this email in error please >> >>notify >> >> >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be >>>clean.

> >>/>******************************************************************** >>** >> >> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>>This email may contain information protected under the Family >>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>Portability and Accountability Act (HIPAA). If this email contains >>>confidential and/or privileged health or student information and you >>>are not entitled to access such information under FERPA or HIPAA, >>>federal regulations require that you destroy this email without >>>reviewing it and you may not forward it to anyone. >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 23:28:16 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: I will take a look at the archives. I think my settings on bayes and SpamAssassin are decent, as there really are only a couple users that are getting much of anything. Thanks, Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 4:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 umm maybe you should be thinking about bayes and spam assassin setting son your server. Most folks dont get many spams thorugh on a well tuned gateway. Then once you are sure you ahve done everything you can move onto catching and learning from the users? The outlook bit has been discussed many times in the archives. Jim Coates wrote: > The concern with using IMAP for us is that my company's employees > aren't centrally located (IE - we aren't all in the same office) and I > don't trust IMAP without being part of the VPN etc. > > I could make everyone log in to the VPN and then copy over to IMAP, > but it would cause their Outlook etc to give failure notices anytime > they weren't connected to the VPN (as the IMAP accounts would not be > able to be reached). > > We don't leave any copies of mail on the server itself once the user > pulls it down, so I can't have them log back in via webmail etc to > move it either. > > Hmmm... > > I'd like to hear what others are doing, as we have a couple users that > in spite of the MailScanner and SpamAssassin settings, they are still > getting a good deal of spam per day. > > Thanks, > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Thursday, March 03, 2005 4:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > YEah tghis is everyone's concern. Its been documented in the archives > that most people attempt to use either an IMAP script on the > mailscanner machine to pull the mail from the > exchange/groupwise/domino server to an mbox/maildir and then run > sa-learn on - as imap does a copy basically, rather than forwarding > and destroying the original headers. > > Or even better is have access on your mail system so everyone can COPY > into another mailbox and then run sa-learn on it. > > You could get bayes to ignore all the headers and just learn the > content? > > I am not sure what everyone does about checking through all the mail > to make sure the usrs ahvent put ham in the spa,m box etc > > > Jim Coates wrote: > >>I've toyed with the idea of creating a mailbox for SPAM and HAM that >>users can forward email into to be learned using a CRON job. >> >>However, I'm concerned that since they would be forwarding the email, >>the headers would be incorrect (different from the original). >> >>Is there a way around this as it seems ideal to simply let users >>forward email that they consider SPAM into some sort of account the be >>learned on a CRON basis by SpamAssassin? >> >>Jim Coates >>Laridian, Inc. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Peter Russell >>Sent: Thursday, March 03, 2005 3:20 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes 00 >> >> >>Then its really hard - unlress you archive a users or a lot of >>incoming mail for a while, OR setup a mailbox to spam and ham on your >>servers. Again, it will require a little planning and research. There >>is a guide in the maq on www.mailscanner.info and plebnty in the list >>archives. >> >>Let us know how you go. >> >> >>David Curtis wrote: >> >> >>>Thanks. >>>I am not sure how to sa-learn in this case. We are setup as a gateway >>>for an GroupWise server. >>> >>> >>> >>> >>>>>>martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>> >>>David >>> >>>you have to teach bayes when it's wrong. (see info in sa-learn) >>> >>>also having alot of the rules from www.rulesemporium.com/rules.htm >>> can help alot too. Drip feed >>>them in and see which ones help the most. >>> >>>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>>again these help alot. >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>David Curtis wrote: >>> >>>>Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>> >>>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>>followed the > MailScanner install doc. > >>> >>>> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >>>>David >>>> >>>>restore from an earlier version...?? You backup the thing, yes??? >>>> >>>>Anyway reminds us what extra rules you run like the SARE ones etc.. >> >>They >> >> >>>>may help. What version of SA and do you run the URI-RBL stuff? >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>David Curtis wrote: >>>> > I think my bayes is messed up. I have several dozen e-mails that >>>>I >>> >>>think >>> >>>> > are spam. The rule for bayes_00 is letting it through. > Here >>>>is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >>>>SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >>>>DCC_CHECK 2.17, DIGEST_MULTIPLE >> >>0.10, >> >> >>>> > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >>>> >>>>> MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK >> >>1.51, >> >> >>>> > RCVD_IN_NJABL_SPAM 1.84) >>>> > X-SBSD-MailScanner-SpamScore: 3 >>>> > >>>> > Any idea? >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > This email may contain information protected under the Family > >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>> >>>>>Portability and Accountability Act (HIPAA). If this email >>>> >>>>contains > confidential and/or privileged health or student >>>>information and you > are not entitled to access such information >>>>under FERPA or HIPAA, > federal regulations require that you >>>>destroy this email without > reviewing it and you may not forward >>>>it to anyone. > > ------------------------ MailScanner list >>>>------------------------ > To unsubscribe, email >>>>jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >>>>the body of the email. > Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and > the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> >>>>
>> >>>/>******************************************************************* >>>* >>>** >>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>>and
intended solely for the use of the individual or entity to >>>>whom >>> >>>they >>> >>>>
are addressed. If you have received this email in error please >>> >>>notify >>> >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>>clean.

>> >>>/>******************************************************************* >>>* >>>** >>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>>mailscanner' in the body of the email. Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>This email may contain information protected under the Family >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>>Portability and Accountability Act (HIPAA). If this email contains >>>>confidential and/or privileged health or student information and you >>>>are not entitled to access such information under FERPA or HIPAA, >>>>federal regulations require that you destroy this email without >>>>reviewing it and you may not forward it to anyone. >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>>mailscanner' in the body of the email. Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>
>>/>******************************************************************* >>>* >>>** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom they >>>
are addressed. If you have received this email in error please >> >>notify >> >> >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be >>>clean.

> >>/>******************************************************************** >>** >> >> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>>This email may contain information protected under the Family >>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>Portability and Accountability Act (HIPAA). If this email contains >>>confidential and/or privileged health or student information and you >>>are not entitled to access such information under FERPA or HIPAA, >>>federal regulations require that you destroy this email without >>>reviewing it and you may not forward it to anyone. >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 23:47:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Pete Russell wrote: > >>I would like to try and get it to handle Bitdefender. only need to >>modify ONE (or maybe 2) line of code from what i can see. >> >>The output and string values for Bitdefender. ANy idea whgat they might be? >> >># Scanner Strings >>my %Scanners = ( >> bitdefender => { >> Output => '/(.+) Found virus (.*)', >> String => '/(.+) Found virus (.*)\'}, >> sophos => { >> Output => '>>> Virus', >> String => '>>> Virus \'(.*)\''}, >> sophossavi => { >> Output => 'INFECTED::', >> String => 'INFECTED:: (.*)::'}, >> inoculan => { >> Output => 'was infected by virus', >> String => 'was infected by virus \[(.*)\]'}, >> clamav => { >> Output => 'FOUND', >> String => ':.* (.*) FOUND'}, >> command => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> "f-prot" => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> mcafee => { >> Output => 'Found the', > > > Maybe start with this; > bitdefender=> { > Output => '\/.*infected:', > String => '\/.*infected: (.*)' }, > > Might take some playing, but this is out of Vispan. I had to give credit > where credit is due! > As a matter of fact, try this one as I got it working today; I will have to send a diff to the writer -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] #!/usr/bin/perl -w # # vnames.pl [-v] Version 2.1.2 - 4/5/2004 # ---------------------------------------------------------------------------- # Print a report of all the e-mail viruses received today. # # Contributors v.2.x.x: # McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin@USherbrooke.ca) # H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang@antares.de) # McAfee virus|trojan fix - James Gray (james@grayonline.id.au) # BitDefender support - Scott Silva (ssilva@sgvwater.com) # Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh@partnersolutions.ca) # originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/). # Panda support - Pedro Rosa (Pedro.Rosa@SA.FC.UL.PT) # # Contributors v.1.x.x: # Sophos Support - Aaron Seelye (aseelye-lists@eltopia.com) # F-Prot Support - jburzenski (jburzenski@americanhm.com) # # Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact@csma.biz) # www.csma.biz # By postal mail: # McFadden Associates # PO Box 20665 # Lehigh Valley, PA 18002 # U.S.A. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Definable Vars $Scanner = "mcafee,clamav,bitdefender"; # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot, # mcafee,mcafee_fr,fsecure,panda,antivir,bitdefender $HTML = "yes"; # yes|no (no=text only) $Sort = "count"; #count|name (count=ascending) $MailLogFile = "/var/log/maillog"; $SendMail = "/usr/sbin/sendmail"; $StatsFile = "/root/virus.log"; # Scanner Strings my %Scanners = ( sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', String => 'Found the (.*) (virus|trojan) !!!'}, mcafee_fr => { Output => 'contient le', String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'}, fsecure => { Output => '.*Infection: (.*)', String => '.*Infection: (.*)'}, panda => { Output => 'Virus: (.*)', String => '.* => (.*)##'}, antivir => { Output => 'ALERT: (.*)', String => 'ALERT: \[(.*)\]'}, bitdefender => { Output => '\/.*infected:', String => '\/.*infected: (.*)'}, ); my %ScannerText = ( sophos => "Sophos SAV", sophossavi => "Sophos SAVI", inoculan => "Inoculan", clamav => "ClamAV", command => "Command", "f-prot" => "F-Prot", mcafee => "McAfee", mcafee_fr => "McAfee (with French messages)", fsecure => "FSecure", panda => "Panda Antivirus", antivir => "H+BEDV AntiVir", bitdefender =>"BitDefender Antivirus" ); # Internal Vars $EmailTo = $ARGV[0]; if ($EmailTo eq "") { print "\tUsage: vnames.pl [-v] \n"; exit 1; } if ($EmailTo eq "-v") { print "\n"; print "\tvnames.pl - MailScanner Virus Filter Report.\n"; print "\t Version 2.1.2, released 4/5/2004.\n"; print "\t http://web.csma.biz/apps/vnames.shtml\n\n"; print "\tScanners supported:\n"; foreach $in(sort(keys %ScannerText)) { printf "\t %-12s %-20s\n", $in, $ScannerText{$in}; } print "\n"; exit 0; } @UseScanners = split(/,/,$Scanner); $now_date = localtime(time); @TIM = split(/\ /,$now_date); # Check this $AnsiDate = ""; # # Program Main # &parse_date; open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail."; &print_header; foreach $in(@UseScanners) { &init_vars; &print_sectionheader($in); &check_log($in); &print_sortedresults; &print_sectionfooter; } &print_footer; close SENDMAIL; #&write_stats; # # Program Subroutines # sub init_vars { %Seen = (); @SortedList = (); @Names1 = (); $count = 0; } sub print_header { # Print e-mail header my $myhostname = (`hostname`); $myhostname =~ s/\n//g; print SENDMAIL "Reply-to: root\@$myhostname\n"; print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n"; print SENDMAIL "To: $EmailTo\n"; if ($HTML eq "yes") { print SENDMAIL "Content-type: text/html\;\n\n"; print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub print_sectionheader { # Start each scanner block # Current scanner name must be supplied my $currentscanner = $_[0]; if ($HTML eq "yes") { print SENDMAIL "

\n"; print SENDMAIL "Viruses found by MailScanner \&\; $ScannerText{$currentscanner} today:\n"; } else { print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n"; } } sub print_sectionfooter { if ($HTML eq "yes") { print SENDMAIL "


"; } else { print SENDMAIL "\n\n"; } } sub check_log { # Current scanner name must be supplied my $currentscanner = $_[0]; my $ThisScanner = $Scanners{$currentscanner}; open (MAILLOG,$MailLogFile); while ($cline = ) { $cline =~ s/\n//g; if ($cline =~ "$TIM[1] $TIM[2]") { if ($cline =~ /$ThisScanner->{Output}/) { ($vname) = ($cline =~ /$ThisScanner->{String}/); $count = ($count + 1); $vname =~ s/\ //g; $vname =~ s/\n//g; push @Names1,"$vname"; } } } close MAILLOG; } sub print_sortedresults { # Take the resulting array, Names1, and sort with a count. my @UniqueList = (); foreach $in(@Names1) { push (@UniqueList,$in) unless ($Seen{$in}); $Seen{$in}++; } @SortedList = sort(@UniqueList); if ($HTML eq "yes") { # HTML output print SENDMAIL "\n"; if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { # print SENDMAIL "\n"; print SENDMAIL "\n"; } } else { # Sorted by name foreach $in(@SortedList) { print SENDMAIL "\n"; } } print SENDMAIL "
\ \ $in\ \  $Seen{$in}
\ \ $in$Seen{$in}
\ \ $in$Seen{$in}
\n"; } else { # Text output if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } else { # Sorted by name foreach $in(@SortedList) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } } if ($count eq 0) { print SENDMAIL "None.\n"; } else { print SENDMAIL "A total of $count viruses were found and filtered.\n"; } } sub print_footer { if ($HTML eq "yes") { print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub write_stats { # Write CSV Stats for Excel graphs and whatnot open (STAT, ">>$StatsFile"); foreach $in(@SortedList) { print STAT "$AnsiDate,$in,$Seen{$in}\n"; } close STAT; } sub parse_date { my $date=localtime(); my ($day, $month, $num, $time, $year) = split(/\s+/,$date); if ($month eq "Jan") { $month = "1"; } if ($month eq "Feb") { $month = "2"; } if ($month eq "Mar") { $month = "3"; } if ($month eq "Apr") { $month = "4"; } if ($month eq "May") { $month = "5"; } if ($month eq "Jun") { $month = "6"; } if ($month eq "Jul") { $month = "7"; } if ($month eq "Aug") { $month = "8"; } if ($month eq "Sep") { $month = "9"; } if ($month eq "Oct") { $month = "10"; } if ($month eq "Nov") { $month = "11"; } if ($month eq "Dec") { $month = "12"; } $month = int($month); $num = int($num); if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; }; if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; }; $AnsiDate = "$year-$fmonth-$fnum"; } exit 0; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 00:42:07 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been pulling my hair out trying to force the razor to stop logging in my hold dir for postfix. MailScanner run ass the user postfix. I have the following set. 1. Output from sa --lint test Razor-Log: Computed razorhome from env: /var/www/.razor Razor-Log: Found razorhome: /var/www/.razor Razor-Log: read_file: 16 items read from /var/www/.razor/razor-agent.conf Mar 04 11:29:16.839322 check[22261]: [ 5] computed razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, ident=/var/www/.razor/identity everything else is successful. 2. [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ total 40 drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 server.folly.cloudmark.com.conf -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.catalogue.lst.lock -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.nomination.lst.lock -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 server.tension.cloudmark.com.conf 3. contents of raz-agent.conf debuglevel = 0 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination = servers.nomination.lst logfile = /dev/null logic_method = 4 min_cf = ac razorzone = razor2.cloudmark.com What else do i need to do to force this buggar of thing to stop logging to my postfix/hold dir? Thanks in advance for ANY tips Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Mar 4 01:26:55 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:49 2006 Subject: Unrar Patches Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I have attached the two patches needed to do the unrar handling. I have tested them with various rar files and forced time outs and everything seems fine. Hopefully I have them commented well enough for you to "get them" without wondering why this or that was done. They also include the code for handling the duplicate filename problem but that code is noted and commented out. I also took the liberty of moving that annoying "RAR Module failure" message into the info section of the parseclamavmodule section (since about every rar close to modern is going to cause it). There is a line (95) in the Message.pm.diff file that had me puzzled because it was in the patch I sent last year that allowed the reports to separate the problems in the report.txt. I noticed the items were still in languages.txt but I am not sure if you did something else with the code so if that shouldn't be there now please comment it out or remove it. There are also a couple of changes to the SafePipe sub, I noticed while running in debug that an error popped up regarding SIGALARM not being a valid parameter so I added "use POSIX qw(:signal_h);" just before the eval. I also open STDIN to /dev/null in the child before the exec. Leaving STDIN alone did cause problems in certain cases and might have something to do with the Solaris problem you noted, I can't test that. Last odd thing I noted, while running in debug mode, is a bunch of " uninitialized value" errors that revolved around the use of f-prot version checking, every instance of $tnefname = $message->{entity2file}{$message->{tnefentity}} and $top->head->mime_attr('content-disposition'). I fixed them while I was testing but removed the fixes before creating the diff files. I don't know if you noticed them or not but they occurred with every test message I sent that had an attachment. I doubt that they are causing any problems, just extra noise when you are debugging. Thanks Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 8KB. ] [ Unable to print this part. ] From eneal at dfi-intl.com Fri Mar 4 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: This can be controlled by setting the razor home in your sa config file. But this needs to coincide with the location you created your razor configs in. Run razor-admin --create with the switch that controlls its home then edit the razor confi file and your sa config file. I may not be giving the directions in the right order, but its all there. If you don't get it right, or if no one else responds before I get to my servers, then ill correct myself where needed. Errol -----Original Message----- From: Peter Russell Date: Fri, 4 Mar 2005 11:42:07 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Razor-agent.log - how? I have been pulling my hair out trying to force the razor to stop logging in my hold dir for postfix. MailScanner run ass the user postfix. I have the following set. 1. Output from sa --lint test Razor-Log: Computed razorhome from env: /var/www/.razor Razor-Log: Found razorhome: /var/www/.razor Razor-Log: read_file: 16 items read from /var/www/.razor/razor-agent.conf Mar 04 11:29:16.839322 check[22261]: [ 5] computed razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, ident=/var/www/.razor/identity everything else is successful. 2. [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ total 40 drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 server.folly.cloudmark.com.conf -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.catalogue.lst.lock -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.nomination.lst.lock -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 server.tension.cloudmark.com.conf 3. contents of raz-agent.conf debuglevel = 0 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination = servers.nomination.lst logfile = /dev/null logic_method = 4 min_cf = ac razorzone = razor2.cloudmark.com What else do i need to do to force this buggar of thing to stop logging to my postfix/hold dir? Thanks in advance for ANY tips Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 4 06:27:49 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:49 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > When i first build a mailscanner machine i make > /etc/mail/spamassassin/local.cf a symlink to > /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. > > Pete > As pointed out by someone sometime back, this MIGHT be a bad idea as SA will use both /etc/mail/spamassassin/local.cf & /etc/MailScanner/spam.assassin.prefs thereby using more resources.. I maybe wrong though. Can anyone clarify? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 08:12:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: ANNOUNCE: Knowledge-base about SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have our SMGateway Knowledge base started. The site below will be our web based support homepage, but anyone who downloaded SMGateway will be able to use the KnowledgeBase. Please go to: http://support.fsl.com/cgi-bin/pdesk.cgi And select "Articles" on the left side of the page. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Fri Mar 4 09:13:03 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I want to inform my recipients about virus mail they are receiving. Hence I changed the configuration, Deliver Cleaned Message = to a ruleset In the rule set I am stating, To: expecting, that the recipient being my users deliver the warning mesg For all other users I don't want the warning mesg. But what happens now is, other users also, say @yahoo.com receiving the warning mesg. Can someone advice how can i achieve this? Regards Devi S. From MailScanner at ecs.soton.ac.uk Fri Mar 4 09:18:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to say To: domain.com yes in your ruleset. You should also add a default rule FromOrTo: default no then "reload" or restart MailScanner. Devi Sambamoorthy wrote: > I want to inform my recipients about virus mail they are receiving. > > Hence I changed the configuration, > > Deliver Cleaned Message = to a ruleset > > In the rule set I am stating, > > To: > > expecting, that the recipient being my users deliver the warning mesg > For all other users I don't want the warning mesg. > > > But what happens now is, other users also, say @yahoo.com receiving > the warning mesg. > > Can someone advice how can i achieve this? > > Regards > Devi S. > > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 09:22:15 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Violaine Grimly > Sent: den 3 mars 2005 21:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: External virus scanners > > > --- John Wilcock a écrit : > > > > Or just scan it in MailScanner, then send it to > > their box clean to prove > > how good MS is! > > I'm going to take flak for it, but I love this idea > (Martin and Adri, thanks for the same kind of idea). A good strategy is always to be prepared (why do I feel like a boyscout, suddenly?-), and start out ... slow. Don't delete too much, just quarantine (store) etc. And look at implementing MailWatch (if feasible for your organization)... That was what brought my PHB over, especially the easy stats and convenient quarantine release ... Done right, you'll get no flak at all, just kudos;-) -- Glenn > > VG. > > > > > > > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de > stockage pour vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Fri Mar 4 09:23:02 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Zero epoch-date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since I've switched over to exim4 and Mailscanner, I'm getting one particular list mail that gets its date 'zeroed' (actually I think it's completely missing, but Thunderbird displays it as 1/1/70). Now this could well be an exim4 issue (when I was running Exim3 and no MailScanner, a date was appearing from 'somewhere'). Obviously, zeroed dates don't help with sorting mail, so can anyone suggest which step of the chain is causing the problem? (I'm suspecting it may be the message sender failing to provide a date, but, as noted, something must have been filling them in in the past). If it's not a Mailscanner issue, my apologies for raising it here. Headers are: From - Tue Mar 1 09:07:22 2005 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-path: Envelope-to: richard@phase.org Delivery-date: Tue, 01 Mar 2005 00:56:35 +0000 Received: from gate09.smwebhost.com ([62.189.242.169] helo=smgs-me-1.s3ms.com) by heifong.phase.org with smtp (Exim 4.44) id 1D5vge-0007P6-Av for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 From: TheUNIXJobBoard.com To: Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 X-PhaseOrg-MailScanner: Found to be clean X-PhaseOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=-90.908, required 6, CLICK_BELOW 1.52, CLICK_HERE_LINK 1.79, DATE_MISSING 0.25, HTML_40_50 0.47, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, MAILTO_LINK 0.04, MIME_BASE64_TEXT 1.10, MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10, RCVD_IN_ORBS 1.00, RCVD_IN_OSIRUSOFT_COM 2.00, USER_IN_WHITELIST -100.00) X-MailScanner-From: vacancies@theitjobboard.com Status: O X-UID: 52296 Content-Length: 23896 X-Keywords: And in the 'safety' archive: heifong:/var/spool/MailScanner/archive/20050301# cat 1D5vge-0007P6-Av-H 1D5vge-0007P6-Av-H root 0 0 1109638592 0 -helo_name smgs-me-1.s3ms.com -host_address 62.189.242.169.4156 -host_name gate09.smwebhost.com -interface_address 80.68.88.241.25 -received_protocol smtp -body_linecount 314 -deliver_firsttime XX 1 richard@phase.org 200P Received: from gate09.smwebhost.com ([62.189.242.169] helo=smgs-me-1.s3ms.com) by heifong.phase.org with smtp (Exim 4.44) id 1D5vge-0007P6-Av for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 058F From: TheUNIXJobBoard.com 028T To: 061 Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board 018 MIME-Version: 1.0 024 Content-Type: text/html 034 Content-Transfer-Encoding: base64 Many thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 4 09:35:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:49 2006 Subject: Zero epoch-date Message-ID: Hi the From - header is bust Looking at the -H file there's no Date: there either so Thunderbird is displaying the information correctly. An example of what should be in the header file from by 4.43 (must upgrade to 4.50) 038 Date: Fri, 04 Mar 2005 08:24:39 -0100 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Wechsler wrote: > Since I've switched over to exim4 and Mailscanner, I'm getting one > particular list mail that gets its date 'zeroed' (actually I think it's > completely missing, but Thunderbird displays it as 1/1/70). Now this > could well be an exim4 issue (when I was running Exim3 and no > MailScanner, a date was appearing from 'somewhere'). > > Obviously, zeroed dates don't help with sorting mail, so can anyone > suggest which step of the chain is causing the problem? > (I'm suspecting it may be the message sender failing to provide a date, > but, as noted, something must have been filling them in in the past). > > If it's not a Mailscanner issue, my apologies for raising it here. > > Headers are: > > From - Tue Mar 1 09:07:22 2005 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-path: > Envelope-to: richard@phase.org > Delivery-date: Tue, 01 Mar 2005 00:56:35 +0000 > Received: from gate09.smwebhost.com ([62.189.242.169] > helo=smgs-me-1.s3ms.com) > by heifong.phase.org with smtp (Exim 4.44) > id 1D5vge-0007P6-Av > for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 > From: TheUNIXJobBoard.com > To: > Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: base64 > X-PhaseOrg-MailScanner: Found to be clean > X-PhaseOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=-90.908, > required 6, CLICK_BELOW 1.52, CLICK_HERE_LINK 1.79, > DATE_MISSING 0.25, HTML_40_50 0.47, HTML_LINK_CLICK_HERE 0.10, > HTML_MESSAGE 0.00, MAILTO_LINK 0.04, MIME_BASE64_TEXT 1.10, > MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10, RCVD_IN_ORBS 1.00, > RCVD_IN_OSIRUSOFT_COM 2.00, USER_IN_WHITELIST -100.00) > X-MailScanner-From: vacancies@theitjobboard.com > Status: O > X-UID: 52296 > Content-Length: 23896 > X-Keywords: > > And in the 'safety' archive: > > heifong:/var/spool/MailScanner/archive/20050301# cat 1D5vge-0007P6-Av-H > 1D5vge-0007P6-Av-H > root 0 0 > > 1109638592 0 > -helo_name smgs-me-1.s3ms.com > -host_address 62.189.242.169.4156 > -host_name gate09.smwebhost.com > -interface_address 80.68.88.241.25 > -received_protocol smtp > -body_linecount 314 > -deliver_firsttime > XX > 1 > richard@phase.org > > 200P Received: from gate09.smwebhost.com ([62.189.242.169] > helo=smgs-me-1.s3ms.com) > by heifong.phase.org with smtp (Exim 4.44) > id 1D5vge-0007P6-Av > for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 > 058F From: TheUNIXJobBoard.com > 028T To: > 061 Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board > 018 MIME-Version: 1.0 > 024 Content-Type: text/html > 034 Content-Transfer-Encoding: base64 > > > Many thanks, > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 09:46:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 3 mars 2005 22:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Panda not working > > > Anyone managed to get panda working? > > I'm running MailScanner 4.38.9 on RH9 with the pavcl program > file dated 1 > July 03. I installed pavcl from rpm. > > pavcl is in /usr/bin and I have the pav.sig signature file in > /usr/lib/panda. The .sig file is dated today, so the > autoupdate is working. > > The /usr/lib/MailScanner/panda-wrapper file refers to > /bin/pavcl rather than > /usr/bin/pavcl so I guess there's one potential problem. > > The /etc/MailScanner/virus.scanners.conf file contains the line: > > panda /usr/lib/MailScanner/panda-wrapper /usr > > There's the following advice in virus.scanners.conf: > > # You can test a -wrapper script with a command like this: > # /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav /tmp > # That command will attempt to scan /tmp using F-Secure. If > it works you > # should see some sensible output. If it fails, you will > probably just see > # an error message such as "Command not found" or similar. > > I've tried the command: > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp Try /usr/lib/MailScanner/panda-wrapper /usr /tmp since the lines $pavcl = shift; $pavcl .= '/bin/pavcl'; would first set $pavcl to /usr, then concatenate /bin/pavcl onto that, making $pavcl (which is used further down) be /usr/bin/pavcl If that doesn't work, try it while standing in the /tmp directory. Looking at it, it seems like the wrapper ignores any path, but will preserve scanner options. -- Glenn > > Along with a whole load of permutations. I've tried changing > panda-wrapper > and virus.scanners.conf but all to no avail. I just get > "Virus: 0" as the > response, even though there's a valid eicar.com test file in > the directory > that's being scanned and the equivalent f-prot command works > fine. Running > pavcl direct from the command line detects the eicar file. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Fri Mar 4 09:47:23 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > As someone suggested, putting it on the wiki might be the best idea all > round. > I've modified the article a little and added some conditions of copying. Subject to these, feel free to use it as you will. (http://www.phase.org/journal/byjid/8550) Note that I'm unlikely to be able to wikify it myself, for a while at least. Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 10:03:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "windows-1251" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Seems like that is the home dir for your webserver, not postfix? Perhaps this is from MailWatch? No matter... Another way to solve this is to create the .razor directory in ~postfix and make it writeable to postfix, then run the discovery/setup as the postfix user ... If you run in a chroot jail, this might entail "su - postfix -s /bin/sh" and ... well discover away:-). At least how I solved it. My .02^Ès worth...:-) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Errol Uriel Neal Jr. > Sent: den 4 mars 2005 01:00 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Razor-agent.log - how? > > > This can be controlled by setting the razor home in your sa > config file. But this needs to coincide with the location you > created your razor configs in. > Run razor-admin --create with the switch that controlls its > home then edit the razor confi file and your sa config file. > I may not be giving the directions in the right order, but > its all there. If you don't get it right, or if no one else > responds before I get to my servers, then ill correct myself > where needed. > > Errol > -----Original Message----- > From: Peter Russell > Date: Fri, 4 Mar 2005 11:42:07 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Razor-agent.log - how? > > I have been pulling my hair out trying to force the razor to stop > logging in my hold dir for postfix. MailScanner run ass the > user postfix. > > > I have the following set. > > 1. > Output from sa --lint test > Razor-Log: Computed razorhome from env: /var/www/.razor > Razor-Log: Found razorhome: /var/www/.razor > Razor-Log: read_file: 16 items read from > /var/www/.razor/razor-agent.conf > Mar 04 11:29:16.839322 check[22261]: [ 5] computed > razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, > ident=/var/www/.razor/identity > > everything else is successful. > > 2. > [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ > total 40 > drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . > drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. > -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf > -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log > -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 > server.folly.cloudmark.com.conf > -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst > -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 > servers.catalogue.lst.lock > -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst > -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst > -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 > servers.nomination.lst.lock > -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 > server.tension.cloudmark.com.conf > > 3. > contents of raz-agent.conf > > debuglevel = 0 > identity = identity > ignorelist = 0 > listfile_catalogue = servers.catalogue.lst > listfile_discovery = servers.discovery.lst > listfile_nomination = servers.nomination.lst > logfile = /dev/null > logic_method = 4 > min_cf = ac > razorzone = razor2.cloudmark.com > > What else do i need to do to force this buggar of thing to > stop logging > to my postfix/hold dir? > > Thanks in advance for ANY tips > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > __________________________________________ > Errol Uriel Neal Jr. > Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 4 10:42:30 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "windows-1251" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Seems like that is the home dir for your webserver, not postfix? > Perhaps this is from MailWatch? > No matter... Another way to solve this is to create the .razor > directory in ~postfix and make it writeable to postfix, then > run the discovery/setup as the postfix user ... If you run in a > chroot jail, this might entail "su - postfix -s /bin/sh" and ... > well discover away:-). > At least how I solved it. My .02^Ès worth...:-) > > -- Glenn > Some more unsolicited advise RAZOR INSTALL (stolen conveniently from http://wiki.apache.org/spamassassin/RazorSiteWide) ================================================== Install Razor as per http://razor.sourceforge.net/docs/install.php upto step 4. Use the following commands to configure razor for SA, replace '/etc/mail/spamassassin/' with your preferred path: razor-admin -home=/etc/mail/spamassassin/.razor -create razor-admin -home=/etc/mail/spamassassin/.razor -discover razor-admin -home=/etc/mail/spamassassin/.razor -register If you have already done the above without the '-home' parameter then use the following step: mv ~/.razor /etc/mail/spamassassin/ Add to /etc/MailScanner/spam.assassin.prefs.conf, the following lines: razor_config /etc/mail/spamassassin/.razor/razor-agent.conf razor_timeout 10 Add to /etc/mail/spamassassin/.razor/razor-agent.conf the following line: razorhome = /etc/mail/spamassassin/.razor/ Use this in your crontab for razor discovery: minute hour * * * /usr/bin/razor-admin \ -conf=/etc/mail/spamassassin/.razor/razor-agent.conf -discover Ideally it should never complain about razor home or log again. Also use the following command for lint: /usr/bin/spamassassin -x -D \ -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2 more units of whatever currency, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Mar 4 11:36:34 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:49 2006 Subject: OT-INFO: sbl blocks big freemailer Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, just a info for all sbl (spamhaus) users: sbl actual blocks 217.72.192.242, its a relay host from web.de (biggest? german freemailer) http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21142 take a look to your spammails for blocked web.de mails, that sbl block is wrong have a nive weekend greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Mar 4 11:39:27 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the time to look at it right now, alas: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. t/Mail-ClamAV....dubious Test returned status 7 (wstat 1792, 0x700) Scalar found where operator expected at (eval 152) line 1, near "'int' $__val" (Missing operator before $__val?) DIED. FAILED tests 6-9, 11-13 Failed 7/13 tests, 46.15% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell > Sent: 03 March 2005 21:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > also note that the mail-CLamAV fails on RHEL4 too. Its the > last thing to get working, all of the other associated > products worked fine. > > > > Removing previously used /root/.cpan/build/Mail-ClamAV-0.14 > > CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.14.tar.gz > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV > -e1 0.14 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No > such file or directory. > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.14/blib/arch > /root/.cpan/build/Mail-ClamAV-0.14/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 > /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 2 > make: *** Waiting for unfinished jobs.... > cp ClamAV.pm blib/lib/Mail/ClamAV.pm > make: *** Waiting for unfinished jobs.... > /usr/bin/make -j3 -- NOT OK > Running make test > Can't test without successful make > Running make install > make had returned bad status, install seems impossible > > > Peter Bates wrote: > > Hello all... > > > > > >>MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> Try > removing the -R > >>option and add /usr/local/Sophos/lib to /etc/ld.so.conf then run > >>ldconfig. > > > > > > Worked first time! > > > > RHEL4 also has the interesting 'include /etc/ld.so.conf.d' > > so I could have just dropped in a file called 'sophos' in > there with > > the relevant path listed. > > > > Julian... you are the proverbial * ! > > > > (That's a star, and not some expletive). > > > > > > > > > -------------------------------------------------------------- > -------------------------------------> > > Peter Bates, Systems Support Officer, IT Services. > > London School of Hygiene & Tropical Medicine. > > Telephone:0207-958 8353 / Fax: 0207- 636 9838 > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Fri Mar 4 11:47:00 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yeah I missed it. now it works. Thanks ----- Original Message ----- From: "Julian Field" To: Sent: Friday, March 04, 2005 2:48 PM Subject: Re: Inform Recipient About Virus Mail > You need to say > > To: domain.com yes > > in your ruleset. You should also add a default rule > > FromOrTo: default no > > then "reload" or restart MailScanner. > > Devi Sambamoorthy wrote: > > > I want to inform my recipients about virus mail they are receiving. > > > > Hence I changed the configuration, > > > > Deliver Cleaned Message = to a ruleset > > > > In the rule set I am stating, > > > > To: > > > > expecting, that the recipient being my users deliver the warning mesg > > For all other users I don't want the warning mesg. > > > > > > But what happens now is, other users also, say @yahoo.com receiving > > the warning mesg. > > > > Can someone advice how can i achieve this? > > > > Regards > > Devi S. > > > > > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Fri Mar 4 11:49:37 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil napisa³(a): > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > Scalar found where operator expected at (eval 152) line 1, near "'int' > $__val" > (Missing operator before $__val?) > DIED. FAILED tests 6-9, 11-13 > Failed 7/13 tests, 46.15% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 > Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force I reported this to author. The answer is that it is *safe* to ignore that tests and install (works fine for me). However, author will release new version with fixed tests soon. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Fri Mar 4 11:53:12 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 4 Mar 2005 10:39 pm, Randal, Phil wrote: > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > Scalar found where operator expected at (eval 152) line 1, near "'int' > $__val" > (Missing operator before $__val?) > DIED. FAILED tests 6-9, 11-13 > Failed 7/13 tests, 46.15% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 > Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > Cheers, > > Phil Had EXACTLY the same problems on a Debian box yesterday. Decided to just force it and it works fine. I'm guessing the tests are borked somehow. Cheers, James -- "What's another word for Thesaurus?" -- Steven Wright ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Fri Mar 4 12:03:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Exactly how do you force it? Pete James Gray wrote: > On Fri, 4 Mar 2005 10:39 pm, Randal, Phil wrote: > >>Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the >>time to look at it right now, alas: >> >>Running make test >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) >>t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) >>t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) >>t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) >>t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) >>t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) >>t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) >>t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. >>t/Mail-ClamAV....dubious >> Test returned status 7 (wstat 1792, 0x700) >>Scalar found where operator expected at (eval 152) line 1, near "'int' >>$__val" >> (Missing operator before $__val?) >>DIED. FAILED tests 6-9, 11-13 >> Failed 7/13 tests, 46.15% okay >>Failed Test Stat Wstat Total Fail Failed List of Failed >>------------------------------------------------------------------------ >>------- >>t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 >>Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. >>make: *** [test_dynamic] Error 2 >> /usr/bin/make test -- NOT OK >>Running make install >> make test had returned bad status, won't install without force >> >>Cheers, >> >>Phil > > > Had EXACTLY the same problems on a Debian box yesterday. Decided to just > force it and it works fine. I'm guessing the tests are borked somehow. > > Cheers, > > James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Fri Mar 4 12:19:22 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 4 Mar 2005 11:03 pm, Pete Russell wrote: ** SNIPPED ** >> Had EXACTLY the same problems on a Debian box yesterday. Decided to >> just force it and it works fine. I'm guessing the tests are borked >> somehow. >> >> Cheers, >> >> James <<< top posting fixed >>> > Exactly how do you force it? > > Pete [Please don't top-post :) ] Inside the CPAN shell just do - force install Mail::ClamAV It's obvious once you've seen it :P I had to ask someone the first time too :) Cheers, James -- "Adopted kids are such a pain -- you have to teach them how to look like you ..." -- Gilda Radner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 4 12:28:16 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: I saw the same thing yesterday with Mail::ClamAV 0.14 on Solaris 9. No way would I install a perl module that can't pass its own tests. I had to revert to clamav instead of clamavmodule in MailScanner.conf as a result, due to my symlink issues posted yesterday. Jeff Earickson Colby College On Fri, 4 Mar 2005, [ISO-8859-2] Marcin Ro?ek wrote: > Date: Fri, 4 Mar 2005 12:49:37 +0100 > From: "[ISO-8859-2] Marcin Ro?ek" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > Randal, Phil napisa?(a): >> Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the >> time to look at it right now, alas: >> >> Running make test >> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >> t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) >> t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) >> t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) >> t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) >> t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) >> t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) >> t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) >> t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. >> t/Mail-ClamAV....dubious >> Test returned status 7 (wstat 1792, 0x700) >> Scalar found where operator expected at (eval 152) line 1, near "'int' >> $__val" >> (Missing operator before $__val?) >> DIED. FAILED tests 6-9, 11-13 >> Failed 7/13 tests, 46.15% okay >> Failed Test Stat Wstat Total Fail Failed List of Failed >> ------------------------------------------------------------------------ >> ------- >> t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 >> Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. >> make: *** [test_dynamic] Error 2 >> /usr/bin/make test -- NOT OK >> Running make install >> make test had returned bad status, won't install without force > I reported this to author. The answer is that it is *safe* to ignore that > tests and install (works fine for me). However, author will release new > version with fixed tests soon. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Mar 4 13:17:35 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jeff A. Earickson > Sent: Friday, March 04, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > > I saw the same thing yesterday with Mail::ClamAV 0.14 on Solaris 9. > No way would I install a perl module that can't pass its own tests. > I had to revert to clamav instead of clamavmodule in MailScanner.conf > as a result, due to my symlink issues posted yesterday. > > Jeff Earickson > Colby College > [...] If you look at the test file he has forgotten to add CL_SCAN_ARCHIVE() to his scan requests so it's not unpacking anything, and the scanbuff function is depreciated and the clamav authors have asked that no one use it anymore, and will remove it entirely in release 0.90. I modified the test file to include the CL_SCAN_ARCHIVE(), and everything except the scanbuff tests return ok (and they are not used in MS anyway), and just to make sure I turned on verbose tests and everything was as it should be. I forced it because it works when it is called correctly (as it is in MailScanner). Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Fri Mar 4 14:09:06 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: Richard, Nice write-up. One thing though - I don't think you need to enable or restart spamassassin. MailScanner does not use spamd. It uses the perl libraries directly. So leaving spamassassin's ENABLED=0 is probably what you want. Jase Wechsler wrote: > I've modified the article a little and added some conditions of > copying. Subject to these, feel free to use it as you will. > (http://www.phase.org/journal/byjid/8550) > > Note that I'm unlikely to be able to wikify it myself, for a while at > least. > > Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Fri Mar 4 15:09:44 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... I was interested in following this (as I started the thread, and am now moving onto Clamav+module after doing Sophos on RHEL 4...) I don't seem to have any errors? # make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....ok All tests successful. Files=1, Tests=13, 0 wallclock secs ( 0.51 cusr + 0.10 csys = 0.61 CPU) I installed Clamav 0.83 (rebuilt from Oliver Falk's RPM packages), then Parse::RecDescent(1.94) and Inline(0.44), rebuilding from the SRPMs in Julian's 'install-Clam-SA' package. Doing the usual 'perl Makefile.PL; make; make test' worked fine, which makes me wonder what I have, and what others are missing... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Fri Mar 4 15:32:25 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Whoops... answering my own question :( >Doing the usual 'perl Makefile.PL; make; make test' worked fine, which >makes me wonder what I have, and what others are missing... I've just realized, while trying to build an RPM of Mail-ClamAV-0.14, that 'make test' seems to work fine for me in the actual build directory, but fails when I'm building the RPM, and also clearly works for people trying to install via CPAN. It seems maybe like some bad paths somewhere or other... so either try installing/building out of CPAN or wait for Mr Beck's new version! :) ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Fri Mar 4 16:43:44 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:28:49 2006 Subject: Why am I seeing these errors in /var/log/maillog Message-ID: Cannot open ruleset file /usr/local/etc/MailScanner/rules = no, No such file or directory FreeBSD 5.3 MS 4.38.10 The default install puts this into that directory spam.whitelist.rules ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.jones at USG.EDU Fri Mar 4 17:00:34 2005 From: bob.jones at USG.EDU (Bob Jones) Date: Thu Jan 12 21:28:49 2006 Subject: Entity.pm error message when debugging mailscanner & spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey all, I've just recently implemented spamassassin with MailScanner and when running both in debug mode I get the following error message: Can't call method "print" on an undefined value at /usr/perl5/site_perl/5.6.1/MIME/Entity.pm line 1803. I'm running version 4.39.5 on Solaris 9 with SA 3.0.2. It doesn't seem to be causing any problems, I'd just like to make the message go away. Any ideas? Thanks, Bob Jones bob.jones@usg.edu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 17:06:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Entity.pm error message when debugging mailscanner & spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Download 4.39.6 and you should the problem is fixed. No new config file changes or anything like that, just this bug fixed. Bob Jones wrote: > Hey all, > > I've just recently implemented spamassassin with MailScanner > and when > running both in debug mode I get the following error message: > > Can't call method "print" on an undefined value at > /usr/perl5/site_perl/5.6.1/MIME/Entity.pm line 1803. > > I'm running version 4.39.5 on Solaris 9 with SA 3.0.2. It doesn't seem > to be causing any problems, I'd just like to make the message go away. > > Any ideas? > > Thanks, > Bob Jones > bob.jones@usg.edu > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Mar 4 17:08:20 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:50 2006 Subject: OT-INFO: sbl blocks big freemailer - delisted? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At 06:36 AM 3/4/2005, Dörfler Andreas wrote: >http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21142 >take a look to your spammails for blocked >web.de mails, that sbl block is wrong Apparently they noticed and fixed it... "The reference SBL21142 is not in the SBL database. This may be because the issue has been resolved and removed from the SBL. " and doing an IP lookup on the website: "217.72.192.242 is not listed in the SBL 217.72.192.242 is not listed in the XBL" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Mar 4 17:08:10 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:50 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Fri, 4 Mar 2005, Randal, Phil wrote: > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > [...] We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has found that this seems to be an error within its tests (i.e. Mail::ClamAV itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he gave me, I derived the following patch. All the hard work was done by Rick, not me. So any credit should go to him. I intend to report this to the author of Mail::ClamAV. But could folk here (MailScanner community) who have encountered the problem quickly check that the patch fixes it? If building from CPAN, probably something like: cd .cpan/build/Mail-ClamAV-0.14 make test ### should fail as above make test ### should succeed The main purpose of the patch is to add the "|CL_SCAN_ARCHIVE()". There is a separate aspect: the reduction from 13 tests to 11, because of removing the "scanbuff" tests near the end, as "scanbuff" is apparently now deprecated . ====================== snip ===================== --- t/Mail-ClamAV.t.orig 2005-02-25 19:00:15.000000000 +0000 +++ t/Mail-ClamAV.t 2005-03-04 16:06:36.293652780 +0000 @@ -4,7 +4,7 @@ ######################### -use Test::More tests => 13; +use Test::More tests => 11; use strict; BEGIN { use_ok('Mail::ClamAV') }; @@ -78,26 +78,20 @@ ok(($c->maxfilesize == (1024 * 1028 * 20)), 'Set/Get maxfilesize'); my $f = "t/virus.eml"; -my $status = $c->scan($f, CL_SCAN_MAIL()); +my $status = $c->scan($f, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan File'); open my $fh, "<", $f; -ok($c->scan($fh, CL_SCAN_MAIL())->virus, 'Scan FileHandle'); +ok($c->scan($fh, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE())->virus, 'Scan FileHandle'); -$status = $c->scan($f, CL_SCAN_MAIL()); +$status = $c->scan($f, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan File overload'); seek $fh, 0, 0; -$status = $c->scan($fh, CL_SCAN_MAIL()); +$status = $c->scan($fh, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan FileHandle overload'); -eval { $status = $c->scan($f.substr($0, 0, 0), CL_SCAN_MAIL()) }; +eval { $status = $c->scan($f.substr($0, 0, 0), +CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()) }; ok($@ and $@ =~ /tainted/, 'Scan tainted croaks'); - -open $fh, "<", "t/eicarcom2.zip"; -my $msg = do { local $/; <$fh> }; -$msg = $1 if $msg =~ /(.*)/s; -$status = $c->scanbuff($msg); -ok("$status" eq "Eicar-Test-Signature", 'Scan Buffer'); -ok($status->virus == 1, "Scan Buffer virus status"); ok((0 + $status) == 1, "Overload status"); ====================== snip ===================== -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Mar 4 17:08:03 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: Hi there and sorry for the late answer.. On Thu, 24 Feb 2005, Kai Schaetzl wrote: > Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: > > > use the > > access-file with makemap to create the access.db? > > > > makemap is what gets used for creating access.db. If you want to run it > yourself, just do. > guess you got me wrong here ;) The Script IPBlock written by Julian and usable as extra script just adds the ips, which should be blocked, into the access.db-file. Means, there is no way to see the blocked ips within the access-file. So my question was really, if the script could be changed, to insert the blocked ips into the access-file, and then use makemap to generate the access.db itself. So every admin could check the access-file itself, delete the ip if needed, generate the new access.db with makemap and so those ips which are blocked, could be unblocked the easy way.. =) Currently the admin only gets the chance to see which ips are blocked, as he (or shee) is looking into the mail-og and searches for the String blocked by Mailscanner. I hope someone could make sense out of my sentences.. ;) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 17:19:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there and sorry for the late answer.. > >On Thu, 24 Feb 2005, Kai Schaetzl wrote: > > > >>Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: >> >> >> >>>use the >>>access-file with makemap to create the access.db? >>> >>> >>> >>makemap is what gets used for creating access.db. If you want to run it >>yourself, just do. >> >> >> >guess you got me wrong here ;) > >The Script IPBlock written by Julian and usable as extra script just adds >the ips, which should be blocked, into the access.db-file. >Means, there is no way to see the blocked ips within the access-file. > > Yes there is. makemap -u hash access >So my question was really, if the script could be changed, to insert the >blocked ips into the access-file, and then use makemap to generate the >access.db itself. > >So every admin could check the access-file itself, delete the ip if >needed, generate the new access.db with makemap and so those ips which are >blocked, could be unblocked the easy way.. =) > >Currently the admin only gets the chance to see which ips are blocked, as >he (or shee) is looking into the mail-og and searches for the String >blocked by Mailscanner. > > The reason I wrote it the way I did is because you need to be able to (once an hour) remove all the IP addresses that were added by MailScanner, but leave all the entries that you put in the access map by hand. The easiest way to do that is to leave the text version alone, and add temporary IPs to the db file. Then hourly you simply rebuild the db file from the text file. If you can come up with a better system for doing this easily and efficiently (or better than mine) then please suggest it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Fri Mar 4 17:26:37 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: At 12:31 PM 2/24/2005, you wrote: >Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: > > > use the > > access-file with makemap to create the access.db? > > > >makemap is what gets used for creating access.db. If you want to run it >yourself, just do. > >Kai I just caught the tail-end of this conversation and was curious about the script. I had not heard of it. Where is it? I would like to investigate using it. Thank You! Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Fri Mar 4 17:39:08 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: If I want the mcafee autoupdate script to pull extra.dat, do I need to run it separately with the -e switch rather than via update_virus_scanners.cron? MailScanner-4.37.7 uvscan engine v4.3.20 -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Mar 4 17:46:08 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: Hi there, > > I just caught the tail-end of this conversation and was curious about the > script. I had not heard of it. Where is it? I would like to investigate > using it. > check ouz: /usr/lib/MailScanner/MailScanner and there the File: CustomConfig.pm search for IPBlock. Remember, if you like to use this function not to forget the ipclean-script as cronjob which could be found at the end of this file.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:12:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: The -e option to mcafee-autoupdate seem to be ... non-functional, you'll prolly need get it manually (we usually only implement extra.dats we receive from them in response to submissions... unless there's something really critical that the other scanners don't find). The logic behind them seem to be to fix (temporarily) problems while preparing the next set of DATs... And with McAfee going to daily updates I'm guessing the need for automated getting of extra.dat (aside from what is already there ... mcafee-autoupdate does look for it in the tar-file) will be less... But using extra.dat files... Just plop the extra.dat into /usr/loca/uvscan/datfiles/current directory to use it. The next update (via update_virus_scanners) will "move on", so no "extra" worries:-). (BTW, You should update your engine to 4400:) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Dantan Rzewnicki > Sent: den 4 mars 2005 18:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: mcafee extra.dat > > > If I want the mcafee autoupdate script to pull extra.dat, do I need to > run it separately with the -e switch rather than via > update_virus_scanners.cron? > > MailScanner-4.37.7 > uvscan engine v4.3.20 > -- > Eric Dantan Rzewnicki | Systems Administrator > Technical Operations Division | Radio Free Asia > 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 > CONFIDENTIAL COMMUNICATION > This e-mail message is intended only for the use of the addressee and > may contain information that is privileged and confidential. Any > unauthorized dissemination, distribution, or copying is strictly > prohibited. If you receive this transmission in error, please contact > network@rfa.org. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at PERGAMENTUM.COM Fri Mar 4 18:29:38 2005 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:28:50 2006 Subject: [Slightly OT] Phishing detection Message-ID: A quick question for people. The IT depeartment of the univesrity I used to work out just sent out a note about its virus scanner Macafee detecting a phishing attack. I use Clamav and F-Prot onmy mail gateways and see plenty of detections of phshing attacks from clamav, but none from fprot. If you use a different virus scanner can you let me know if it detects phishing attacks. Feel free to email me personally and I'll summarize to the list. Thanks Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-303-981-9838 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 18:30:33 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:41:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: [Slightly OT] Phishing detection Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alisdair Davey > Sent: den 4 mars 2005 19:30 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [Slightly OT] Phishing detection > > > A quick question for people. The IT depeartment of the > univesrity I used to > work out just sent out a note about its virus scanner Macafee > detecting a > phishing attack. I use Clamav and F-Prot onmy mail gateways > and see plenty > of detections of phshing attacks from clamav, but none from > fprot. If you > use a different virus scanner can you let me know if it > detects phishing > attacks. Feel free to email me personally and I'll summarize > to the list. I use mcafee, clamav and bitdefender. Both mcafee and clamav detect phishing, with clamav being the one catching the most. Bitdefender does not do phishing, so... fprot isn't alone in this... and not entirely wrong either. Phishing is after all not really a virus type of thing. But having the click-happy users I do, I do appreciate that both clam and mcafee do detect/remove most:-). I've never seen a phish that clamav missed but mcafee caught. And if one wants to eb sure any phishing is real obvious, why not use MS phishing net? -- Glenn > Thanks > Alisdair > > -- > Dr Alisdair Davey ard@pergamentum.com > Pergamentum Solutions Tel: 1-303-981-9838 > 2066 Dailey Lane > Superior, CO 80027 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:42:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Try it at jotti.org and see what other scanners think. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis Sent: den 4 mars 2005 19:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus being missed. (assumed) I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 19:02:03 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I guess it is time to look at using BitDefender. Someone want to point me to some help docs to get it setup with mailscanner and clamav?? Thanks for the info. It did find it: Service load: | 0% 100% File: 54543.rar Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: None AntiVir No viruses found (0.47 seconds taken) Avast No viruses found (1.50 seconds taken) AVG Antivirus No viruses found (0.48 seconds taken) BitDefender Win32.Bagle.BG@mm (0.51 seconds taken) ClamAV No viruses found (0.59 seconds taken) Dr.Web Win32.HLLM.Beagle.34304 (0.89 seconds taken) F-Prot Antivirus No viruses found (0.22 seconds taken) Fortinet W32/Bagle.BL-mm (0.41 seconds taken) Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac (0.99 seconds taken) mks_vir Worm.Beagle.AV (0.25 seconds taken) NOD32 Win32/Bagle.BA (0.50 seconds taken) Norman Virus Control No viruses found (0.19 seconds taken) Statistics Last piece of malware found was Win32/Bagle.BA in Entire_Message.eml, detected by: Scanner Malware name Time taken AntiVir X 0.48 seconds Avast X 1.53 seconds AVG Antivirus X 0.45 seconds BitDefender Win32.Bagle.BG@mm 0.68 seconds ClamAV X 1.80 seconds Dr.Web Win32.HLLM.Beagle.34304 0.91 seconds F-Prot Antivirus X 0.23 seconds Fortinet W32/Bagle.BL-mm 0.41 seconds Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac 1.01 seconds mks_vir Worm.Beagle.AV 0.26 seconds NOD32 Win32/Bagle.BA 0.50 seconds Norman Virus Control X 0.21 seconds >>> Glenn.Steen@AP1.SE 03/04 1:42 PM >>> Try it at jotti.org and see what other scanners think. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis Sent: den 4 mars 2005 19:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus being missed. (assumed) I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Mar 4 19:33:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: At 01:30 PM 3/4/2005, David Curtis wrote: >I think I have a virus that is being missed by mailscanner/clamav. >Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, >SpamAssassin (score=7.065, required 3.75, > BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, > HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, > MSGID_SPAM_LETTERS 2.71) > >The attachment has a rar file seams to be a randomly generated number with >a file dddd.exe in it. Do you have the external unrar utility installed? (note: the latest version of rar costs, but there is a freeware command-line unrar for *nix) See: http://www.rarlab.com/rar_add.htm ClamAV's built-in rar support doesn't support the newer rar3 format, so you need to install the external unrar utility and then edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. You can use this site to send a rared eicar file.. It wasn't caught by clamav until I added external unrar support. http://www.info-techs.com/eicar.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Mar 4 19:45:31 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:50 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >> When i first build a mailscanner machine i make >> /etc/mail/spamassassin/local.cf a symlink to >> /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. > > As pointed out by someone sometime back, this MIGHT be a bad idea as SA > will use both /etc/mail/spamassassin/local.cf & > /etc/MailScanner/spam.assassin.prefs thereby using more resources.. I > maybe wrong though. > > Can anyone clarify? It will parse them twice since it's looking for both and gets the same file but that's nothing to worry about. It only reads those files every time a MailScanner child is restarted which by default is every four hours. If it takes an extra millisecond to parse I don't care because it saves me a lot more time and trouble every time I want to use spamassassin and sa-learn from the command line. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 19:51:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? Take the RPM and alter the MS config.... not that hard ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 19:48:38 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > The attachment has a rar file seams to be a randomly generated number > with a file dddd.exe in it. > > Just an fyi. Thats for sure another Bagle, we allready submitted it to several vendors, some allready pick it up. Please test your file at virustotal.com The rar has made up numbers and inside there is dddd.exe, same pattern we noticed. Thanks for the heads up however. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:07:15 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I piped it through an online scanner and it caught it. Clam does not catch it yet. >>> mkettler@EVI-INC.COM 03/04 2:33 PM >>> At 01:30 PM 3/4/2005, David Curtis wrote: >I think I have a virus that is being missed by mailscanner/clamav. >Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, >SpamAssassin (score=7.065, required 3.75, > BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, > HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, > MSGID_SPAM_LETTERS 2.71) > >The attachment has a rar file seams to be a randomly generated number with >a file dddd.exe in it. Do you have the external unrar utility installed? (note: the latest version of rar costs, but there is a freeware command-line unrar for *nix) See: http://www.rarlab.com/rar_add.htm ClamAV's built-in rar support doesn't support the newer rar3 format, so you need to install the external unrar utility and then edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. You can use this site to send a rared eicar file.. It wasn't caught by clamav until I added external unrar support. http://www.info-techs.com/eicar.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:10:51 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What file? I downloaded and installed BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: core initialization failed: Libfn initialization failed I did an online chat with BitDefender but no Linux admins were available to help...sorry try back later... >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> Hi! > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? Take the RPM and alter the MS config.... not that hard ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:16:11 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run > any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > > I did an online chat with BitDefender but no Linux admins were > available to help...sorry try back later... > Take the RPM and alter the MS config.... not that hard ;) What about letting MailScanner update it? /usr/lib/MailScanner/bitdefender-autoupdate Finds them just fine: vmx02/current:Mar 4 21:05:49 vmx02 MailScanner[15570]: /var/spool/MailScanner/incoming/15570/./1D7J2h-00043J-ME/345556.rar=>dddd.exe infected: Win32.Bagle.BG@mm vmx02/current:Mar 4 21:07:04 vmx02 MailScanner[15532]: /var/spool/MailScanner/incoming/15532/./1D7J4V-00048r-9A/075466.rar=>dddd.exe infected: Win32.Bagle.BG@mm Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:19:38 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Same type of error /usr/lib/MailScanner/bitdefender-autoupdate BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll >>> raymond@PROLOCATION.NET 03/04 3:16 PM >>> Hi! > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run > any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > > I did an online chat with BitDefender but no Linux admins were > available to help...sorry try back later... > Take the RPM and alter the MS config.... not that hard ;) What about letting MailScanner update it? /usr/lib/MailScanner/bitdefender-autoupdate Finds them just fine: vmx02/current:Mar 4 21:05:49 vmx02 MailScanner[15570]: /var/spool/MailScanner/incoming/15570/./1D7J2h-00043J-ME/345556.rar=>dddd.exe infected: Win32.Bagle.BG@mm vmx02/current:Mar 4 21:07:04 vmx02 MailScanner[15532]: /var/spool/MailScanner/incoming/15532/./1D7J4V-00048r-9A/075466.rar=>dddd.exe infected: Win32.Bagle.BG@mm Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 4 20:20:57 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:50 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 04 March 2005 09:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > I've tried the command: > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > Try > /usr/lib/MailScanner/panda-wrapper /usr /tmp > since the lines > $pavcl = shift; > $pavcl .= '/bin/pavcl'; > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > If that doesn't work, try it while standing in the /tmp directory. > Looking at it, it seems like the wrapper ignores any path, but > will preserve scanner options. Thanks, Glenn, but I still get "Virus: 0" whether I run the panda-wrapper command from /tmp or not. Anyone have any other ideas? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:23:40 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll >> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >> (build 2490) (i386) (Dec 10 2003 16:11:35) >> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. You could try with the other one thats on their site, the 2.x gcc one? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:28:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will give that a try...thanks. >>> raymond@PROLOCATION.NET 03/04 3:23 PM >>> Hi! > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll >> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >> (build 2490) (i386) (Dec 10 2003 16:11:35) >> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. You could try with the other one thats on their site, the 2.x gcc one? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:30:23 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > I will give that a try...thanks. >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > You could try with the other one thats on their site, the 2.x gcc one? Or manually forec a clamav update, it seems its added there also now: ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Fri Mar 4 20:31:13 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: On Fri, Mar 04, 2005 at 07:12:18PM +0100, Steen, Glenn wrote: > The -e option to mcafee-autoupdate seem to be ... non-functional, That's what I thought from reading the script, but thought I must've been missing something. > you'll prolly need get it manually (we usually only implement > extra.dats we receive from them in response to submissions... unless > there's something really critical that the other scanners don't find). Ok. That's what happened here today. > The logic behind them seem to be to fix (temporarily) problems while > preparing the next set of DATs... And with McAfee going to daily updates > I'm guessing the need for automated getting of extra.dat (aside from > what is already there ... mcafee-autoupdate does look for it in the > tar-file) will be less... Ok. > But using extra.dat files... Just plop the extra.dat into > /usr/loca/uvscan/datfiles/current directory to use it. The next update > (via update_virus_scanners) will "move on", so no "extra" worries:-). Yup. I had that bit figured out. > (BTW, You should update your engine to 4400:) Ah. didn't know there had been a new engine released. Thanks. > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Dantan Rzewnicki > > Sent: den 4 mars 2005 18:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: mcafee extra.dat > > > > > > If I want the mcafee autoupdate script to pull extra.dat, do I need to > > run it separately with the -e switch rather than via > > update_virus_scanners.cron? > > > > MailScanner-4.37.7 > > uvscan engine v4.3.20 -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:38:38 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been impressed with clam but I am now hoping to run both. >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> Hi! > I will give that a try...thanks. >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > You could try with the other one thats on their site, the 2.x gcc one? Or manually forec a clamav update, it seems its added there also now: ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 21:58:46 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On redhat4 or fc3 you need to the compat-libstc++ lib installed to get bitdefender working. http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html David Curtis wrote: > I have been impressed with clam but I am now hoping to run both. > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > Hi! > > > I will give that a try...thanks. > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > You could try with the other one thats on their site, the 2.x gcc one? > > Or manually forec a clamav update, it seems its added there also now: > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 21:58:17 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I had been instructed to do that off list. I will. >>> pete@ENITECH.COM.AU 03/04 4:55 PM >>> Install compat libstdc++5 David Curtis wrote: > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm >. > when I run any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > I did an online chat with BitDefender but no Linux admins were available > to help...sorry try back later... > > >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> > Hi! > > > I guess it is time to look at using BitDefender. Someone want to point > > me to some help docs to get it setup with mailscanner and clamav?? > > Take the RPM and alter the MS config.... not that hard ;) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 21:55:13 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Install compat libstdc++5 David Curtis wrote: > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm > . > when I run any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > I did an online chat with BitDefender but no Linux admins were available > to help...sorry try back later... > > >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> > Hi! > > > I guess it is time to look at using BitDefender. Someone want to point > > me to some help docs to get it setup with mailscanner and clamav?? > > Take the RPM and alter the MS config.... not that hard ;) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Mar 4 23:31:55 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Thanks to all. I installed the compat-libstc++nd it works now. Now the big question. What do I need to do to get mailscanner to use both bitdefender and clam and update both??? Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> On redhat4 or fc3 you need to the compat-libstc++ lib installed to get bitdefender working. http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html David Curtis wrote: > I have been impressed with clam but I am now hoping to run both. > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > Hi! > > > I will give that a try...thanks. > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > You could try with the other one thats on their site, the 2.x gcc one? > > Or manually forec a clamav update, it seems its added there also now: > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 00:03:38 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will need to read MailScanner.conf David Curtis wrote: > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html > > > > > David Curtis wrote: > >>I have been impressed with clam but I am now hoping to run both. >> >> >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> >>Hi! >> >> > I will give that a try...thanks. >> >> >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > > v7.0 > >> >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >> >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> > >> > You could try with the other one thats on their site, the 2.x gcc > > one? > >>Or manually forec a clamav update, it seems its added there also now: >> >>ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > > ./1D7JOx-0001hp-HY/345556.rar > >>Bye, >>Raymond. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 00:05:12 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (oops) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will need to read MailScanner.conf - it has clear instructions for adding all of your virus scanners. No need to do anything about updating them, MailScanner takes care of this for you. David Curtis wrote: > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html > > > > > David Curtis wrote: > >>I have been impressed with clam but I am now hoping to run both. >> >> >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> >>Hi! >> >> > I will give that a try...thanks. >> >> >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > > v7.0 > >> >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >> >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> > >> > You could try with the other one thats on their site, the 2.x gcc > > one? > >>Or manually forec a clamav update, it seems its added there also now: >> >>ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > > ./1D7JOx-0001hp-HY/345556.rar > >>Bye, >>Raymond. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Mar 5 00:14:49 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Curtis > Sent: Friday, March 04, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus being missed. (assumed) > > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > Couldn't be easier, in MailScanner.conf: Virus Scanners = clamav bitdefender Or better, if you've installed the perl Module Mail::ClamAV Virus Scanners = clamavmodule bitdefender As soon as you installed BitDefender, MailScanner found it and started updating it. Julian (correctly) believes that if a Virus Scanner is installed, it should be updated so that if and when you decide to use it, the definition files will be up to date :) Hope this helps, Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_inst > all_on_Fedora_Core_3.html > > > > > David Curtis wrote: > > I have been impressed with clam but I am now hoping to run both. > > > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > > Hi! > > > > > I will give that a try...thanks. > > > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 > > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > > > You could try with the other one thats on their site, the 2.x gcc > one? > > > > Or manually forec a clamav update, it seems its added there also now: > > > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > ./1D7JOx-0001hp-HY/345556.rar > > > > Bye, > > Raymond. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Sat Mar 5 03:07:02 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: It does help. And thanks to all. This list is very informative and has great quick responce. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> steve.swaney@FSL.COM 03/04/05 7:14 PM >>> Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Curtis > Sent: Friday, March 04, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus being missed. (assumed) > > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > Couldn't be easier, in MailScanner.conf: Virus Scanners = clamav bitdefender Or better, if you've installed the perl Module Mail::ClamAV Virus Scanners = clamavmodule bitdefender As soon as you installed BitDefender, MailScanner found it and started updating it. Julian (correctly) believes that if a Virus Scanner is installed, it should be updated so that if and when you decide to use it, the definition files will be up to date :) Hope this helps, Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_inst > all_on_Fedora_Core_3.html > > > > > David Curtis wrote: > > I have been impressed with clam but I am now hoping to run both. > > > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > > Hi! > > > > > I will give that a try...thanks. > > > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 > > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > > > You could try with the other one thats on their site, the 2.x gcc > one? > > > > Or manually forec a clamav update, it seems its added there also now: > > > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > ./1D7JOx-0001hp-HY/345556.rar > > > > Bye, > > Raymond. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 03:53:56 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi i have postfix machines here and i have installed and config them the sam eway i always have. But for some reason all messages to root are sent to root@thehostname.thedomainname instead of just root Then instead of mail just goiing to the root account it ends getting stuck in a routing loop. Because i have no local mail delivery and use transport maps to route mail to another machine for the thedomainname. How do i force all system logging to just go to root, instead of root@thehostname.thedomainname Thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 5 09:12:35 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Hi i have postfix machines here and i have installed and config them the > sam eway i always have. But for some reason all messages to root are > sent to > root@thehostname.thedomainname > instead of just > root > > Then instead of mail just goiing to the root account it ends getting > stuck in a routing loop. Because i have no local mail delivery and use > transport maps to route mail to another machine for the thedomainname. > > How do i force all system logging to just go to root, instead of > root@thehostname.thedomainname Pete Couple of places to check, first your aliases file. Where are you aliasing root to? Secondly, check you main.cf under Sending mail have you set that all main from this host should be sent from $myhostname or $mydomain? HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 09:42:13 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] NOthing specified in Sending sectionof main.cf Root wasnt aliased at all, just let root mail fill up. I have tried to create root: root@localhost but it doesnt help. I think this is because that once it is sent as root@thehostname,thedomain name it is routed as though it its anything@thedomainname its no longer relevnat that its root? Its starting to drive me nuts. Drew Marshall wrote: > Pete Russell wrote: > >> Hi i have postfix machines here and i have installed and config them the >> sam eway i always have. But for some reason all messages to root are >> sent to >> root@thehostname.thedomainname >> instead of just >> root >> >> Then instead of mail just goiing to the root account it ends getting >> stuck in a routing loop. Because i have no local mail delivery and use >> transport maps to route mail to another machine for the thedomainname. >> >> How do i force all system logging to just go to root, instead of >> root@thehostname.thedomainname > > > Pete > > Couple of places to check, first your aliases file. Where are you > aliasing root to? > > Secondly, check you main.cf under Sending mail have you set that all > main from this host should be sent from $myhostname or $mydomain? > > HTH > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 5 09:47:03 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > NOthing specified in Sending sectionof main.cf Try specifying 'myorigin = $mydomain' (Without the quotes!), reload Postfix and see what you get. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Sat Mar 5 15:07:06 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: antivir update Message-ID: Hi there, just a quck question... am i the only one, or does it seems to me, that the command antivir --update is not working?? seems to be that their server is down.. Anyone experiencing the same? Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 16:00:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the first beta of the next release which will appear in stable form at the start of April (jokes notwithstanding!). The only fix should be to correct the handling of viruses that are listed in the "Silent Viruses" list (or which are covered by "All-Viruses" there) while also being listed in the "Non-Forging Viruses" list. The symptom of the fault was that the body of the email message referred you to an Attachment-Warning.txt which wasn't actually present. This symptom has now gone. It may seem a trivial fix, but it is always the apparently trivial changes that have the greatest side-effect! So if you could test this release for me, it would be much appreciated. Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Mar 5 16:53:38 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.1 Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | I have just released the first beta of the next release which will | appear in stable form at the start of April (jokes notwithstanding!). | Runs Ok on my test system which is low volume though - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKeQSPMoaMn4kKR4RA05AAJ9uyV8q39nJA1cNQqbGNVOL6n18TgCfVM6O G4Vbf/WXsEyzF9haxaYEjoQ= =+qsg -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sat Mar 5 17:10:24 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: I really hate spammers, no really, I hate them. The world does not need these people. I have two mailscanner machines listening on the outside, both use mailertable to route to my mail toasters running qmail/vpopmail. I had been getting buried with dictionary attacks so I installed chkuser to my qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is coming down, no more deliveries to non-existant users. Unfortunately now my MailScanner machines queues are filling up with these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! I have MailScanner reset so it can process the additional messages, increased my number of processes to 5 per cpu (10) and MailScanner is pushing them right on through. Good. I've set Sendmail's Double_Bounce_Address to an emtpy string which should drop double bounces. But my outgoing queue continues to grow with bounces becuase I can't deliver the "No User Here" bounces from my toasters. I am at a loss, the root of the issue is I have 100k messages a day, some just *might* be legitimate address misspellings, I can't drop all bounces. But the vast majority are trash. Whats a sysadmin to do? DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 19:14:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do all the bounces contain a consistent subject line? Add a rule in sendmail to reject messages whose subject lines match some words? Dave Goodrich wrote: > I really hate spammers, no really, I hate them. The world does not need > these people. > > I have two mailscanner machines listening on the outside, both use > mailertable to route to my mail toasters running qmail/vpopmail. I had > been getting buried with dictionary attacks so I installed chkuser to my > qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is > coming down, no more deliveries to non-existant users. > > Unfortunately now my MailScanner machines queues are filling up with > these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! > I have MailScanner reset so it can process the additional messages, > increased my number of processes to 5 per cpu (10) and MailScanner is > pushing them right on through. Good. I've set Sendmail's > Double_Bounce_Address to an emtpy string which should drop double > bounces. > > But my outgoing queue continues to grow with bounces becuase I can't > deliver the "No User Here" bounces from my toasters. > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich > Systems Administrator > http://www.tls.net > Get rid of Unwanted Emails...get TLS Spam Blocker! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Mar 5 19:50:22 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Dave Goodrich wrote: | | Whats a sysadmin to do? | Sorry for being blunt, but you should read this list more carefully :) milter-ahead or milter-sender are your friend. If they are not to your liking you may implement your own milter using the Perl Milter API. Using those three techniques or LDAP based routing/lookups for sendmail you can easily avoid the bounces :) - -d | Get rid of Unwanted Emails...get TLS Spam Blocker! ~ ^^^^^^^^^^^^^^^^^^^^ What's a TLS Spam blocker ? :) - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKg19PMoaMn4kKR4RA8W8AJsFelO8j4pe2XQ+pXhk7ceARSt0tQCfRV20 mmo12qxEC3gl7314sCjgttc= =t5Uf -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 20:02:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.2 -- RAR 3 support Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With credit for doing the hard work going to Rick Cooper: I have just released 4.40.2. This includes external RAR unpacking for clamavmodule. It also uses the unrar command to look inside RAR archives to check for blocked filenames and filetypes, and also to see if the RAR archive is password-protected. There are 2 new configuration options, "Unrar Command" and "Unrar Timeout". Both of these will of course be added by upgrade_MailScanner_conf. Please let me know what you think. Download from www.mailscanner.info as usual. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Mar 5 21:46:00 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > > milter-ahead or milter-sender are your friend. If they are not to your > liking > you may implement your own milter using the Perl Milter API. Using > those three > techniques or LDAP based routing/lookups for sendmail you can easily > avoid the > bounces :) > I sincerely apologize for my ignorance ahead of time, this is really not meant to start a flame war: Is maintaining a list of valid recipients on a gateway really that big of a problem that you have to run around your systems compiling and configuring various milters? We have thousands of clients that run everything from pif to Exchange and the subject of verifying recipients has not come up once in over five years - just add them to the gateway when you make their mailbox. -Vlad ExchangeDefender.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 21:51:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > David H. wrote: > >> >> milter-ahead or milter-sender are your friend. If they are not to your >> liking >> you may implement your own milter using the Perl Milter API. Using >> those three >> techniques or LDAP based routing/lookups for sendmail you can easily >> avoid the >> bounces :) >> > I sincerely apologize for my ignorance ahead of time, this is really not > meant to start a flame war: We don't do flame wars here :-) > Is maintaining a list of valid recipients on a gateway really that big > of a problem that you have to run around your systems compiling and > configuring various milters? We have thousands of clients that run > everything from pif to Exchange and the subject of verifying recipients > has not come up once in over five years - just add them to the gateway > when you make their mailbox. You only need to install the milters on your MX's, so it's not that big a job. It comes down to the difference between a little bit of maintenance (keeping the gateway lists up to date and accurate) and no maintenance at all (using a milter). > > -Vlad > ExchangeDefender.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Mar 5 21:57:24 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > You only need to install the milters on your MX's, so it's not that big > a job. It comes down to the difference between a little bit of > maintenance (keeping the gateway lists up to date and accurate) and no > maintenance at all (using a milter). To me it seems like having to support yet another piece of software that can fail, that needs to be planned and re-deployed during an upgrade. I guess it just comes down to personal preference of where and when you'd like to do the work. I have personally been burned by milters in the past and prefer to defer their functionality to more stable code whenever possible. -Vlad ExchangeDefender ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 22:10:37 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does qmail have a recipient map/mailertable type text list of users in a "user OK/REJECT" type format? If so then there are scripts, in the MAQ, that you can cron that will ldap query your exchange/ldap server address book for the lists of recipients and build the lists for you. We run them hourly. Its not a big deal, just ahve a look at all the different methods - and triple test before you deploy so you dont end up rejecting mail to the boss during testing :) Vlad Mazek wrote: >> You only need to install the milters on your MX's, so it's not that big >> a job. It comes down to the difference between a little bit of >> maintenance (keeping the gateway lists up to date and accurate) and no >> maintenance at all (using a milter). > > > > To me it seems like having to support yet another piece of software that > can fail, that needs to be planned and re-deployed during an upgrade. I > guess it just comes down to personal preference of where and when you'd > like to do the work. I have personally been burned by milters in the > past and prefer to defer their functionality to more stable code > whenever possible. > > -Vlad > ExchangeDefender > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Sat Mar 5 22:37:02 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: On Mar 5, 2005, at 9:10 AM, Dave Goodrich wrote: > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > (while everyone else is telling you what you should have done to prevent this, I'll answer this part: what you can do while it's happening ... though, you're probably already through the bulk of it) I have two scripts I run, qstat and qflush. You're going to probably want to run them (as root) like: # qstat mqueue # qflush mqueue relay.domain.tld (where relay.domain.tld is something you pull out of the results of qstat) You may get some errors from qflush about the files not being there. That just means sendmail got rid of them before you could (or mailscanner finished scanning them, if you're running against mqueue.in, before you got to cleaning them out). 1) qstat - identify the relays of the messages in your queue (I assume that they're in mqueue now, and not mqueue.in, but it's just a slight substitution if they're in mqueue.in: I use this technique to filter out mail bombs that are clogging up mqueue.in): #!/bin/sh if [ "$#" -ne "1" ]; then echo "usage: qstat queue" echo " queue = mqueue | mqueue.in" fi cd /var/spool/$1 # this next blob is all one line, but my mail program might wrap it wrong /bin/ls | /bin/grep "^qf" | /bin/xargs -I file grep "^._" file | /bin/sed -e "s/ ^._//" | /bin/sort | /bin/uniq -c | /bin/sort -n | /bin/tail -5 # end This will tell you who the top 5 relays are. If you got a mail bomb or dictionary attack from a single source, it will be REALLY obvious who is dominating your mail queue from this. 2) qflush - flush the bad relay out of your queue: #!/bin/sh if [ "$#" -lt "2" ]; then echo "usage: qflush queue pattern" echo " queue = mqueue.in | mqueue" echo " pattern = hostname in qf:\$_" fi if [ "$#" -ge "3" ]; then echo "usage: qflush queue pattern" echo " queue = mqueue.in | mqueue" echo " pattern = hostname in qf:\$_" fi cd /var/spool/$1 # this next blob is all one line, but my mail program might wrap it wrong /bin/ls | /bin/grep "^qf" | /bin/xargs -I file /bin/grep -l "^._$2" file | /bin/grep -vi "no such file" | /bin/sed -e "s/^qf/rm \?\?/" -e "s/:.*//" > /tmp/qflush.$$ /bin/sh /tmp/qflush.$$ /bin/rm /tmp/qflush.$$ # end ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Sat Mar 5 22:40:01 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: Hrm. I just realized that what I just sent probably wont be that helpful afterall, because they're all going to be from localhost (daemon bounces). I should have thought of that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:04:10 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Dave Goodrich wrote: > > | > | Whats a sysadmin to do? > | > Sorry for being blunt, but you should read this list more carefully :) It's one I read every message from, every day. > > milter-ahead or milter-sender are your friend. If they are not to your > liking > you may implement your own milter using the Perl Milter API. Using those > three > techniques or LDAP based routing/lookups for sendmail you can easily > avoid the > bounces :) It's not the bounces I want to stop. It's the fact that I have bounces to mailservers that don't exist, won't accept connections, are not where the message originated from. The mechanics of the mail process I can deal with, it's the deceptive practices of spammers. I don't know if a bounce is valid until I try to send it. Either the bounce message is accepted or not. If accepted, chances are it was a valid bounce. If not, then it is to late, I've already processed the message. If I understand what you and most others are suggesting, I should move my user validation from the toasters to the MailScanners. I thought of this, and I think it could be done since my vpopmail is using MySQL auth. However that would not stop the bounces. Unless I totally misunderstand. > > - -d > > | Get rid of Unwanted Emails...get TLS Spam Blocker! > ~ ^^^^^^^^^^^^^^^^^^^^ > What's a TLS Spam blocker ? :) > Marketing Speak for SpamAssassin + custom rules + MTA blocking + SquirrelMail SA preferences. DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:10:13 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: John Rudd wrote: > On Mar 5, 2005, at 9:10 AM, Dave Goodrich wrote: > >> >> I am at a loss, the root of the issue is I have 100k messages a day, >> some just *might* be legitimate address misspellings, I can't drop all >> bounces. But the vast majority are trash. >> >> Whats a sysadmin to do? >> > > (while everyone else is telling you what you should have done to > prevent this, I'll answer this part: what you can do while it's > happening ... though, you're probably already through the bulk of it) Yep, dropping double bounces has helped. > > I have two scripts I run, qstat and qflush. You're going to probably > want to run them (as root) like: Ahh, those will help to clean out the cruft without waiting for the changes to take place. Thanks, DAve > > # qstat mqueue > # qflush mqueue relay.domain.tld > (where relay.domain.tld is something you pull out of the results of > qstat) > > You may get some errors from qflush about the files not being there. > That just means sendmail got rid of them before you could (or > mailscanner finished scanning them, if you're running against > mqueue.in, before you got to cleaning them out). > > > 1) qstat - identify the relays of the messages in your queue (I assume > that they're in mqueue now, and not mqueue.in, but it's just a slight > substitution if they're in mqueue.in: I use this technique to filter > out mail bombs that are clogging up mqueue.in): > > #!/bin/sh > > if [ "$#" -ne "1" ]; then > echo "usage: qstat queue" > echo " queue = mqueue | mqueue.in" > fi > > cd /var/spool/$1 > > # this next blob is all one line, but my mail program might wrap it > wrong > /bin/ls | /bin/grep "^qf" | /bin/xargs -I file grep "^._" file | > /bin/sed -e "s/ > ^._//" | /bin/sort | /bin/uniq -c | /bin/sort -n | /bin/tail -5 > > # end > > > This will tell you who the top 5 relays are. If you got a mail bomb or > dictionary attack from a single source, it will be REALLY obvious who > is dominating your mail queue from this. > > > 2) qflush - flush the bad relay out of your queue: > > #!/bin/sh > > if [ "$#" -lt "2" ]; then > echo "usage: qflush queue pattern" > echo " queue = mqueue.in | mqueue" > echo " pattern = hostname in qf:\$_" > fi > > if [ "$#" -ge "3" ]; then > echo "usage: qflush queue pattern" > echo " queue = mqueue.in | mqueue" > echo " pattern = hostname in qf:\$_" > fi > > cd /var/spool/$1 > > # this next blob is all one line, but my mail program might wrap it > wrong > /bin/ls | /bin/grep "^qf" | /bin/xargs -I file /bin/grep -l "^._$2" > file | /bin/grep -vi "no such file" | /bin/sed -e "s/^qf/rm \?\?/" -e > "s/:.*//" > /tmp/qflush.$$ > > /bin/sh /tmp/qflush.$$ > > /bin/rm /tmp/qflush.$$ > # end > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:12:28 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: Julian Field wrote: > Do all the bounces contain a consistent subject line? Add a rule in > sendmail to reject messages whose subject lines match some words? I could but I don't want to reject any valid messages. While the chance that one rejection in one thousand ( I'm being very generous here ) really is a valid message with a misspelled address, I want to handle it properly. I'm still watching the queue and the growth has slowed down. I have set Double_Bounce_Address to an empty string in both my sendmail.cf and my submit.cf, changed my queue lifetime to 24 hours from 48. All double bounces are now being dropped and messages are being removed from the queue faster. Thanks, DAve > > Dave Goodrich wrote: > >> I really hate spammers, no really, I hate them. The world does not need >> these people. >> >> I have two mailscanner machines listening on the outside, both use >> mailertable to route to my mail toasters running qmail/vpopmail. I had >> been getting buried with dictionary attacks so I installed chkuser to my >> qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is >> coming down, no more deliveries to non-existant users. >> >> Unfortunately now my MailScanner machines queues are filling up with >> these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! >> I have MailScanner reset so it can process the additional messages, >> increased my number of processes to 5 per cpu (10) and MailScanner is >> pushing them right on through. Good. I've set Sendmail's >> Double_Bounce_Address to an emtpy string which should drop double >> bounces. >> >> But my outgoing queue continues to grow with bounces becuase I can't >> deliver the "No User Here" bounces from my toasters. >> >> I am at a loss, the root of the issue is I have 100k messages a day, >> some just *might* be legitimate address misspellings, I can't drop all >> bounces. But the vast majority are trash. >> >> Whats a sysadmin to do? >> >> DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 16:41:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sun Mar 6 16:51:14 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Greetings. Finally I think I have found a way to contribute back to the MailScanner community. I believe that bayes does a reasonable job, but looking at recent writing and http://crm114.sourceforge.net/ I do feel that it would be a good enhancement to MailScanner. There is a milter based solution for Sendmail users which is based on Sendmail::Milter. As a sendmail user this is a solution I would prefer, since it is quite easy to add custom rules to Spamassassin to watch for the CRM114 header. However I feel that this is something that would limit its use and I wonder how this could be implemented with MailScanner directly. The question is whether this should run as a custom function or be more tightly integrated into MailScanner. I would like to have a way to influence MailScanner scoring based on the values returned by CRM114. Either by adding appropriate rule sets to Spamassassin (which implies the CRM114 check has to run before Spamassassin) or by somehow modifying the total score at the end of the run. I consider this a serious project, based on your input I would either implement it only for my systems or try to come up with a solution and contribute the patches. Thank you. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKzUCPMoaMn4kKR4RA07jAKCNE1oDcxHWrt00tSFcuuGb2ABLjQCfVb/G bbQJvroILodPOAxRoiRpU9Q= =fIpT -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Sun Mar 6 17:38:19 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 2005-03-06 at 08:41, Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Not sure how hard this would be [or if it is still an issue] but since you asked.. "Allow Password-Protected Archives" as a ruleset when using clamavmodule virus scanner ... -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sun Mar 6 17:37:51 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:50 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: Hi all, David H. wrote: > Finally I think I have found a way to contribute back to the MailScanner > community. I believe that bayes does a reasonable job, but looking at recent > writing and http://crm114.sourceforge.net/ I do feel that it would be a good > enhancement to MailScanner. > I consider this a serious project, based on your input I would either > implement it only for my systems or try to come up with a solution and > contribute the patches. I would be very interested in the possibility using other spam filters besides SpamAssin with MailScanner. CRM114 integration would be nice thing if it could lead to a general spam filter interface - ideally with some plugin functionality. And CRM114 seems to be a good choice for using it within MailScanner. One thing is that Bayes filters are working best if they are trained by their users so you should consider adding some get-the-username layer which may cause some problems as mailscanner sees no real users but only email addresses. Therefore a mapping for email -> user name (for resolving aliases etc) would be nice. This could be separated from the spam filter. Using CRM114 from SpamAssassin is possible but not that nice because afaik there is no possibility for a SpamAssassin-Plugin return a score such as 10%,20%,... (only true or false seems to be possible) and it is not easily possible modifying mail header from a plugin. I would be interested in helping with developing a CRM114 plugin for MailScanner as it may help (me/others) writing a DSPAM plugin. :-) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Sun Mar 6 17:38:09 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:50 2006 Subject: Fw: Spam - Internet gaming industry, Gaming Transac Message-ID: Hi, All the untagged spam emails we've got on the weekend were about the " Internet gaming industry, Gaming Transactions Inc." The SPAM showed up with different Subject line but all were refering to " Internet gaming industry, Gaming Transactions Inc." Not spam, SpamAssassin (score=2.867, required 4.9, BAYES_50 0.00, J_CHICKENPOX_42 0.60, J_CHICKENPOX_61 0.60, SARE_RECV_IP_218078 1.67)" Thanks, Magda Hewryk -------------------------------- ----- Forwarded by Magdalena Hewryk/TOR/SYM on 03/06/2005 11:20 AM ----- "sherman aschenbrener" cc 03/06/2005 07:44 AM Subject XxgfY Are you an early bird in finding best investment? Please respond to "sherman aschenbrener" If you are interested in this great stock of Gaming Transactions Inc., just check its performance and type in stock code of GGTS.PK. If you want to find a better stock to invest on, it might be the right choice for you. As one leading supplier in Internet gaming industry, Gaming Transactions Inc. is a great choice for investors. Gaming Transactions Inc., as one leading provider in Internet gaming industry, has launched the new game portal(k e n o . c o m). The company also implements one integrated marketing plan with more extensive coverage. The Company manages the game portal and provides games like Keno, bingo, poker, blackjack, slots and video games online. Invest in us and witness the rapid growth of both the online entertainment industry and our stock price! The portal provides secure and private environment to players online. The user-friendly web design, secure service maintenance and precise data handling help players enjoy all the fun for games. Log onto our site and experience the popular games. Make up your mind soon to invest in us! Mannings quarterbacking brilliancewas neutralized as usual by Bill Belichicks punishing defense and the Colts Super Bowl aspirations It was an excellent run, a fine year, Manningsaid. But when you finish with a loss in the playoffs, you cant be happy about it. Eventually, Manning is now07 in Foxboro. Brady is 70 in the postseason.For the defending champions, one more win in vlcm.xbmupxykg4kkuqihbfmm.djcnliaspjqxsv1dnsopewehdemm.nnunssvennugvvh ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Sun Mar 6 17:40:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I really hate spammers, no really, I hate them. The world does not need > these people. > > I have two mailscanner machines listening on the outside, both use > mailertable to route to my mail toasters running qmail/vpopmail. I had > been getting buried with dictionary attacks so I installed chkuser to my > qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is > coming down, no more deliveries to non-existant users. > > Unfortunately now my MailScanner machines queues are filling up with > these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! > I have MailScanner reset so it can process the additional messages, > increased my number of processes to 5 per cpu (10) and MailScanner is > pushing them right on through. Good. I've set Sendmail's > Double_Bounce_Address to an emtpy string which should drop double bounces. > > But my outgoing queue continues to grow with bounces becuase I can't > deliver the "No User Here" bounces from my toasters. > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich Dave As others have said doing the check user on the inbound MailScanner queue so you can reject with 550 no such user message is prob the best way. I guess it's quite difficult to maintain this list but you might be able to do a live check on the valid users using LDAP or something I drop about 66% of inbound email this way. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 18:25:37 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Fw: Spam - Internet gaming industry, Gaming Transac Message-ID: Hi! > All the untagged spam emails we've got on the weekend were about the " > Internet gaming industry, Gaming Transactions Inc." > > The SPAM showed up with different Subject line but all were refering to " > Internet gaming industry, Gaming Transactions Inc." > > Not spam, SpamAssassin (score=2.867, required 4.9, BAYES_50 0.00, > J_CHICKENPOX_42 0.60, J_CHICKENPOX_61 0.60, SARE_RECV_IP_218078 1.67)" Please do not forward spams to the list. Thanks, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sun Mar 6 18:42:02 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? Your work load isn't high enough??? ;-) Very well, I've been thinking of some features the last couple of weeks, so here's a list (I've /no/ idea if it's difficult to implement or even if there are more people who like these features): - Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. if number of Spam Lists is larger than "Spam Lists To Reach High Score"). This is a fine tune of "Check SpamAssassin If On Spam List". - Stop Virus checks when at least X number of virus scanners say message contains a virus - No virus checks if High Score is reached and High Score Action = delete (and does not contain "store"), since virus checks seem to be executed /after/ the spam checks. - Archive only mail that is not Spam (either High and/or Low) and/or does not contain viruses and/or does not contain Bad Content - %spool% variable, so Incoming Queue Dir, Outgoing Queue Dir, Incoming Work Dir and Quarantine Dir can be rewritten as "%spool%/mqueue.in", etc. - All possible variables available in reports ($from, $to, $date, $subject, etc.). I seem to recall that not all variables are available in the reports. This has been a while since I last checked this, so maybe this is no longer the case. That's it for now, if anything else comes to mind, I'll post it here. >Julian Field Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dot at DOTAT.AT Sun Mar 6 18:45:53 2005 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: "Steen, Glenn" wrote: >The -e option to mcafee-autoupdate seem to be ... non-functional, Yes. I'm surprised it's still there. I never worked out how to automatically find out if there is an extra.dat and if so what its filename is. I would not recommend using McAfee by itself if you want really prompt automatic signature updates. Tony. -- f.a.n.finch http://dotat.at/ ROCKALL: BAILEY NORTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST. SHOWERS. GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 18:58:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Tremaine wrote: >On Sun, 2005-03-06 at 08:41, Julian Field wrote: > > >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >> > >Not sure how hard this would be [or if it is still an issue] but since >you asked.. > >"Allow Password-Protected Archives" as a ruleset when using clamavmodule >virus scanner ... > > Done. Easier than I expected, which is always good. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:09:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >> > >Your work load isn't high enough??? ;-) > >Very well, I've been thinking of some features the last couple of weeks, so here's a list (I've /no/ idea if it's difficult to implement or even if there are more people who like these features): > >- Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. if number of Spam Lists is larger than "Spam Lists To Reach High Score"). This is a fine tune of "Check SpamAssassin If On Spam List". > > Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high score. Check SpamAssassin If Spam Lists Cause High Score. These configuration options keep getting longer and longer names :( Do other people want this one? >- Stop Virus checks when at least X number of virus scanners say message contains a virus > > Not possible. An entire batch is scanned at once, there is no way of only scanning some messages some of the time. All you can do is throw away the results of the scan, which is pretty pointless for what you want to achieve. >- No virus checks if High Score is reached and High Score Action = delete (and does not contain "store"), since virus checks seem to be executed /after/ the spam checks. > > I suspect it does this already. The impact of scanning 1 extra message in a batch is pretty small, so this may not help you much anyway. And, as I said, it might already do this. >- Archive only mail that is not Spam (either High and/or Low) and/or does not contain viruses and/or does not contain Bad Content > > Archive Clean Non-Spam Mail. Possible but messy. >- %spool% variable, so Incoming Queue Dir, Outgoing Queue Dir, Incoming Work Dir and Quarantine Dir can be rewritten as "%spool%/mqueue.in", etc. > > You can do that already. You can define whatever %variables% you like, mine are just a few example ones. I will add %spool-dir% for you as another example in the conf file I ship. >- All possible variables available in reports ($from, $to, $date, $subject, etc.). I seem to recall that not all variables are available in the reports. This has been a while since I last checked this, so maybe this is no longer the case. > > There are still some limits here, I will add them on request. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 19:17:37 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi Julian, >> - Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. >> if number of Spam Lists is larger than "Spam Lists To Reach High Score"). >> This is a fine tune of "Check SpamAssassin If On Spam List". > Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high > score. Check SpamAssassin If Spam Lists Cause High Score. These > configuration options keep getting longer and longer names :( About virus scanning: But, can you make virus scanning as a option? This is what many iof our customers asked. I know its why you actually made MailScanner, but when running it for a copuple of thousand domains there are always a couple that dont want virus scanning. But do want spam checks... Its ok if you scan them all, but just throw away the results ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:28:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi Julian, > >>> - Stop Spam checks (Spam Assassin) as soon as High Score is reached >>> (e.g. >>> if number of Spam Lists is larger than "Spam Lists To Reach High >>> Score"). >>> This is a fine tune of "Check SpamAssassin If On Spam List". >> > >> Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high >> score. Check SpamAssassin If Spam Lists Cause High Score. These >> configuration options keep getting longer and longer names :( > > > About virus scanning: > > But, can you make virus scanning as a option? This is what many iof our > customers asked. I know its why you actually made MailScanner, but when > running it for a copuple of thousand domains there are always a couple > that dont want virus scanning. But do want spam checks... > > Its ok if you scan them all, but just throw away the results ;) > The problem is handling a message with more than 1 recipient. If any of them want it to be scanned, it gets scanned. The results are attached to the message, not the recipient. So throwing away the results gives you a message where no-one got it scanned. Putting a ruleset on "Virus Scanning =" will do as much of a good job of it as possible. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 19:32:07 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >> Its ok if you scan them all, but just throw away the results ;) > The problem is handling a message with more than 1 recipient. If any of > them want it to be scanned, it gets scanned. The results are attached to > the message, not the recipient. So throwing away the results gives you a > message where no-one got it scanned. > > Putting a ruleset on "Virus Scanning =" will do as much of a good job of > it as possible. Thats the same with tagging the subject on spams, and i can think of a couple more. Thats the way it works, so thats nothing new ;) Thats why we use rcpt splitting, one mail per rcpt, to make those options available per user. So that we can live with i guess ;) Possible to put it in like a regular ruleset? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:40:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >>> Its ok if you scan them all, but just throw away the results ;) >> > >> The problem is handling a message with more than 1 recipient. If any of >> them want it to be scanned, it gets scanned. The results are attached to >> the message, not the recipient. So throwing away the results gives you a >> message where no-one got it scanned. >> >> Putting a ruleset on "Virus Scanning =" will do as much of a good job of >> it as possible. > > > Thats the same with tagging the subject on spams, and i can think of a > couple more. Thats the way it works, so thats nothing new ;) Thats why we > use rcpt splitting, one mail per rcpt, to make those options available > per > user. So that we can live with i guess ;) Sorry about that, it's a fundamental design principle in MailScanner. You can argue whether it's a correct one or not, of course... You've got all the source code, feel free to re-implement it if you have a spare afternoon or two :-) > Possible to put it in like a regular ruleset? Yes, it just takes a normal ruleset. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Sun Mar 6 20:28:28 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:50 2006 Subject: Does anyone have Panda working? Message-ID: Following my post regarding problems getting Panda working, does *anyone* here have it working? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 20:51:19 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >> Thats the same with tagging the subject on spams, and i can think of a >> couple more. Thats the way it works, so thats nothing new ;) Thats why we >> use rcpt splitting, one mail per rcpt, to make those options available >> per user. So that we can live with i guess ;) > Sorry about that, it's a fundamental design principle in MailScanner. > You can argue whether it's a correct one or not, of course... > You've got all the source code, feel free to re-implement it if you have > a spare afternoon or two :-) No no, i can live perfectly with that ;) >> Possible to put it in like a regular ruleset? > Yes, it just takes a normal ruleset. Just perfect. If you have time to pack up a new beta, lemme know then i'll start testing... Thanks, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 21:36:15 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Julian, I have an emergency good paying job. If you are up and interested plaeas give me a call. Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Sunday, March 06, 2005 2:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > Raymond Dijkxhoorn wrote: > > > Hi Julian, > > > >>> - Stop Spam checks (Spam Assassin) as soon as High Score is reached > >>> (e.g. > >>> if number of Spam Lists is larger than "Spam Lists To Reach High > >>> Score"). > >>> This is a fine tune of "Check SpamAssassin If On Spam List". > >> > > > >> Possible. Don't do SpamAsassin if spam lists >= spam lists to reach > high > >> score. Check SpamAssassin If Spam Lists Cause High Score. These > >> configuration options keep getting longer and longer names :( > > > > > > About virus scanning: > > > > But, can you make virus scanning as a option? This is what many iof our > > customers asked. I know its why you actually made MailScanner, but when > > running it for a copuple of thousand domains there are always a couple > > that dont want virus scanning. But do want spam checks... > > > > Its ok if you scan them all, but just throw away the results ;) > > > The problem is handling a message with more than 1 recipient. If any of > them want it to be scanned, it gets scanned. The results are attached to > the message, not the recipient. So throwing away the results gives you a > message where no-one got it scanned. > > Putting a ruleset on "Virus Scanning =" will do as much of a good job of > it as possible. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 21:51:02 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: Off topic - Emergency Exim support requested. Message-ID: Sorry I meant the message below to go out to the list. I have just received a call from a friend who has thousands of messages that were routed to a single Exim mailbox on a C-panel server. He badly needs an Exim expert to resend these messages to the intended recipients, hopefully by morning tomorrow morning Pacific Coast Time - GMT-8. He is willing to pay consulting fees for assistance. Please contact me off list if you can help him. Thanks in advance, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney > Sent: Sunday, March 06, 2005 4:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > Julian, > > I have an emergency good paying job. If you are up and interested plaeas > give me a call. > > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 6 21:53:24 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm. Will have to have another look tomorrow... I did try the pavcl but after some like trouble _and_ discovering that the "free" version was "free less any signature updates"... Well, suffice it to say that I don't use it:). Will have another look though. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Paul Welsh Sent: Fri 3/4/2005 9:20 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Panda not working > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 04 March 2005 09:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > I've tried the command: > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > Try > /usr/lib/MailScanner/panda-wrapper /usr /tmp > since the lines > $pavcl = shift; > $pavcl .= '/bin/pavcl'; > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > If that doesn't work, try it while standing in the /tmp directory. > Looking at it, it seems like the wrapper ignores any path, but > will preserve scanner options. Thanks, Glenn, but I still get "Virus: 0" whether I run the panda-wrapper command from /tmp or not. Anyone have any other ideas? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 6 22:01:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: mcafee extra.dat Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh no, never mcafee by itself... That's be as bad as the GSE (.... word starting with a"c" and ending on a "p") situation we used to have. We use clamav (primary), mcafee and bitdefender. So far, they've not let anything through:). And, phishing aside, each has had their moment of glory (being the sole scanner to detect some virus). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Tony Finch Sent: Sun 3/6/2005 7:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: mcafee extra.dat "Steen, Glenn" wrote: >The -e option to mcafee-autoupdate seem to be ... non-functional, Yes. I'm surprised it's still there. I never worked out how to automatically find out if there is an extra.dat and if so what its filename is. I would not recommend using McAfee by itself if you want really prompt automatic signature updates. Tony. -- f.a.n.finch http://dotat.at/ ROCKALL: BAILEY NORTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST. SHOWERS. GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sun Mar 6 22:24:49 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Felix Schwarz wrote: | Hi all, | | David H. wrote: | |>Finally I think I have found a way to contribute back to the MailScanner |>community. I believe that bayes does a reasonable job, but looking at recent |>writing and http://crm114.sourceforge.net/ I do feel that it would be a good |>enhancement to MailScanner. | | |>I consider this a serious project, based on your input I would either |>implement it only for my systems or try to come up with a solution and |>contribute the patches. | | | I would be very interested in the possibility using other spam filters | besides SpamAssin with MailScanner. CRM114 integration would be nice | thing if it could lead to a general spam filter interface - ideally | with some plugin functionality. | | And CRM114 seems to be a good choice for using it within MailScanner. | One thing is that Bayes filters are working best if they are trained | by their users so you should consider adding some get-the-username | layer which may cause some problems as mailscanner sees no real users | but only email addresses. | Therefore a mapping for email -> user name (for resolving aliases etc) | would be nice. This could be separated from the spam filter. | This is something I am trying to avoid. I do not think that it makes sense to build such a plugin infrastructure. CRM114 is a unique spam battling technique (turing complete token discrimenator) which is not used by Spamassassin as a technique to find spam. That is why I am interested in such functionality. | I would be interested in helping with developing a CRM114 plugin for | MailScanner as it may help (me/others) writing a DSPAM plugin. :-) | As I said. I would not go into that direction. I see no benefits in using DSPAM over Spamassassin or vice versa. I would simply like to see CRM114 support directly in MailScanner. However, I am glad that you are interested in it. Maybe we could sync ideas? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCK4MxPMoaMn4kKR4RA/zjAJ92/eDcfR1cj073M5kEprdy6XLbdACfYrAo aBmbxEDrKSJE0xmgY31Q4yM= =wzyn -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 22:31:10 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 6 Mar 2005, Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Per-user mailscanner settings, adjustable by individual users? Right now we have a webpage interface which allows users to individually set stuff, and it writes the settings to the global mailscanner config file as root, which is kind of hairy. It's also a huge mess to maintain. Would be nice if you could specify something like Virus Scanning = $HOME/.mailscanner/virus-scanning-rules Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules This would allow per-user overrides, but only for specific mailscanner settings. And it would let us do it in a more secure fashion than having to have CGIs write to files as root. One other thing, does mailscanner have to be restarted every time an included ruleset changes? -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 22:37:04 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! > Would be nice if you could specify something like > > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules > > This would allow per-user overrides, but only for specific mailscanner > settings. And it would let us do it in a more secure fashion than having > to have CGIs write to files as root. Setups like that will only work when MS is running at the same server. At most of our setups it isnt. Its just a GW most of the time i guess. > One other thing, does mailscanner have to be restarted every time an > included ruleset changes? service MailScanner reload That should do the trick. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 22:38:45 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules That means you would have to have all users on the MS box, in my case I have several clients with more than 10000 mailboxes in Exchange and my MS boxes have around 10 system accounts, I don't want to maintain all those users on my boxes. > One other thing, does mailscanner have to be restarted every time an > included ruleset changes? Normally a reload should do the job. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 23:09:25 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 6 Mar 2005, Peter Bonivart wrote: > Dan Hollis wrote: > > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules > That means you would have to have all users on the MS box, in my case I > have several clients with more than 10000 mailboxes in Exchange and my > MS boxes have around 10 system accounts, I don't want to maintain all > those users on my boxes. Yes, all our users are on the MS box. So you're saying it shouldn't be an option even for those MS installations which do have all accounts on the box? Because everyone doesn't have exactly the same setup, nobody should have the option? -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Mar 6 23:08:53 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Installed a fresh RHEL3, installed SMgateway, logged in to the url from another machine on same subnet and i get Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/db.php on line 1 I did a service mysqld start and this makes no difference. I rebooted and retried the webpage and go Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/auth_lib.php on line 1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /opt/Fortress/web/include/auth_lib.php on line 1 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/auth_lib.php on line 1 I will start playing with it trying to work out myself, BUT i thought you might like to know this happens on a defualt installation, using the guide. Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 23:24:53 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Yes, all our users are on the MS box. So you're saying it shouldn't be an > option even for those MS installations which do have all accounts on the > box? Because everyone doesn't have exactly the same setup, nobody should > have the option? I'm not in a position to either grant or deny you anything but I do think you belong to a minority to have a setup like that. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 23:29:37 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Installed a fresh RHEL3, installed SMgateway, logged in to the url from > another machine on same subnet and i get > > Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Looks like the user fsmg is not set up properly in MySQL or db.php tries with an incorrect password. Did you get any documentation so you can verify/correct it manually? Will those commercial products be supported on this list as well? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 23:30:58 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >>> Virus Scanning = $HOME/.mailscanner/virus-scanning-rules >>> Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules >> That means you would have to have all users on the MS box, in my case I >> have several clients with more than 10000 mailboxes in Exchange and my >> MS boxes have around 10 system accounts, I don't want to maintain all >> those users on my boxes. > Yes, all our users are on the MS box. So you're saying it shouldn't be an > option even for those MS installations which do have all accounts on the > box? Because everyone doesn't have exactly the same setup, nobody should > have the option? If you parse all those homedirs ANY user can put in foney data cant they? I would not want to break my install with that... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Mar 6 23:32:20 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am happy to look into fixin it myself later when i have some time (i only wanted to ahve a play with smgateway), but moreover i wanted to let the guys know this occured 'out of the box' Pete Peter Bonivart wrote: > Peter Russell wrote: > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url from >> another machine on same subnet and i get >> >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > Looks like the user fsmg is not set up properly in MySQL or db.php tries > with an incorrect password. Did you get any documentation so you can > verify/correct it manually? > > Will those commercial products be supported on this list as well? > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 23:41:38 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Sunday, March 06, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway > > I am happy to look into fixin it myself later when i have some time (i > only wanted to ahve a play with smgateway), but moreover i wanted to let > the guys know this occured 'out of the box' > > Pete > > Peter Bonivart wrote: > > Peter Russell wrote: > > > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url from > >> another machine on same subnet and i get > >> > >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > > Looks like the user fsmg is not set up properly in MySQL or db.php tries > > with an incorrect password. Did you get any documentation so you can > > verify/correct it manually? > > We haven't seen this before. I'll try to respond and add the answer to the Knowledge Base. > > Will those commercial products be supported on this list as well? > > We'll shortly have a separate list for the commercial products. In the meantime bugs can be reported to: http://www.fsl.com/feedback/feedback.php Whenever possible we'll try to respond to questions and bugs personally and also add them to the SMGateway Knowledge Base. The Knowledge Base is available at: http://support.fsl.com/cgi-bin/kb.cgi Registration at this site is limited to Paid Support customers. If you have Sales or Marketing questions please write me directly. Thanks, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > -- > > /Peter Bonivart > > > > --Unix lovers do it in the Sun > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 23:55:56 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Mon, 7 Mar 2005, Raymond Dijkxhoorn wrote: > > Yes, all our users are on the MS box. So you're saying it shouldn't be an > > option even for those MS installations which do have all accounts on the > > box? Because everyone doesn't have exactly the same setup, nobody should > > have the option? > If you parse all those homedirs ANY user can put in foney data cant they? > I would not want to break my install with that... Presumably it would only apply to deliveries to that user. But since mailscanner can't determine who a mail is being delivered to I guess it's a moot point. Sadly this is a place where mailscanner shows its weakness vs other mail filtering systems. Per-user end user configurable settings is still somewhat messy to implement with mailscanner. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Mar 7 00:18:53 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! > Presumably it would only apply to deliveries to that user. But since > mailscanner can't determine who a mail is being delivered to I guess it's > a moot point. > > Sadly this is a place where mailscanner shows its weakness vs other mail > filtering systems. Per-user end user configurable settings is still > somewhat messy to implement with mailscanner. Have a look at the commercial package i would say. Thats all you need. Most larger installs allready made own frontends to do this, we also did, and its really scalable also. ... Out of the box MS needs a admin to configure it, but it can be what you tell it to be ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 7 00:26:14 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney > Sent: Sunday, March 06, 2005 6:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Peter Russell > > Sent: Sunday, March 06, 2005 6:32 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: SMgateway > > > > I am happy to look into fixin it myself later when i have some time (i > > only wanted to ahve a play with smgateway), but moreover i wanted to let > > the guys know this occured 'out of the box' > > > > Pete > > > > Peter Bonivart wrote: > > > Peter Russell wrote: > > > > > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url > from > > >> another machine on same subnet and i get > > >> > > >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > > >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > > > > Looks like the user fsmg is not set up properly in MySQL or db.php > tries > > > with an incorrect password. Did you get any documentation so you can > > > verify/correct it manually? > > > > It looks like the default data in mysql is not correct; echo "DROP DATABASE fsmg;" | /usr/bin/mysql /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql will reload the defaults. If that doesn't solve the problem, Please let me know. Regards, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 01:01:29 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Sadly this is a place where mailscanner shows its weakness vs other mail > filtering systems. Per-user end user configurable settings is still > somewhat messy to implement with mailscanner. What settings do you want the users to be able to change themselves? Almost everything in MS can be per-user but it's not easy to to let the users change it themselves. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Mar 7 01:18:54 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Mon, 7 Mar 2005, Peter Bonivart wrote: > Dan Hollis wrote: > > Sadly this is a place where mailscanner shows its weakness vs other mail > > filtering systems. Per-user end user configurable settings is still > > somewhat messy to implement with mailscanner. > What settings do you want the users to be able to change themselves? Some of them don't want specific kinds of attachment filtering. > Almost everything in MS can be per-user but it's not easy to to let the > users change it themselves. I know this -- that's the point I was trying to make! We made a web interface to let our users change per-user filtering but it's kinda gross internally, it is not easy to integrate this into mailscanner. It works but it's really ugly. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 01:20:01 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [root@localhost fsmg-1.5]# echo "DROP DATABASE fsmg;" | /usr/bin/mysql ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) [root@localhost fsmg-1.5]# service mysqld start Starting MySQL: [ OK ] [root@localhost fsmg-1.5]# echo "DROP DATABASE fsmg;" | /usr/bin/mysql ERROR 1008 at line 1: Can't drop database 'fsmg'. Database doesn't exist [root@localhost fsmg-1.5]# /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql [root@localhost fsmg-1.5]# Have a look at that - the machine was sitting there after i had installed RHEL3update4, installed fsmg and found the error in the browser, then applied your 2 commands - seems the DB wasnt installed? Anyway you were right, and it fixed it. Off to play and impress my colleagues :) Pete >> > It looks like the default data in mysql is not correct; > > echo "DROP DATABASE fsmg;" | /usr/bin/mysql > > /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql > > will reload the defaults. If that doesn't solve the problem, Please let me > know. > > Regards, > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 02:12:29 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway - thanks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have it all setup and working, active directory auth doesnt work (but i think i need to add some additional software before i try?) but imap worked fine. I can see that you can specify some basic settings per user. But would like to be able to see all messages trapped for me, review and delete/release etc? Maybe fit in with an email usage policy of keeping the old stuff for 3 months, all users having access after that it is cleaned... ? Maybe a per user option to mark as spam and deliver or hold on the server quarantine and let me wade through them later? Also if you are going to have multiple admins, in the future would it be possible for the 'master' admin to view a change log of all changes made by all adnmins, or even all users? Kinda like ikonboard does? Where i work i would have to let 4 guys have access and they would certainly play with it and claim they did nothing, having a log as proof would be advantagous :) Over all its SUPER groovy! and i am guessing it will be the new standard in AV gateways - some one will build an ISO-gateway distro for you and then i guess world domination is only a few lines of perl code ? :) (can you control WOMD with perl?) I am going to install it in front on one of my gateways and set all event to have no action, just logging to see if i can learn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 7 02:23:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway - thanks Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Sunday, March 06, 2005 9:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway - thanks > > I have it all setup and working, active directory auth doesnt work (but > i think i need to add some additional software before i try?) but imap > worked fine. Glad it's working. > > I can see that you can specify some basic settings per user. But would > like to be able to see all messages trapped for me, review and > delete/release etc? Maybe fit in with an email usage policy of keeping > the old stuff for 3 months, all users having access after that it is > cleaned... ? Look at the filters you can add / save and load in MailWatch. They are very flexible. > > Maybe a per user option to mark as spam and deliver or hold on the > server quarantine and let me wade through them later? > Interesting idea and we are always open to good ideas. This should be possible with our next iteration of MailWatch. > Also if you are going to have multiple admins, in the future would it be > possible for the 'master' admin to view a change log of all changes made > by all adnmins, or even all users? Kinda like ikonboard does? > Great idea - Adding MailWatch users and audit reports has already been implemented on our test systems. > Where i work i would have to let 4 guys have access and they would > certainly play with it and claim they did nothing, having a log as proof > would be advantagous :) > Done and will be in the updates. > Over all its SUPER groovy! and i am guessing it will be the new standard > in AV gateways - some one will build an ISO-gateway distro for you and > then i guess world domination is only a few lines of perl code ? :) (can > you control WOMD with perl?) > Thanks. Julian rules :) > I am going to install it in front on one of my gateways and set all > event to have no action, just logging to see if i can learn Good idea and let us know how we can help. Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at IALEX.NET Mon Mar 7 02:51:09 2005 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't think its been tackled as yet, kick me if it has. When winmail.dat files are generated by Outlook and emailed, have mailscanner extract, scan and reattach as a regular attachment. Amazing product! ----- Original Message ----- From: "Julian Field" To: Sent: Sunday, March 06, 2005 11:41 AM Subject: Outstanding feature/fix requests? > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Mar 5 06:28:51 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:51 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick, Have you tried this with Clamav versions > 0.82 ?. I tried to do the same thing and tried to pass some extra parameters from the clamav-wrapper of MailScanner. But it seems that the recent releases of clamav like to be instructed only from the conf file and it started showing warings in the maillog. Also Clamav seems to be using the unrarlib library (http://www.unrarlib.org/faq.html) for its support to RAR archives. But the website of its library claims that support for RAR3 is not currently scheduled (it doesnt seem to be under any active development anymore) and is hoping for some one to contribute the support. Also currently there is not Perl module that is based on unrarlib. The only available I came across was Archive::Rar and that too needs the unrar command to be installed on your system. I am looking at building RAR archive support in MailScanner, but that definitely involves a lot of work, like first building RAR3 support in unrarlib, then creating a Perl module from unrarlib and then build the support in MailScanner itself. Rakesh Rick Cooper wrote: >It's important to note that ClamAV only supports RAR v2, so the answer is: > > Uncomment the ScanRar line in the config file > >but pass the --unrar[=FULLPATH] option (and of course have the latest unrar) >if you really want to handle rar files because v2 is quite old and not >likely to be used much anymore. If you are using clamavmodule then you >cannot use the external unrar (which is why I patch my MS versions with >specific unrar code/function every release). > > -- regards, Rakesh B. Pal, Project Leader, Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ================================================== I came, I saw, I conquered ================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Mon Mar 7 05:16:02 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:51 2006 Subject: 4.40.2 -- RAR 3 support Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am very close to finishing my Unrar Perl Module using the unrarlib (c library to open Rar archives). This doesn't needs the unrar command to be installed on your system and can simply give a list of files in the archive or extract the archives to a working directory specified in the argument to the function. However the version of unrarlib (www.unrarlib.org) that I found doesn't have support for Rar 3 compression. If anyone has made unrarlib to support Rar 3 compression please pass it on to me. I am writing this Perl interface for Unrar especially with MailScanner in mind. It helps you determine the filenames and the number of files in the rar archive without extracting it. This may be needed incase you want to do filename checks but avoid virus scanning on them. Also you can extract the files to a working directory and do virus scanning on it. I will give more detailed feature specification of it on this list once I complete it. Rakesh. Julian Field wrote: > With credit for doing the hard work going to Rick Cooper: > > I have just released 4.40.2. This includes external RAR unpacking for > clamavmodule. > It also uses the unrar command to look inside RAR archives to check for > blocked filenames and filetypes, and also to see if the RAR archive is > password-protected. > > There are 2 new configuration options, "Unrar Command" and "Unrar > Timeout". Both of these will of course be added by > upgrade_MailScanner_conf. > > Please let me know what you think. > > Download from www.mailscanner.info as usual. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== It doesn't matter who you are, it's what you do that takes you far ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Mon Mar 7 06:26:27 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: Hello, > antivir --update is not working?? > seems to be that their server is down.. This command works but it seems that all servers for the freeware version are down :-(. Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 07:39:26 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Some of them don't want specific kinds of attachment filtering. I guess many of my users would like to circumvent filtering for executables for example but that would weaken the company policy. If they were to modify the above themselves I would only want them to be able to add filtering, not remove any. The same goes for spam and it can be solved in their client by using the "sss..." header, those who want to (re)move spam with a lower score than our default can do so with their own local rule. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 07:49:53 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There sia freeware version? Which one is it? Pete Uwe.Krause@FEP.FRAUNHOFER.DE wrote: > Hello, > > >>antivir --update is not working?? >>seems to be that their server is down.. > > > This command works but it seems that all servers for the freeware > version are down :-(. > > Uwe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Mon Mar 7 08:10:16 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: Please look here : http://www.antivir.de/en/support/unix_privatregistrierung/index.html "The private, non-commercial use of AntiVir Linux Workstation so as AntiVir MailGate can be used free of charge and requires a registration. With this service H+BEDV Datentechnik supports the numerous private users of the Linux community and does consequently contribute for more security.!" --- Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:04:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Felix Schwarz wrote: > | Hi all, > | > | David H. wrote: > | > |>Finally I think I have found a way to contribute back to the > MailScanner > |>community. I believe that bayes does a reasonable job, but looking > at recent > |>writing and http://crm114.sourceforge.net/ I do feel that it would > be a good > |>enhancement to MailScanner. > | > | > |>I consider this a serious project, based on your input I would either > |>implement it only for my systems or try to come up with a solution and > |>contribute the patches. > | > | > | I would be very interested in the possibility using other spam filters > | besides SpamAssin with MailScanner. CRM114 integration would be nice > | thing if it could lead to a general spam filter interface - ideally > | with some plugin functionality. > | > | And CRM114 seems to be a good choice for using it within MailScanner. > | One thing is that Bayes filters are working best if they are trained > | by their users so you should consider adding some get-the-username > | layer which may cause some problems as mailscanner sees no real users > | but only email addresses. > | Therefore a mapping for email -> user name (for resolving aliases etc) > | would be nice. This could be separated from the spam filter. > | > This is something I am trying to avoid. I do not think that it makes > sense to > build such a plugin infrastructure. CRM114 is a unique spam battling > technique > (turing complete token discrimenator) which is not used by > Spamassassin as a > technique to find spam. That is why I am interested in such > functionality. > > > | I would be interested in helping with developing a CRM114 plugin for > | MailScanner as it may help (me/others) writing a DSPAM plugin. :-) > | > As I said. I would not go into that direction. I see no benefits in using > DSPAM over Spamassassin or vice versa. I would simply like to see CRM114 > support directly in MailScanner. However, I am glad that you are > interested in > it. Maybe we could sync ideas? How about a SpamAssassin plugin for CRM114? They already have the architecture in place, and it would create far less work for me! -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Mar 7 09:04:15 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I get about 10000 mails /day in about 8 hours. What kind of machine do I need I i turn mailscanner + spamassassin + 3 antivirus programs? Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:08:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: >On Mon, 7 Mar 2005, Raymond Dijkxhoorn wrote: > > >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an >>>option even for those MS installations which do have all accounts on the >>>box? Because everyone doesn't have exactly the same setup, nobody should >>>have the option? >>> >>> >>If you parse all those homedirs ANY user can put in foney data cant they? >>I would not want to break my install with that... >> >> > >Presumably it would only apply to deliveries to that user. But since >mailscanner can't determine who a mail is being delivered to I guess it's >a moot point. > >Sadly this is a place where mailscanner shows its weakness vs other mail >filtering systems. Per-user end user configurable settings is still >somewhat messy to implement with mailscanner. > > This is exactly what the commercial product SMGateway gives you. I strongly advise that you try out SMGateway as you will find its web interface does what you need. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Mon Mar 7 09:08:42 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | | | How about a SpamAssassin plugin for CRM114? They already have the | architecture in place, and it would create far less work for me! | ~From my point of view I do not care where it interfaces with MailScanner. on the Spamassassin or ther mailScanner level. it really depends how well that plugin architecture is done, I have never needed to look at it. I will now. Thank you - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCLBoaPMoaMn4kKR4RA4HiAJ4vOtiTSJrDiOqnUCgzOyOTXST++ACgnave qD4vLTH0ApCQCqBbm3fgrcU= =/o9f -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:12:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: Keon depends on size as well as volume. But running FreeBSD 4.10 on my scanner with softupdates (sort of journaling) on the filesystem and no other optimisation (ie no ram disk for the MS work areas etc) I top out around 5000 mesgs an hour with a 2.8GHz PIV, 1.5GB DDR and 80GB SATA drive. I'm using two virus scanners, SA with lots of the SARE extra rules, two RBL's and all the URI-RBLs. YMMV! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 09:21:28 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: OT postfix question Message-ID: Isn't this due to the (sometimes unfortunate) append_at_myorigin and perhaps append_dot_mydomain? Look at "man 5 postconf" Pete... These can have some real fun implications, especially in a situation where you have no local delivery at all (as I assume this to be). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 5 mars 2005 10:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT postfix question > > > Pete Russell wrote: > > > NOthing specified in Sending sectionof main.cf > > Try specifying 'myorigin = $mydomain' (Without the quotes!), reload > Postfix and see what you get. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:29:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Julian, Is there anyway of running the ClamAV command-line with the --unrar option set correctly if the new UNRAR option is set in MailScanner.conf? An update for all those running Clam and following the RAR thread. I caught two RAR viruses over the w/end, Sophos also picked them up. But I am running clam with the wrapper modified to include the rar support for the command line scanner...which may or may not have made a difference. edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is set.. ScanOptions="--unrar=/usr/local/bin/unrar" Obviously you'll need to adjust paths where needed Here's what I caught.. Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR SophosSAVI: 075466.rar was infected by Troj/BagleDl-M So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 and my Sophos is 3.91.0. Right off to try the 4.40.2 Julian put out over the w/end... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Mon Mar 7 09:30:04 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: How about the problem of multiple subject lines in the headers? -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 06 March 2005 16:42 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outstanding feature/fix requests? Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 09:34:03 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IDEAL: Heaps of RAM and 2 CPUs and scssi disk. R LESS IDEAL: I did twice this volume on a 2.4ghz PC for the past 2weeks, using sa, ms and postfix and 2 virus scanners. But if we had any increase in load, like a big virus outbreak then we would ahve been in BIG trouble. If you have easy access to budget then always spec for worst case scenario, so when you get the big outbreak you are totally covered. Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > . > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:36:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: David good one.. I guess MS would have to scan for first (or last!!) Subject: header with non-whitespace content in it... rather than looking for 'blank' subjects??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David While wrote: > How about the problem of multiple subject lines in the headers? > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 06 March 2005 16:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Outstanding feature/fix requests? > > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Mar 7 09:42:17 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: I will start with what I have learned from this maillist when I asked the same question about 4 months ago. I will leave the more subtle details to the real experts on this list. Two slightly smaller boxes instead of a biggist one to do load shaing and have a failover system if problems occur. Great to for upgrades, etc. Mail flow continues on the 2nd box when you take the 1st off line. Round robin DNS is great. We have two identical boxes, getting a load average rarely >1 with approx 40k mesages a day in total (probably 30k in 8 hours in day time) with MS, SA and 2 anti-virus: P4, 2.8 GHz 1 GB RAM 32GB HD Nothing beefy, but does the job very well. Sylvain =========================================================== Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Clinical School Information Management Services Unit (IMSU) Medical Sciences Division University of Oxford | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== >>> kte@NEXIS.BE 07/03/2005 09:04:15 >>> If I get about 10000 mails /day in about 8 hours. What kind of machine do I need I i turn mailscanner + spamassassin + 3 antivirus programs? Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:47:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, it is quite possible for me to extract the path of the unrar program if it is set. But it will take several commands to do it each time in the clamav-wrapper. Which is going to be slow. The last thing I want to do is make the clamav-wrapper self-modifying :-) I could set the unrar command path by default in the MailScanner.conf. Then MailScanner would spit out warnings about not being able to find it and they would then have to either install it separately or disable the setting in MailScanner.conf. But I don't like the idea of a setup that warns about things by default. It is very untidy. I don't *think* I do this now. Martin Hepworth wrote: > Julian, > > Is there anyway of running the ClamAV command-line with the --unrar > option set correctly if the new UNRAR option is set in MailScanner.conf? > > > > An update for all those running Clam and following the RAR thread. > > I caught two RAR viruses over the w/end, Sophos also picked them up. But > I am running clam with the wrapper modified to include the rar support > for the command line scanner...which may or may not have made a > difference. > > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > set.. > > ScanOptions="--unrar=/usr/local/bin/unrar" > > Obviously you'll need to adjust paths where needed > > Here's what I caught.. > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > > > So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 > and my Sophos is 3.91.0. > > Right off to try the 4.40.2 Julian put out over the w/end... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >
/>********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom > they >
are addressed. If you have received this email in error please > notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
/>********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:52:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good point. The only problem with that is that it is an MTA-dependent feature, so I've got to change all the relevant functions for each MTA separately :-( And also, what should be returned from the test to see if a header starts with a given value, when one of the subject lines has the text and the other one doesn't? David While wrote: >How about the problem of multiple subject lines in the headers? >-------------------------------------------- >David While BSc CEng MBCS CITP >Department of Computing & Information >University of Central England >Tel: 0121 331 6211 >-------------------------------------------- > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: 06 March 2005 16:42 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Outstanding feature/fix requests? > >Other than a minor cosmetic one I can't reproduce, I don't think I have >any outstanding requests for fixes. > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Mar 7 09:48:16 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: Hi all, Julian Field wrote: > How about a SpamAssassin plugin for CRM114? They already have the > architecture in place, and it would create far less work for me! I looked into this and found a sample CRM114 plugin for SpamAssassin (written by Eugene Morozov). But I'm seeing three issues with pluging CRM114 into SpamAssassin: 1. AFAIK it is not possible to return multiple scores based on the CRM114 rating (such as 10% SPAM, .., 40% SPAM). CRM114 has its own threshold and can't be influenced by the command line. 2. You cannot modify the mail headers from a SpamAssassin plugin (okay, it works but it is _very_ scary). 3. You can't get rid of SpamAssassin - and I like getting rid of it because it uses much RAM and DSPAM (and partly CRM114) are faster and more accurate after some training. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Mon Mar 7 09:56:52 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: The point Sylvain makes about having multiple mail relays to provide reliability through redundancy cannot be emphasised enough. The load sharing and failover is simply done using equal value DNS MX records and round-robin. You do even better if the machines can be distrbuted around different buildings. And of course this architecture allows you to take down one machine to update OS/applications without impacting the service. You should also use RAID 1 (mirroring) on your disks; again this provides reliability through redundancy. The cost of the extra disk(s) is almost marginal. If you can have dual SCSI controllers then so much the better. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sylvain Phaneuf >Sent: 07 March 2005 09:42 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sizing machine for mailscanner > >I will start with what I have learned from this maillist when I asked >the same question about 4 months ago. I will leave the more subtle >details to the real experts on this list. > >Two slightly smaller boxes instead of a biggist one to do load shaing >and have a failover system if problems occur. Great to for upgrades, >etc. Mail flow continues on the 2nd box when you take the 1st off line. >Round robin DNS is great. > >We have two identical boxes, getting a load average rarely >1 with >approx 40k mesages a day in total (probably 30k in 8 hours in day time) >with MS, SA and 2 anti-virus: > >P4, 2.8 GHz >1 GB RAM >32GB HD > >Nothing beefy, but does the job very well. > >Sylvain > > >=========================================================== >Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 >Clinical School Information Management Services Unit (IMSU) >Medical Sciences Division >University of Oxford | email : >sylvain.phaneuf@imsu.ox.ac.uk >Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 >Oxford OX3 9DU England >=========================================================== > >>>> kte@NEXIS.BE 07/03/2005 09:04:15 >>> >If I get about 10000 mails /day in about 8 hours. What kind of machine >do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > >Thanks Koen > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 10:03:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Julian Perhaps a comment in the MailScanner.conf at the same place at new unrar option could be useful as a first shot? Or are the two options mutually exclusive - ie if you put in in one place you don't need the other? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Yes, it is quite possible for me to extract the path of the unrar > program if it is set. But it will take several commands to do it each > time in the clamav-wrapper. Which is going to be slow. The last thing I > want to do is make the clamav-wrapper self-modifying :-) > > I could set the unrar command path by default in the MailScanner.conf. > Then MailScanner would spit out warnings about not being able to find it > and they would then have to either install it separately or disable the > setting in MailScanner.conf. > > But I don't like the idea of a setup that warns about things by default. > It is very untidy. I don't *think* I do this now. > > Martin Hepworth wrote: > >> Julian, >> >> Is there anyway of running the ClamAV command-line with the --unrar >> option set correctly if the new UNRAR option is set in MailScanner.conf? >> >> >> >> An update for all those running Clam and following the RAR thread. >> >> I caught two RAR viruses over the w/end, Sophos also picked them up. But >> I am running clam with the wrapper modified to include the rar support >> for the command line scanner...which may or may not have made a >> difference. >> >> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >> set.. >> >> ScanOptions="--unrar=/usr/local/bin/unrar" >> >> Obviously you'll need to adjust paths where needed >> >> Here's what I caught.. >> >> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >> >> >> So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 >> and my Sophos is 3.91.0. >> >> Right off to try the 4.40.2 Julian put out over the w/end... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>
> />********************************************************************** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom >> they >>
are addressed. If you have received this email in error please >> notify >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be clean. >>
>>
> />********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 10:04:36 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: Vicious Circle Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich > Sent: den 5 mars 2005 18:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Vicious Circle > (snip) > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. I think you have a "fault" in your reasoning here. The responsibility (and thus requirement to produce bounces) for a message is not yours until after you've accepted the message. So if you do, as many here have already recommended, reject (with a 550) any unknown recipients/domains, then the resposibility to generate a NDN/NDR would still be _the sending MTAs problem, not yours_. So there really is no reason for you to avoid this strategy, there is little -> no risk that "valid but misspelled" messages would disapear... Anyway... That would be THEIR problem, not yours;). Spammers don't seem to use real MTAs so this strategy is pretty effective in reducing spam volume, and it effectively removes the risk that you would be used for generating "backwash" or NDN-spamming. -- Glenn > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich > Systems Administrator > http://www.tls.net > Get rid of Unwanted Emails...get TLS Spam Blocker! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 10:13:05 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahhhhhh this is exactly the issue. I have added this parm to my main.cf and all is well. Previously i added MAILTO="" to the top fo the crontab file to stop cron sending mails, but nice to ahve it actually fixed. Thanks Pete Steen, Glenn wrote: > Isn't this due to the (sometimes unfortunate) append_at_myorigin > and perhaps append_dot_mydomain? > Look at "man 5 postconf" Pete... > > These can have some real fun implications, especially in a situation > where you have no local delivery at all (as I assume this to be). > > -- Glenn > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall >>Sent: den 5 mars 2005 10:47 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: OT postfix question >> >> >>Pete Russell wrote: >> >> >>>NOthing specified in Sending sectionof main.cf >> >>Try specifying 'myorigin = $mydomain' (Without the quotes!), reload >>Postfix and see what you get. >> >>Drew >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 10:36:53 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > set.. > > ScanOptions="--unrar=/usr/local/bin/unrar" Isn't it better to use one of these lines instead? #ExtraScanOptions="$ExtraScanOptions --unrar" #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 10:34:24 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > And also, what should be returned from the test to see if a header > starts with a given value, when one of the subject lines has the text > and the other one doesn't? > > David While wrote: > >> How about the problem of multiple subject lines in the headers? Isn't it safest to just modify all subject lines found? Who knows which one different MUA:s will show? So far I have only seen two subject lines, never more and they have the same content but only one of them is modified by MS. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 10:41:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Peter could well be - I'll make the change and try it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Bonivart wrote: > Martin Hepworth wrote: > >> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >> set.. >> >> ScanOptions="--unrar=/usr/local/bin/unrar" > > > Isn't it better to use one of these lines instead? > > #ExtraScanOptions="$ExtraScanOptions --unrar" > #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 10:44:50 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:51 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rakesh > Sent: Saturday, March 05, 2005 1:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Rick, > > Have you tried this with Clamav versions > 0.82 ?. I tried to do the > same thing and tried to pass some extra parameters from the > clamav-wrapper of MailScanner. But it seems that the recent releases of > clamav like to be instructed only from the conf file and it started > showing warings in the maillog. As I recall clamscan will attempt to use it's internal unrar first and (if --unrar= is set) if it fails it uses the one passed to it. I just tried that with 0.83 and that is just what it does. Note the first line after the clamscan command. [rcooper@srv2 tmp]$ clamscan --unrar=/usr/bin/unrar Test.rar /tmp/Test.rar: RAR module failure RAR 3.41 Copyright (c) 1993-2004 Alexander Roshal 2 Nov 2004 Registered to Rick Cooper Extracting from /tmp/Test.rar Extracting FreeBSD.html OK Extracting docs.html OK Extracting index.html OK Extracting index.new.html OK Extracting phishing.html OK Extracting presentations.html OK Extracting press.html OK Extracting pressreleases.html OK Extracting reject.html OK Extracting sobig.html OK Extracting support.html OK All OK > > Also Clamav seems to be using the unrarlib library > (http://www.unrarlib.org/faq.html) for its support to RAR archives. But > the website of its library claims that support for RAR3 is not currently > scheduled (it doesnt seem to be under any active development anymore) > and is hoping for some one to contribute the support. Also currently > there is not Perl module that is based on unrarlib. The only available I > came across was Archive::Rar and that too needs the unrar command to be > installed on your system. There is no RAR3 library because of some licensing issue. ClamAV could use the 3+ version but there is some language within the library that would cause issue. The ClamAV maintainers have said (say in every version of the docs and api) they will never include 3.+ support. This would be the reason, I would think, that Archive::Rar would need the external rar. The "RAR module failure" error from clam is specifically the result of 3.+ Rars (from looking at the source) which is why that error has been won't show up in the MailScanner log anymore. Rick > > I am looking at building RAR archive support in MailScanner, but that > definitely involves a lot of work, like first building RAR3 support in > unrarlib, then creating a Perl module from unrarlib and then build the > support in MailScanner itself. > > Rakesh > > Rick Cooper wrote: > > >It's important to note that ClamAV only supports RAR v2, so the > answer is: > > > > Uncomment the ScanRar line in the config file > > > >but pass the --unrar[=FULLPATH] option (and of course have the > latest unrar) > >if you really want to handle rar files because v2 is quite old and not > >likely to be used much anymore. If you are using clamavmodule then you > >cannot use the external unrar (which is why I patch my MS versions with > >specific unrar code/function every release). > > > > > > > -- > > regards, > Rakesh B. Pal, > Project Leader, > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ================================================== > I came, I saw, I conquered > ================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 11:05:41 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Peter > > could well be - I'll make the change and try it.. Just to clarify, I didn't mean better as in function but as in form. They should do the same thing but Kevin added those lines so we easily could enable needed functions. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Mar 7 11:08:51 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:51 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Fri, 4 Mar 2005, David Lee wrote: > [...] > We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has > found that this seems to be an error within its tests (i.e. Mail::ClamAV > itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he > gave me, I derived the following patch. > [...] On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these issues, and he has released version 0.16 over the weekend. This seems to have fixed most of the failures in the test suite, but it a separate set of residual failures at the end, related to the "scanbuff" interface onto ClamAV itself. I understand from the "clamav-devel" list that this interface is deprecated (scheduled for removal at ClamAV 0.90). From james at GRAYONLINE.ID.AU Mon Mar 7 11:05:37 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Mar 2005 08:04 pm, Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen I set up a charity organisation recently with Linux (Debian Woody), MailScanner, SpamAssassin 3.0.2 and ClamAV 0.83 on a Celeron 400 with 512MB RAM and a single 40GB ATA66 drive[1]. They are handling a similar load to what you describe at a rate of about 4sec/message. System load hovers around 0.4-0.6 when a steady stream of mail arrives. TO squeeze some speed out of this box, I set up a caching-only name server on the same network and the MailScanner work directory is a RAM drive (128MB). Other stuff I did to tweak things a little was compile a customised kernel (for i686) and pretty much ripped out every service and package not essential for a mail server - it's even running ssh via inetd (slow to connect but fine once you're on). Additional virus scanners don't seem to slow things down much in MailScanner (I increased the mail gateway at work from McAfee only to McAfee+ClamAV+Sophos+BitDefender and the increase in load and message processing time was zero); the bottleneck is all the RBL's in SA3 and the handling of large messages in SA3 - hence the caching name server. MailScanner and the virus scanners are pretty quick. The charity's mail gateway is running MailScanner with only 2 children too as that's about all I could spare with the RAM drive. 3 children went awfully close to filling physical RAM and I didn't want the box to start paging with only a single (ATA - bleh) drive. Paging kills performance. Obviously this set up is a corner case and wont scale but it shows what can be achieved with very "old" technology with some sensible selections and lean configuration. HTH, James [1] It was the box with the most grunt available - even then I pilfered RAM from a desktop machine or two :P ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:12:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done. It will keep the 1st Subject: header and discard all following ones. Choosing which to keep is an arbitrary decision, and keeping the 1st was easier to implement :-) Julian Field wrote: > Good point. The only problem with that is that it is an MTA-dependent > feature, so I've got to change all the relevant functions for each MTA > separately :-( > > And also, what should be returned from the test to see if a header > starts with a given value, when one of the subject lines has the text > and the other one doesn't? > > David While wrote: > >> How about the problem of multiple subject lines in the headers? >> -------------------------------------------- >> David While BSc CEng MBCS CITP >> Department of Computing & Information >> University of Central England >> Tel: 0121 331 6211 >> -------------------------------------------- >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 06 March 2005 16:42 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Outstanding feature/fix requests? >> >> Other than a minor cosmetic one I can't reproduce, I don't think I have >> any outstanding requests for fixes. >> >> Does anyone know of any fixes or features they would like to see, that I >> haven't yet done? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 11:21:51 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Monday, March 07, 2005 4:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamav and RAR..(update and feature request) > > > Yes, it is quite possible for me to extract the path of the unrar > program if it is set. But it will take several commands to do it each > time in the clamav-wrapper. Which is going to be slow. The last thing I > want to do is make the clamav-wrapper self-modifying :-) > > I could set the unrar command path by default in the MailScanner.conf. > Then MailScanner would spit out warnings about not being able to find it > and they would then have to either install it separately or disable the > setting in MailScanner.conf. > > But I don't like the idea of a setup that warns about things by default. > It is very untidy. I don't *think* I do this now. How about something like: # # Virus scanner definitions table # my $ClamOptions = '-r --disable-summary --stdout'; $ClamOptions = '-r --unrar='.MailScanner::Config::Value('unrarcommand').' --disable-summary --stdout' if MailScanner::Config::Value('unrarcommand') && (-e MailScanner::Config::Value('unrarcommand')); then "clamav" => { Name => 'ClamAV', Lock => 'ClamAVBusy.lock', CommonOptions => $ClamOptions, DisinfectOptions => '', ScanOptions => '', InitParser => \&InitClamAVParser, ProcessOutput => \&ProcessClamAVOutput, SupportScanning => $S_SUPPORTED, SupportDisinfect => $S_NONE, }, Would this not get the external rar into the clamav wrapper, only if they have declared the path to unrar and the file actually exists? Rick > > Martin Hepworth wrote: > > > Julian, > > > > Is there anyway of running the ClamAV command-line with the --unrar > > option set correctly if the new UNRAR option is set in MailScanner.conf? > > > > > > > > An update for all those running Clam and following the RAR thread. > > > > I caught two RAR viruses over the w/end, Sophos also picked them up. But > > I am running clam with the wrapper modified to include the rar support > > for the command line scanner...which may or may not have made a > > difference. > > > > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > > set.. > > > > ScanOptions="--unrar=/usr/local/bin/unrar" > > > > Obviously you'll need to adjust paths where needed > > > > Here's what I caught.. > > > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > > > > > > So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 > > and my Sophos is 3.91.0. > > > > Right off to try the 4.40.2 Julian put out over the w/end... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >
> />********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > > they > >
are addressed. If you have received this email in error please > > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
> />********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:48:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Monday, March 07, 2005 4:48 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: clamav and RAR..(update and feature request) >> >> >>Yes, it is quite possible for me to extract the path of the unrar >>program if it is set. But it will take several commands to do it each >>time in the clamav-wrapper. Which is going to be slow. The last thing I >>want to do is make the clamav-wrapper self-modifying :-) >> >>I could set the unrar command path by default in the MailScanner.conf. >>Then MailScanner would spit out warnings about not being able to find it >>and they would then have to either install it separately or disable the >>setting in MailScanner.conf. >> >>But I don't like the idea of a setup that warns about things by default. >>It is very untidy. I don't *think* I do this now. >> >> > >How about something like: > ># ># Virus scanner definitions table ># >my $ClamOptions = '-r --disable-summary --stdout'; >$ClamOptions = >'-r --unrar='.MailScanner::Config::Value('unrarcommand').' --disable-summary > --stdout' > if MailScanner::Config::Value('unrarcommand') && (-e >MailScanner::Config::Value('unrarcommand')); > >then > > "clamav" => { > Name => 'ClamAV', > Lock => 'ClamAVBusy.lock', > CommonOptions => $ClamOptions, > DisinfectOptions => '', > ScanOptions => '', > InitParser => \&InitClamAVParser, > ProcessOutput => \&ProcessClamAVOutput, > SupportScanning => $S_SUPPORTED, > SupportDisinfect => $S_NONE, > }, > >Would this not get the external rar into the clamav wrapper, only if they >have declared the path to unrar and the file actually exists? > > Unfortunately the hash is set up at "use" time, before any code is executed. So I can't call Config::Value in there. I will need to insert in at run-time. Should be fairly easy to do. >Rick > > > >>Martin Hepworth wrote: >> >> >> >>>Julian, >>> >>>Is there anyway of running the ClamAV command-line with the --unrar >>>option set correctly if the new UNRAR option is set in MailScanner.conf? >>> >>> >>> >>>An update for all those running Clam and following the RAR thread. >>> >>>I caught two RAR viruses over the w/end, Sophos also picked them up. But >>>I am running clam with the wrapper modified to include the rar support >>>for the command line scanner...which may or may not have made a >>>difference. >>> >>>edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >>>set.. >>> >>>ScanOptions="--unrar=/usr/local/bin/unrar" >>> >>>Obviously you'll need to adjust paths where needed >>> >>>Here's what I caught.. >>> >>>Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >>> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >>> >>> >>>So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 >>>and my Sophos is 3.91.0. >>> >>>Right off to try the 4.40.2 Julian put out over the w/end... >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>>
>>/>********************************************************************** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom >>>they >>>
are addressed. If you have received this email in error please >>>notify >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be clean. >>>
>>>
>>/>********************************************************************** >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:58:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done. If the unrar command exists and the "unrar command" option is set to point to it correctly, it will automatically be used by the "clamav" scanner. Julian Field wrote: > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Julian Field >>> Sent: Monday, March 07, 2005 4:48 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: clamav and RAR..(update and feature request) >>> >>> >>> Yes, it is quite possible for me to extract the path of the unrar >>> program if it is set. But it will take several commands to do it each >>> time in the clamav-wrapper. Which is going to be slow. The last thing I >>> want to do is make the clamav-wrapper self-modifying :-) >>> >>> I could set the unrar command path by default in the MailScanner.conf. >>> Then MailScanner would spit out warnings about not being able to >>> find it >>> and they would then have to either install it separately or disable the >>> setting in MailScanner.conf. >>> >>> But I don't like the idea of a setup that warns about things by >>> default. >>> It is very untidy. I don't *think* I do this now. >>> >>> >> >> How about something like: >> >> # >> # Virus scanner definitions table >> # >> my $ClamOptions = '-r --disable-summary --stdout'; >> $ClamOptions = >> '-r --unrar='.MailScanner::Config::Value('unrarcommand').' >> --disable-summary >> --stdout' >> if MailScanner::Config::Value('unrarcommand') && (-e >> MailScanner::Config::Value('unrarcommand')); >> >> then >> >> "clamav" => { >> Name => 'ClamAV', >> Lock => 'ClamAVBusy.lock', >> CommonOptions => $ClamOptions, >> DisinfectOptions => '', >> ScanOptions => '', >> InitParser => \&InitClamAVParser, >> ProcessOutput => \&ProcessClamAVOutput, >> SupportScanning => $S_SUPPORTED, >> SupportDisinfect => $S_NONE, >> }, >> >> Would this not get the external rar into the clamav wrapper, only if >> they >> have declared the path to unrar and the file actually exists? >> >> > Unfortunately the hash is set up at "use" time, before any code is > executed. So I can't call Config::Value in there. > I will need to insert in at run-time. Should be fairly easy to do. > >> Rick >> >> >> >>> Martin Hepworth wrote: >>> >>> >>> >>>> Julian, >>>> >>>> Is there anyway of running the ClamAV command-line with the --unrar >>>> option set correctly if the new UNRAR option is set in >>>> MailScanner.conf? >>>> >>>> >>>> >>>> An update for all those running Clam and following the RAR thread. >>>> >>>> I caught two RAR viruses over the w/end, Sophos also picked them >>>> up. But >>>> I am running clam with the wrapper modified to include the rar support >>>> for the command line scanner...which may or may not have made a >>>> difference. >>>> >>>> edit /opt/MailScanner/lib/clamav-wrapper and make sure the >>>> following is >>>> set.. >>>> >>>> ScanOptions="--unrar=/usr/local/bin/unrar" >>>> >>>> Obviously you'll need to adjust paths where needed >>>> >>>> Here's what I caught.. >>>> >>>> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >>>> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >>>> >>>> >>>> So make sure you're AV packages can handle RAR types. My ClamAV is >>>> 0.83 >>>> and my Sophos is 3.91.0. >>>> >>>> Right off to try the 4.40.2 Julian put out over the w/end... >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>>
>>> />********************************************************************** >>>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>> and >>>>
intended solely for the use of the individual or entity to whom >>>> they >>>>
are addressed. If you have received this email in error please >>>> notify >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>> clean. >>>>
>>>>
>>> />********************************************************************** >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> MailScanner thanks transtec Computers for their support >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> >>> >>> >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Patrick.Zerbin at SYLVANIA-LIGHTING.COM Mon Mar 7 11:54:47 2005 From: Patrick.Zerbin at SYLVANIA-LIGHTING.COM (Patrick Zerbin) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Sunday, March 06, 2005 5:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Outstanding feature/fix requests? > > > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > Hi! A feature like exclude file extensions when the are zipped i.e. strip all .exe files if they are attached directly but let them pass if they are in a .zip, .rar etc. I would prefer a allow rule where you have to set all allowed file extensions and if nothing is configured than the normal behavior should match. Optionally: It would be really nice if you can set this up per sender or/and receiver email address. Patrick. -- Patrick Zerbin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 11:59:10 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mine still fails at make on RHEL4 Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. Can't locate Mail/ClamAV.pm in @INC (@INC contains: /root/.cpan/build/Mail-ClamAV-0.16/blib/arch /root/.cpan/build/Mail-ClamAV-0.16/blib/lib /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 make: *** Waiting for unfinished jobs.... cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/make -j3 -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of David Lee >>Sent: Monday, March 07, 2005 6:09 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat >>Enterprise 4] >> >> >>On Fri, 4 Mar 2005, David Lee wrote: >> >> >>>[...] >>>We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has >>>found that this seems to be an error within its tests (i.e. Mail::ClamAV >>>itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he >>>gave me, I derived the following patch. >>>[...] >> >>On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these >>issues, and he has released version 0.16 over the weekend. This seems to >>have fixed most of the failures in the test suite, but it a separate set >>of residual failures at the end, related to the "scanbuff" interface onto >>ClamAV itself. I understand from the "clamav-devel" list that this >>interface is deprecated (scheduled for removal at ClamAV 0.90). >> >>From the MailScanner perspective, I think the experience of people on this >>list with Mail::ClamAV 0.14 is that none of these failures in that >>module's test suite is important. I've just installed 0.16 and that, too, >>seems fine. >> >>I've also written to the author again suggesting that he might simply >>remove his "scanbuff" tests. > > > What is truly funny about this is the fact that the author's own docs > suggest you not use the scanbuff interface, and quotes the maintainers as to > why > > I also noted that he fixed (he just added CL_SCAN_STDOPT to cover the bases) > everything except the scanbuff. But looking at the change log I also note > that other tests passed on his system "for some reason". If you look at his > test code it is doomed to failure anyway because the API docs clearly state > the buffer must be unpacked, de-mimed, completely processed before passing > it to cl_scanbuiff and he is passing it a .zip file... so I really wonder > how it passes on his system? > > Rick > > > >>-- >> >>: David Lee I.T. Service : >>: Senior Systems Programmer Computer Centre : >>: University of Durham : >>: http://www.dur.ac.uk/t.d.lee/ South Road : >>: Durham : >>: Phone: +44 191 334 2752 U.K. : >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 12:26:09 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would it be possible to have a feature where we can block mail base don the number of recipients? We use an MS server to filter all outbound mail and we have a lot of public users, i noticed one today send an email with a Subject of Autopost4 to 150 odd recipients. The boss says he would like to limit this, if it were possible? Pete Patrick Zerbin wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 06, 2005 5:42 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Outstanding feature/fix requests? >> >> >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> > > Hi! > > A feature like exclude file extensions when the are zipped i.e. strip all > .exe > files if they are attached directly but let them pass if they are in a .zip, > .rar etc. > I would prefer a allow rule where you have to set all allowed file > extensions and > if nothing is configured than the normal behavior should match. > Optionally: > It would be really nice if you can set this up per sender or/and receiver > email address. > > Patrick. > > -- > Patrick Zerbin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Mon Mar 7 12:28:27 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Pete Russell wrote: | Would it be possible to have a feature where we can block mail base don | the number of recipients? | Your MTA will/should be able to do this. - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCLEjrPMoaMn4kKR4RA7eoAJwMcUc1sXf/M79YNo1z0uBqzpB6FwCdEbBT dP7YqYRfVwPUZlUt1bhwrxw= =WfE5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 12:48:00 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Pete Russell > Sent: Monday, March 07, 2005 7:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > > Would it be possible to have a feature where we can block mail base don > the number of recipients? > > We use an MS server to filter all outbound mail and we have a lot of > public users, i noticed one today send an email with a Subject of > Autopost4 to 150 odd recipients. The boss says he would like to limit > this, if it were possible? > > Pete I do that at the MTA level now, I log at 10 or more and log/block above 20. Now there is an exception list for BDC personell that send certain reminders and other customer related information to customer lists that have requested it from the dealerships or from Ford Mo. Now that is using Exim, but I would assume any MTA could do it. Rick > > Patrick Zerbin wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Julian Field > >>Sent: Sunday, March 06, 2005 5:42 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Outstanding feature/fix requests? > >> > >> > >>Other than a minor cosmetic one I can't reproduce, I don't think I have > >>any outstanding requests for fixes. > >> > >>Does anyone know of any fixes or features they would like to see, that I > >>haven't yet done? > >> > > > > Hi! > > > > A feature like exclude file extensions when the are zipped i.e. > strip all > > .exe > > files if they are attached directly but let them pass if they > are in a .zip, > > .rar etc. > > I would prefer a allow rule where you have to set all allowed file > > extensions and > > if nothing is configured than the normal behavior should match. > > Optionally: > > It would be really nice if you can set this up per sender > or/and receiver > > email address. > > > > Patrick. > > > > -- > > Patrick Zerbin > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 12:43:29 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Patrick Zerbin > Sent: Monday, March 07, 2005 6:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Julian Field > > Sent: Sunday, March 06, 2005 5:42 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Outstanding feature/fix requests? > > > > > > Other than a minor cosmetic one I can't reproduce, I don't think I have > > any outstanding requests for fixes. > > > > Does anyone know of any fixes or features they would like to see, that I > > haven't yet done? > > > Hi! > > A feature like exclude file extensions when the are zipped i.e. strip all > .exe > files if they are attached directly but let them pass if they are > in a .zip, > .rar etc. > I would prefer a allow rule where you have to set all allowed file > extensions and > if nothing is configured than the normal behavior should match. > Optionally: > It would be really nice if you can set this up per sender or/and receiver > email address. > > I can post a couple of patches that allow this, uses a second config option, and a second value/rule set for the filename and type rules. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Mar 7 12:59:38 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Mon, 7 Mar 2005, Pete Russell wrote: > Mine still fails at make on RHEL4 > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 > blib/arch > Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.16/blib/arch > /root/.cpan/build/Mail-ClamAV-0.16/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > [...] Whereas the earlier parts of this thread were about Mail::ClamAV failing the "make test" stage (i.e. relatively late), this problem is way before it gets that far. Some of what follows might be obvious, but I'm including it "just in case". The Mail::ClamAV module is simply a thin wrapper onto your existing "clamav" software. The build procedure for this module probably cannot find your installation of it. Quick test: Do something like "clamav-config --cflags" which, on a working system, would echo back the "CFLAGS" necessary for things that want to interface with the clamav software. It's my guess that on your system you'll get "Command not found" or similar. Find out where the clamav software is located on your particular system. Set the PATH to include that location's bin directory. Verify that "clamav-config --cflags" now does work, returning typical CFLAGS-like things. Now, with that PATH set up, re-try the build. This should work (although may later fail at the "make test" stage) as discussed previously on this thread. To see the gory details, cd to its build directory (if from CPAN, probably something like ".cpan/build/Mail-ClamAV-0.16"). Do "make clean", to get a clean start, then "perl Makefile.PL" then "make". Et cetera. (If you peek inside "Makefile.PL", you'll see stuff relating to the "clamav-config --cflags" discussed above.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 12:50:35 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Hi! On two boxen, I constantly have mails which are, apparingly, damaged by MailScanner so that postfix, after picking them up again, quarantines them into its "corrupt"-folder. When I `postcat` such a damaged mail, I invariably see the same pattern, which I think is best explained by an example: .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. message_size: 9158 317 2 0 message_arrival_time: Mon Nov 15 22:28:40 2004 sender: sender@domain named_attribute: client_name=mail.gmx.de named_attribute: client_address=213.165.64.20 named_attribute: message_origin=mail.gmx.de[213.165.64.20] named_attribute: helo_name=mail.gmx.net named_attribute: protocol_name=SMTP warning_message_time: Tue Nov 16 02:28:40 2004 original_recipient: user@domain recipient: user@domain *** MESSAGE CONTENTS 4C80A7375E *** Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) ... message_size: 0 0 0 0 message_arrival_time: Mon Nov 15 22:28:40 2004 sender: sender@domain named_attribute: client_name=mail.gmx.de named_attribute: client_address=213.165.64.20 named_attribute: message_origin=mail.gmx.de[213.165.64.20] original_recipient: user@domain recipient: user@domain *** MESSAGE CONTENTS 4C80A7375E *** Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) ... X-host-MailScanner: Did not find any virus X-host-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) X-MailScanner-From: sender@domain .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. So, the pattern is postfix-headers *** MESSAGE CONTENTS queue-id *** normal mail-headers postfix-headers *** MESSAGE CONTENTS queue-id *** normail mail-headers mail content MailScanner-headers mail-contents again Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see this happening on another box, which runs 4.37.7-1/2.1.5-5, but on sun4u instead of i386. Any hints? The only thing I could google up was filesystem corruption, which I'm pretty sure I can rule out here. Judging from the position of the MailScanner headers, I'd guess it's MailScanner screwing up somehow, but since I don't know, I ask ;) cheers+TIA, &rw -- -- A sendmail / by any other name -- Would still / HELO just.as.swe.et -- - Greg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Mon Mar 7 13:01:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: clamav and RAR..(update and feature request) Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 7 mars 2005 10:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamav and RAR..(update and feature request) > (snip) > I caught two RAR viruses over the w/end, Sophos also picked > them up. But (snip) > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M Isn't that just a ClamAV signature for the entire RAR file? We saw a few more than 2, the first couple or so found by mcafee and bitdefender, and after a while by that exact clam sig. I don't use any version 3 capable unrar, except what bdc and uvscan might be able to do (If any slip through, the second level filename checks get them... And those were quiet:). -- Glenn (who will need look into using the new unrar features:) (snip) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >
/>************************************************************ > ********** >
>
This email and any files transmitted with it are > confidential and >
intended solely for the use of the individual or entity > to whom they >
are addressed. If you have received this email in error > please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to > be clean. >
>
/>************************************************************ > ********** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 13:13:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robert Waldner > Sent: den 7 mars 2005 13:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Problem with MailScanner, postfix and corrupt mails > > > > Hi! > > On two boxen, I constantly have mails which are, apparingly, > damaged by > MailScanner so that postfix, after picking them up again, quarantines > them into its "corrupt"-folder. > > When I `postcat` such a damaged mail, I invariably see the same > pattern, which I think is best explained by an example: > > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > message_size: 9158 317 2 > 0 > message_arrival_time: Mon Nov 15 22:28:40 2004 > sender: sender@domain > named_attribute: client_name=mail.gmx.de > named_attribute: client_address=213.165.64.20 > named_attribute: message_origin=mail.gmx.de[213.165.64.20] > named_attribute: helo_name=mail.gmx.net > named_attribute: protocol_name=SMTP > warning_message_time: Tue Nov 16 02:28:40 2004 > original_recipient: user@domain > recipient: user@domain > *** MESSAGE CONTENTS 4C80A7375E *** > Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > ... > > > message_size: 0 0 0 > 0 > message_arrival_time: Mon Nov 15 22:28:40 2004 > sender: sender@domain > named_attribute: client_name=mail.gmx.de > named_attribute: client_address=213.165.64.20 > named_attribute: message_origin=mail.gmx.de[213.165.64.20] > original_recipient: user@domain > recipient: user@domain > *** MESSAGE CONTENTS 4C80A7375E *** > Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > ... > time> > > X-host-MailScanner: Did not find any virus > X-host-MailScanner-SpamCheck: not spam, > SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) > X-MailScanner-From: sender@domain > > > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > > So, the pattern is > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normal mail-headers > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normail mail-headers > mail content > MailScanner-headers > mail-contents again > > Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ > postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see > this happening on another box, which runs 4.37.7-1/2.1.5-5, but on > sun4u instead of i386. > > Any hints? The only thing I could google up was filesystem corruption, > which I'm pretty sure I can rule out here. Judging from the position > of the MailScanner headers, I'd guess it's MailScanner screwing up > somehow, but since I don't know, I ask ;) Hm, the only time I've seen corrupt messages is when I've experienced machine failures (had a "bad kernel" situation a while back that made those ... frequent:-)... Until today, when I had one "unforced". Didn't analyze it more than to see that it was a spam, so unfortunately I deleted it. Will be sure to look more closely on this. Could you determine anything more these corrupt queue files have in common? Oh and BTW, you do run a one queue setup, right? -- Glenn > > cheers+TIA, > &rw > -- > -- A sendmail / by any other name > -- Would still / HELO just.as.swe.et > -- - Greg > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Mon Mar 7 13:28:07 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >>Sent: den 5 mars 2005 18:10 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Vicious Circle >> > > (snip) > >>I am at a loss, the root of the issue is I have 100k messages a day, >>some just *might* be legitimate address misspellings, I can't drop all >>bounces. But the vast majority are trash. > > > I think you have a "fault" in your reasoning here. The responsibility > (and thus requirement to produce bounces) for a message is not yours > until after you've accepted the message. So if you do, as many here have > already recommended, reject (with a 550) any unknown recipients/domains, > then the resposibility to generate a NDN/NDR would still be _the sending > MTAs problem, not yours_. Ahh, I understand now, but if I reject with a 550, won't that cause my MailScanner box to then generate the bounce back to the original server? Foreign Server -> TLS-MailScanner -> TLS-Toaster How are others Using MailScanner in front of pop toasters handling this issue? It is looking as if moving the "User Check" to the MailScanner machine _is_ my one good option. Thanks, DAve > So there really is no reason for you to avoid this strategy, there is > little -> no risk that "valid but misspelled" messages would disapear... > Anyway... That would be THEIR problem, not yours;). > > Spammers don't seem to use real MTAs so this strategy is pretty > effective in reducing spam volume, and it effectively removes the > risk that you would be used for generating "backwash" or NDN-spamming. > -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 13:41:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: Dave Goodrich wrote: > Steen, Glenn wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >>> Sent: den 5 mars 2005 18:10 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Vicious Circle >>> >> >> (snip) >> >>> I am at a loss, the root of the issue is I have 100k messages a day, >>> some just *might* be legitimate address misspellings, I can't drop all >>> bounces. But the vast majority are trash. >> >> >> >> I think you have a "fault" in your reasoning here. The responsibility >> (and thus requirement to produce bounces) for a message is not yours >> until after you've accepted the message. So if you do, as many here have >> already recommended, reject (with a 550) any unknown recipients/domains, >> then the resposibility to generate a NDN/NDR would still be _the sending >> MTAs problem, not yours_. > > > Ahh, I understand now, but if I reject with a 550, won't that cause my > MailScanner box to then generate the bounce back to the original server? > > Foreign Server -> TLS-MailScanner -> TLS-Toaster > > How are others Using MailScanner in front of pop toasters handling this > issue? It is looking as if moving the "User Check" to the MailScanner > machine _is_ my one good option. > > Thanks, > > DAve > Dave not if you 550 reject on the inbound MTA. It never goes anywhere near MS, it simply drops the inbound connection with a "550 no such address". Any mistyped email address from a real user will get that message, ie they get a proper bounce message from their MTA. Any spam attempts from automated/trojaned machines will just ignore it and carry on to the next victim. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 13:31:39 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 14:13:23 +0100, "Steen, Glenn" writes: >Hm, the only time I've seen corrupt messages is when I've experienced >machine failures (had a "bad kernel" situation a while back that made >those ... frequent:-)... Until today, when I had one "unforced". Didn't >analyze it more than to see that it was a spam, so unfortunately I >deleted it. Will be sure to look more closely on this. I could believe filesystem trouble on one machine, but on two, running off HW RAID-1? Unlikely, especially since I probably would've seen other problems then, too. >Could you determine anything more these corrupt queue files have in >common? Other than the "structure" of the corruption, I couldn't find any similarities, happens to newsletters, locally originated stuff, personal mails from all over the world, spam. It hits 1-2 mails/day/ machine (which do about 10k/day each). >Oh and BTW, you do run a one queue setup, right? How do you mean "one queue setup"? I have postfix stuff the mails into postfix/hold, where MailScanner picks them up and then requeues them into postfix/incoming: Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Both directories reside on the same local partition. cheers, &rw -- -- Honestly, security experts don't pick on Microsoft because we have -- some fundamental dislike for the company. Indeed, Microsoft's poor -- products are one of the reasons we're in business. -- - Bruce Schneier ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Mon Mar 7 13:55:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have seen this once before on a client's system. I have never been able to reliably reproduce the problem, which makes it pretty much impossible to fix. Even exactly the same message would behave properly most of the time, but occasionally not. How big are your mail batches (as picked up by MailScanner)? What version of MailScanner are you running? ("MailScanner -v" please) Robert Waldner wrote: >Hi! > >On two boxen, I constantly have mails which are, apparingly, damaged by > MailScanner so that postfix, after picking them up again, quarantines > them into its "corrupt"-folder. > >When I `postcat` such a damaged mail, I invariably see the same > pattern, which I think is best explained by an example: > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. >message_size: 9158 317 2 0 >message_arrival_time: Mon Nov 15 22:28:40 2004 >sender: sender@domain >named_attribute: client_name=mail.gmx.de >named_attribute: client_address=213.165.64.20 >named_attribute: message_origin=mail.gmx.de[213.165.64.20] >named_attribute: helo_name=mail.gmx.net >named_attribute: protocol_name=SMTP >warning_message_time: Tue Nov 16 02:28:40 2004 >original_recipient: user@domain >recipient: user@domain >*** MESSAGE CONTENTS 4C80A7375E *** >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >... > > >message_size: 0 0 0 0 >message_arrival_time: Mon Nov 15 22:28:40 2004 >sender: sender@domain >named_attribute: client_name=mail.gmx.de >named_attribute: client_address=213.165.64.20 >named_attribute: message_origin=mail.gmx.de[213.165.64.20] >original_recipient: user@domain >recipient: user@domain >*** MESSAGE CONTENTS 4C80A7375E *** >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >... > time> > >X-host-MailScanner: Did not find any virus >X-host-MailScanner-SpamCheck: not spam, > SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) >X-MailScanner-From: sender@domain > > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > >So, the pattern is > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normal mail-headers > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normail mail-headers > mail content > MailScanner-headers > mail-contents again > >Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ > postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see > this happening on another box, which runs 4.37.7-1/2.1.5-5, but on > sun4u instead of i386. > >Any hints? The only thing I could google up was filesystem corruption, > which I'm pretty sure I can rule out here. Judging from the position > of the MailScanner headers, I'd guess it's MailScanner screwing up > somehow, but since I don't know, I ask ;) > >cheers+TIA, >&rw >-- >-- A sendmail / by any other name >-- Would still / HELO just.as.swe.et >-- - Greg > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Mon Mar 7 13:48:17 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner and score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have a problem. I set "score bayes_99" to 3.00 points. But it's not enought. I want to raise the score to 4 or maybe a bit more, but when I modify the config file, and restart MailScanner, nothing happens. I had tried some difrent score, but MailScanner countiues using 3.00 as the score for "bayes_99"... :-( Any idears? Looking forward to hear some solutions! :-) Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 13:54:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 7 mars 2005 14:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Vicious Circle > > > Dave Goodrich wrote: > > Steen, Glenn wrote: > > > >>> -----Original Message----- > >>> From: MailScanner mailing list > >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich > >>> Sent: den 5 mars 2005 18:10 > >>> To: MAILSCANNER@JISCMAIL.AC.UK > >>> Subject: Vicious Circle > >>> > >> > >> (snip) > >> > >>> I am at a loss, the root of the issue is I have 100k > messages a day, > >>> some just *might* be legitimate address misspellings, I > can't drop all > >>> bounces. But the vast majority are trash. > >> > >> > >> > >> I think you have a "fault" in your reasoning here. The > responsibility > >> (and thus requirement to produce bounces) for a message is > not yours > >> until after you've accepted the message. So if you do, as > many here have > >> already recommended, reject (with a 550) any unknown > recipients/domains, > >> then the resposibility to generate a NDN/NDR would still > be _the sending > >> MTAs problem, not yours_. > > > > > > Ahh, I understand now, but if I reject with a 550, won't > that cause my > > MailScanner box to then generate the bounce back to the > original server? > > > > Foreign Server -> TLS-MailScanner -> TLS-Toaster > > > > How are others Using MailScanner in front of pop toasters > handling this > > issue? It is looking as if moving the "User Check" to the > MailScanner > > machine _is_ my one good option. > > > > Thanks, > > > > DAve > > > > Dave > > not if you 550 reject on the inbound MTA. It never goes anywhere near > MS, it simply drops the inbound connection with a "550 no > such address". > > Any mistyped email address from a real user will get that message, ie > they get a proper bounce message from their MTA. > > Any spam attempts from automated/trojaned machines will just ignore it > and carry on to the next victim. Thanks Martin. Good, clear explanation. Adressing your question about "How to protect pop toasters"... Well, this is pretty much the same as protecting your M-Sexchange or Lotus or ... any-mail ... setup. And dropping false adresses at the MTA level on the ailScanner side is exactly what most do. Have a fun time with the FAQ (this has been covered extensively on the list to, so you might look through the archives), and setting things up. Someone please correct me if I'm wrong, but you