Email is HTML Disarmed - doesn't get sent afterwards

Greg Krzeszkowski gregk at infosecsolutions.com.au
Tue Mar 15 00:16:51 GMT 2005 

Hi,

some weird behaviour (or at least it looks weird to me).   We have an external company that creates our mailouts (retail fashion) and sends from their server using one of our domains.   When these emails are sent to staff, the following comes up in maillog:

Mar 15 10:09:14 localhost sendmail[18296]: j2EN9CHx018296: to=<address>, delay=00:00:01, mailer=smtp, pri=68753, stat=queued
Mar 15 10:09:14 localhost sendmail[18296]: j2EN9CHx018296: to=<address>, delay=00:00:01, mailer=smtp, pri=68753, stat=queued
Mar 15 10:09:14 localhost MailScanner[12837]: New Batch: Found 85 messages waiting
Mar 15 10:09:14 localhost MailScanner[12837]: New Batch: Scanning 1 messages, 9329 bytes
Mar 15 10:09:14 localhost MailScanner[12837]: MCP Checks completed at 9329 bytes per second
Mar 15 10:09:14 localhost MailScanner[12837]: Spam Checks: Starting
Mar 15 10:09:19 localhost MailScanner[12837]: Spam Checks completed at 1865 bytes per second
Mar 15 10:09:19 localhost MailScanner[12837]: Virus and Content Scanning: Starting
Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Detected HTML-specific exploits in j2EN9CHx018296
Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Found 1 problems
Mar 15 10:09:20 localhost MailScanner[12837]: Virus Scanning completed at 9329 bytes per second
Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Detected and will disarm HTML message in j2EN9CHx018296
Mar 15 10:09:20 localhost MailScanner[12837]: Virus Processing completed at 9329 bytes per second
Mar 15 10:09:20 localhost MailScanner[12837]: Disinfection completed at 9329 bytes per second
Mar 15 10:09:20 localhost MailScanner[12837]: Batch completed at 1554 bytes per second (9329 / 6)

There's no queued for delivery message in the log for this messageid, nor is there anything in mqueue for the message.

Dangerous Content Scanning = Yes
Allow WebBugs = disarm

Any ideas?
--------------------------
Greg Krzeszkowski
Director, Infrastructure and Applications Development Practice
InfoSec Solutions
0411 154 261

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list