MailScaner suddenly starting up with content issues after upgrade?

Dave Duffner - PSCGi webalizer at NWCWEB.COM
Mon Mar 28 18:24:23 IST 2005 

Greetings,

        Using Linux/Ensim Pro/Sendmail/ClamAV/MS/SA, which comes
with it's own set of nightmares on MS/SA integration.  Recently
(finally) was able to knock MailScanner up to 3.0.2 from 2.6,
seems to be running reasonably well though, at times, it seems
to be ignoring configurations we've done.  That may be related
to the way Ensim deploys sites, possibly not copying the latest
config files to each site dir.  Could even be skipping some
server-wide customizations because of how Ensim calls it up
for inbound mail.

        That being said, we've noticed since the upgrade to 3.XX
that we're seeing a slew of these:

At Sun Mar 27 11:24:34 2005 the content filters said:
   MailScanner: Found a script in HTML message

        It's either tagging them as Virii or Dangerous Content.
That tag is random, seems to prefer to call it a Virus more
than a DC message, but we can't track down where this ruleset
is being called from to either kill it or try to modify it
to suit our needs.

        Now the e-mails being tagged like this are from stock
sources like eBay and other reputable addresses we've even
gone so far as to put into the whitelists we have.  But it
either skips processing the message (not that high of a
volume to being doing so), ignores the whitelist entry and
tags it as a Virus or it ignores the setting and tags it
as DC.

        Even though we've changed all the AutoWhiteList points
we're aware of from threads here to stop using it, the AWL
is still on a rampage as well.  For example, it seems to know
who Julian is and aware him with (last time) huge AWL adjustments
to the POSITIVE side that get him tagged every time.  95% of
this List's traffic doesn't get tagged, but Julian's a winner
every time.  Last one earlier today was a +164 AWL adjustment
that sent a 4 scoring limit into overdrive totaling his post
out to like 175+ total points.  Still delivers it, because
the whitelist we have says to ignore these List messages, but
tags it none the less.

        Any ideas on how to kill the 'script in HTML message'
check and/or beat the AWL into submission, we're all ears!

        Thanks,

     David J. Duffner
     President
     PSCGi
     Paradise Shore Communications Group
     www.pscginternet.com



I--I
Message scanned by MailScanner, and is believed to be clean.
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.pscginternet.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list