MailScaner suddenly starting up with content issues after upgrade?

Julian Field MailScanner at ecs.soton.ac.uk
Mon Mar 28 18:46:58 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You mean SpamAssassin is 3.0.2, not MailScanner. You should be running
MailScanner version 4.something.

Find the spam.assassin.prefs.conf and add a line in it that says
use_auto_whitelist 0
That should switch off the AWL.

For the forms, find MailScanner.conf and set
Allow Form Tags = disarm

I will probably change the default to that now anyway, it is much more
useful that way.

Dave Duffner - PSCGi wrote:

>Greetings,
>
>        Using Linux/Ensim Pro/Sendmail/ClamAV/MS/SA, which comes
>with it's own set of nightmares on MS/SA integration.  Recently
>(finally) was able to knock MailScanner up to 3.0.2 from 2.6,
>seems to be running reasonably well though, at times, it seems
>to be ignoring configurations we've done.  That may be related
>to the way Ensim deploys sites, possibly not copying the latest
>config files to each site dir.  Could even be skipping some
>server-wide customizations because of how Ensim calls it up
>for inbound mail.
>
>        That being said, we've noticed since the upgrade to 3.XX
>that we're seeing a slew of these:
>
>At Sun Mar 27 11:24:34 2005 the content filters said:
>   MailScanner: Found a script in HTML message
>
>        It's either tagging them as Virii or Dangerous Content.
>That tag is random, seems to prefer to call it a Virus more
>than a DC message, but we can't track down where this ruleset
>is being called from to either kill it or try to modify it
>to suit our needs.
>
>        Now the e-mails being tagged like this are from stock
>sources like eBay and other reputable addresses we've even
>gone so far as to put into the whitelists we have.  But it
>either skips processing the message (not that high of a
>volume to being doing so), ignores the whitelist entry and
>tags it as a Virus or it ignores the setting and tags it
>as DC.
>
>        Even though we've changed all the AutoWhiteList points
>we're aware of from threads here to stop using it, the AWL
>is still on a rampage as well.  For example, it seems to know
>who Julian is and aware him with (last time) huge AWL adjustments
>to the POSITIVE side that get him tagged every time.  95% of
>this List's traffic doesn't get tagged, but Julian's a winner
>every time.  Last one earlier today was a +164 AWL adjustment
>that sent a 4 scoring limit into overdrive totaling his post
>out to like 175+ total points.  Still delivers it, because
>the whitelist we have says to ignore these List messages, but
>tags it none the less.
>
>        Any ideas on how to kill the 'script in HTML message'
>check and/or beat the AWL into submission, we're all ears!
>
>        Thanks,
>
>     David J. Duffner
>     President
>     PSCGi
>     Paradise Shore Communications Group
>     www.pscginternet.com
>
>
>
>I--I
>Message scanned by MailScanner, and is believed to be clean.
>CONFIDENTIALITY NOTICE:  This transmission intended for the
>specified destination and person.  If this is not you, this
>e-mail must be deleted immediately.     www.pscginternet.com
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list